Collaboration between schools and EdTech vendors is essential for providing students with cutting-edge educational experiences. However, this collaboration must be underpinned by a robust framework of data protection. Data Privacy Agreements (DPAs) emerged as a critical tool in achieving this balance, fostering a secure and compliant environment for the exchange of student data. As technology continues to reshape education, however, it will take more than a DPA to manage and protect PII. Anonymized data, interoperability, and secure data exchange are the future.
Beyond DPAs – Interoperability and Robust Monitoring
Rob Abel, CEO of 1EdTech Consortium explains:
“If you’re exchanging data via an interoperability standard, that means the way the data is being exchanged is very well defined in both directions. Rostering in one direction, data back in another direction. With this exchange of data, there is a standard in place. So, the first step is to make sure the vendors are, in fact, implementing the standards. And if you’re implementing the standards, you can very easily diagnose what data is moving across. You can have a tool set that allows you to understand what’s moving and you can put a listener on that line and see whether there is PII moving.”
How 1EdTech Consortium and GG4L’s Secure Data Exchange Are Transforming the Industry
Anonymized Data, One Roster standards, and PII monitoring all reduce the need for DPAs, but there will be times when some personally identifiable data must be exchanged. These tools that prevent thousands of instances of all PII being copied to each EdTech vendor will make what little data must be exchanged more manageable for school IT leaders.
“GG4L is providing control to monitor data and understand exactly what’s going on. It is giving the districts the tools they need in order to be able to manage this complexity. Essentially, it’s a framework, and it can be applied to any of our standards,” said Rob Abel
Stronger Protection than a DPA
When a school signs a DPA with a vendor, they’re protected on paper, administratively. But the DPA doesn’t prevent the loss of data if there is a breach. It’s not just about ransomware; it’s about identity theft. Students often don’t even discover how they have been impacted until they go to apply for a student loan or an apartment after they become adults. And then they’ve learned that their data was hacked, and somebody’s been exploiting their identity to rack up debt. So, the industry goal is to move beyond DPAs so that PII doesn’t even have to go to the vendors. They just get anonymized data and the PII stays within the school.
DPAs + 1EdTech + GG4L PII Monitor = Powerful Student Data Protection
Managing data protection agreements with each individual edtech vendor can be a nightmarish time strain for schools. By working with vendors that have been vetted by 1EdTech and then using GG4L’s Data Governance Console, school IT leaders have a dashboard on which they can see what edtech vendors have access to what information and where that data is going can eliminate the frustration and headache while adding significant visibility.
School Passport PII Monitoring
School Passport’s PII monitoring includes usage dashboards and reports that empower school leaders to take action with our platform’s data governance console. Our console categorizes and prioritizes the PII risks according to custom rules configured during the rollout of School Passport in your school district and makes it clear which vendors have received trusted apps status from 1EdTech. We offer a robust API framework for vendors to implement that allows vendors to create accounts for users, manage authentication and logins, create personalized experiences, communicate with users, and other more complex use cases like badging and credential reunification. Learn more.
___
Who Can You Trust to Handle Student Data?
Our recent webinar, “Who can you trust when it comes to handling student data?” digs deep into the conversation on data privacy and the industry challenges that have emerged, including how school districts can effectively provision learning apps accessing Personally Identifiable Information (PII) and opportunities for districts and edtech vendors to collaborate on a unified approach toward data anonymization. If you’re concerned about data privacy and how student data is managed, view the replay of the webinar.