How does 1EdTech determine the “trusted” status of an app in such a way that districts can trust that it’s not just a self-identified or pay-to-play feature? As Kevin Lewis, Data Privacy Officer for 1EdTech Consortium explains, it is a collaborative effort to determine trusted apps.
The trusted apps work has been very valuable for schools, suppliers, 1EdTech – everyone involved in the process. It takes a lot of collaboration to promote that transparency Rob described. We work closely with the supplier (edtech vendor) to educate them, keep them involved in what the districts are talking about, what those conversations are, what they expect. If you look at our data privacy rubric, you can see that it is a collaboration. It is meant to promote communication between our suppliers and our schools, to promote that transparency and to promote that collaboration.
1EdTech Works with Vendors to Help them Meet District Expectations
1EdTech educates vendors on what is not acceptable to a lot of districts, and they talk to schools to help them understand why vendors are doing things a certain way or what their policy actually means. Collaboration is the biggest key in achieving trusted app status – a status that is earned through coming together to understand the needs of the district and establish privacy policies that really work to protect PII. It goes beyond the standard DPA; it’s very thorough. More than 10,000 vendors have participated with 1EdTech to achieve that status.
Traditional Rostering Is Risky
Most applications used by school districts are replicating student data for their operations using traditional rostering services, meaning there are multiple copies of student PII. The risk has escalated exponentially, since districts have gone from using a handful of applications to an average of 1,400. That’s a lot of data exchange happening where student data is being replicated over and over again.
Trusted App Status and the GG4L PII Governance Monitor
GG4L’s School Passport platform, which is a secure data exchange for schools to help them protect student PII, revolutionizes rostering by using an anonymizing secure data exchange. We make it easy for vendors and districts to implement and use it. We believe in data exchange and have launched a school district version with a PII governance console that allows districts to monitor everything that’s happening in a district with their data. Districts can see where applications are sharing data so that we can give the district granular control. We have a partnership with 1EdTech, so we can show which of those applications are in the trusted apps and allow the districts to drill into that. But more importantly, we’re building out capabilities so that districts can control what PII data goes to particular vendors.
Zero Trust Is the Ultimate Goal
“As an industry, the ultimate goal is zero trust. We may never fully achieve zero trust in a school district. But certainly we can do a lot better than having a thousand vendors that are accessing student data. And, we think there are opportunities to build technologies so that we can let these vendors and applications continue to operate but do it in a way where we restrict the sharing of PII data, and maybe eliminate the need to even have a data privacy agreement, because they’re not getting any data. And as we do that, I think it starts to streamline the operation for the districts a lot and reduces risks for vendors.” – Mike King, GG4L
School Passport PII Monitoring Identifies Trusted Apps
School Passport’s PII monitoring includes usage dashboards and reports that empower school leaders to take action with our platform’s data governance console. Our console categorizes and prioritizes the PII risks according to custom rules configured during the rollout of School Passport in your school district and makes it clear which vendors have received trusted apps status from 1EdTech. We offer a robust API framework for vendors to implement that allows vendors to create accounts for users, manage authentication and logins, create personalized experiences, communicate with users, and other more complex use cases like badging and credential reunification. We invite you to learn more.
___
Who Can You Trust to Handle Student Data?
Our recent webinar, “Who can you trust when it comes to handling student data?” digs deep into the conversation on data privacy and the industry challenges that have emerged, including how school districts can effectively provision learning apps accessing Personally Identifiable Information (PII) and opportunities for districts and edtech vendors to collaborate on a unified approach toward data anonymization. If you’re concerned about data privacy and how student data is managed, view the replay of the webinar.
