Guest Post: When talking student privacy, we need to all get on the same page

Guest Post: When talking student privacy, we need to all get on the same page

When we discuss privacy protections we often focus on what we want the industry to provide parents and students, often we do not hear from the industry. I met the founders of Education Framework and was able to take a look at their product.

Education Framework is an Ed-tech company that manages student privacy and consent services for U.S. K-12 schools. Katie was kind enough to write a guest post for us from her perspective as the founder of a company that works on student privacy but also as a parent.

Thanks Katie!


When talking student privacy, we need to all get on the same page

We operate in a digital age where technology has infiltrated our everyday lives – at home, at work, and at school. What we once considered to be private is no longer so, nor will it ever be again.

But the reality is that in education, large amounts of data are being collected on children. While some argue that this data is necessary for improving educational outcomes, others have expressed concerns that it is vulnerable to misinterpretation, misuse, and outright abuse. This holds especially true as schools increasingly explore and adopt new digital learning solutions.

As the co-founder of an Ed tech start-up that specializes in managing student data privacyobligations for schools, and a parent to two school-aged children, I have experienced, first-hand, many of the challenges that school and service providers face today. I sit in a unique position to see both sides of the coin.

On one hand, I am troubled by the amount of data that is collected on my children and the lack of transparency regarding how that information is used and stored. On the other hand, I see the value of using information to simplify processes and improve outcomes.

As a service provider, integrating with the Student Information System (SIS) makes our digital process far more efficient, but without the proper protocols in place to ensure privacy, safety and security, it could be fraught with disaster.

When we consider a student’s data chain of custody, transparency is key. We must have a clear understanding of who has access to the information, for what purpose the information is being used, and for how long it will be stored. Moreover, this information should be readily available to both parents and school administrators. Parents shouldn’t have to jump through hoops to find out what information is being collected on their children, and schools should be able to produce that information, if requested, on a moment’s notice.

But the existing model is quite the contrary. Archaic manual processes, paired with limited guidance and weak oversight, have left the privacy door open to trouble. This is particularly concerning when realizing that there are approximately 50 million students whose information is at risk for exposure. As technology usage increases in schools across the nation, parents, teachers and administrators all need to better understand their privacy obligations. And while third party service providers, like myself, must commit to actively ensuring the protection of any information accessed, we must also maintain that the most basic procedures are, in fact, in place to ensure safety and security.

However, it is confusing whether the responsibility to obtain parental consent rests on the school or the service provider when the app is used in school.  Under COPPA, the Children’s Online Protection Privacy Act, parental consent is required for any app or website that collects personal information for children 13 years and under. But determining who is responsible for actually obtaining that consent is another story.

While the collective shift in attitude indicates a general move in the right direction, much still needs to be done to actually ensure student privacy in our schools. We must critically look at how we are managing the information we have access to in order to protect student’s privacy in schools. We also need to ask ourselves if the current process for managing student information fits with the model in which we are collecting it. We need to ensure that all parties are committed to making student privacy a top priority, and that all who have access to student information clearly understand their roles and responsibilities when it comes to managing the data. We need to determine what steps need to be taken to improve our systems to be more in line with our goals. It is imperative that we all get on the same page.


Katie Onstad, Vice President and Co-Founder, Education Framework Inc.

Katie Onstad is vice-president of Education Framework Inc., an education technology company that manages student privacy and consent services for U.S. K-12 schools. Katie co-founded the business in late 2013 with her husband and business partner, Jim. When she isn’t running the business, or the household, Katie volunteers her time around the community and in the classroom at her kids’ school. Katie received her B.A. in Organizational Communication from the University of Montana and lives in Bend, Oregon with Jim and their two young daughters.

Related Resources

  • Uncategorized

    Checklist to Help Schools Vet AI Tools for Legal Compliance

    Apr 24, 2024

    Schools and districts around the United States are currently grappling with how to vet new edtech tools that incorporate generative AI. Whereas various groups …

    Learn More
  • Uncategorized

    FPF Releases Policy Brief Comparing Federal Child Privacy Bills

    Jun 10, 2022

    Learn More
  • What We're Reading

    FPF’s Student Privacy Newsletter – April 2021

    Apr 5, 2021Bailey Sanchez and Amelia Vance

     Good afternoon, and welcome to another issue of FPF’s Student Privacy Newsletter! Below, we’ve rounded up noteworthy student privacy issues that surfaced…

    Learn More