The education landscape for most teachers has changed dramatically in the last few weeks as school buildings across the country have closed due to the COVID-19 pandemic. Administrators, teachers, students, and parents have worked hard and rapidly to prepare for authentic learning experiences online. Now that many teachers are conducting classes from home through various online platforms, education stakeholders need to remember an important part of the data privacy conversation: supporting teachers so they can best protect both their own and their students’ information. When transitioning to online classes, teachers need to consider the following issues, some of which also apply to traditional classroom settings but become particularly important in online education settings:
- Security of home internet connections;
- Password security;
- Security and data privacy of personal cell phones;
- Identifying appropriate educational resources that have been vetted for privacy concerns.
Home Internet Connections
For the foreseeable future, most teachers will use their own internet connections to work from home, which raises concerns about the security of the data sent over these connections. This fact, along with the uptick in phishing and other cybersecurity threats since the development of the COVID-19 pandemic, means that teachers need guidance to help them establish secure internet connections. What measures can teachers, schools, and education authorities take to improve data security?
Teachers can educate themselves about the data privacy risks of working online from home and how to address them. Tools to identify and assess risks include the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework. Specifically, teachers should understand this framework’s five principles for identifying and addressing cybersecurity risks: Identify, Protect, Detect, Respond, and Recover. Even though these principles are designed for organizational implementation, individuals can use them to manage cybersecurity and privacy at home. For instance, teachers can ask themselves whether they have security protections on their home internet connections, and they can learn which settings in apps and on networks they can adjust to protect their data privacy.
To encourage accountability and a culture of privacy in school communities, administrators can also provide information about schools’ and teachers’ liability regarding data if teachers’ home connections endure security leaks.
Password Security
As educators move to online learning, they must understand the importance of maintaining secure passwords and follow best practices to protect their data privacy. Susan Bearden, Chief Innovation Officer for the Consortium for School Networking, outlines three best practices for keeping online accounts secure:
- Use two-factor authentication when possible.
- Use a passphrase consisting of multiple words that can be visualized, instead of a password, to secure accounts.
- Create a unique passphrase for each account.
The challenge, of course, is remembering all those passphrases for multiple accounts that require new passphrases every three months. Bearden offers three suggestions to help teachers:
- Develop a passphrase that leverages your powers of association.
- Make associations unique to you; for example, a list of stores near your house.
- Create a picture in your mind about the passphrase, such as favorite foods or meals.
These practices also suggest teachable moments that educators can use to help students develop secure passphrases.
Phones, Apps, and Privacy
Another important issue is the security and data privacy of teachers’ personal cell phones that they use to communicate with parents, caregivers, and students, whether this communication occurs directly or through a student information system, learning management system, or classroom management apps. Teachers understand the value of a direct phone call to parents to discuss students’ education, and as K-12 education goes online, smartphones and apps are essential for communicating with students and parents. Yet, when teachers rely on their personal phones for this communication, they may sacrifice their privacy. Releasing personal phone numbers to parents and students exposes teachers to potentially undesired contacts, including harassment. There may also be state laws or district policies that restrict how teachers are allowed to contact students or parents, with strict penalties for violations. For this reason, as educators choose how to communicate with students and parents, they must also consider their own data privacy concerns and any potential liability.
Many messaging apps allow teachers to contact parents or students without forcing teachers to disclose personal phone numbers and email addresses. Common Sense Media’s Privacy Program has found that apps such as Remind and ClassDojo provide adequate privacy protections, and each of those apps teachers to communicate without disclosing their personal contact information. G Suite for Education’s Hangouts or Meet provides other options for phone or video conferences, since they link to a work email address and thus do not require teachers to release personal phone numbers. Low-tech solutions include using third-party services such as FreeConferenceCall to set up conference calls, but it is important to check their privacy policies since they may routinely record and use calls made on their platform to improve voice recognition software. Other apps may not meet acceptable protocols for protecting privacy. Best practice is to stick with your school’s officially approved apps, especially those where your school has a privacy-protective contract with the app to protect both your and your students’ privacy.
Teachers must consider data privacy when using apps and websites on their phones, particularly cookie settings and location tracking. Cookies are little bits of data saved on computers or phones through users’ visits to websites or through apps, and companies use them to improve browsing speed and to conduct market research. Consumer Reports offers user-friendly suggestions for managing cookie settings, to protect data privacy. Teachers should also consider adding plug-ins to their browser such as Disconnect, Ghostery, and AdblockPlus to improve their privacy. Also, if their school authorities allow they can use a more privacy-protective browser like Firefox.
Cookies frequently also track location, but this is not the only form of location tracking. The location services in apps for smartphones are useful; for instance they pinpoint users’ locations for ride-sharing apps. Yet, location services have privacy implications, as the New York Times reports that even though the data is nonidentifiable when sold to companies, it can often be cross tabulated to identify individual users and analyze patterns of behavior and routines. Teachers should therefore review their location settings regularly and determine acceptable levels of sharing and risk according to their needs, especially when using education apps.
While teachers are securing their privacy while working from home, they must educate their students about privacy-protection. All of the suggestions above should be made to students and parents to help them secure their online privacy.
Identifying Appropriate Resources
In the rush to plan during the last few weeks, many teachers have sampled new websites and apps in order to continue teaching their students. Some of these websites and apps may initially appear to offer useful resources for students, but when selecting tools and resources, educators must understand which tools offer adequate privacy protection. They can do so in three ways. First, determine whether their school or district has already approved the site or app for use with students and teachers. Second, if the district has not reviewed the tool, then teachers can ask the district to review it through its administrative process. Finally, schools and districts lacking a review process can use FPF’s Educator’s Guide to Student Data Privacy, especially the checklist of questions on page 10, or look at Common Sense Media’s Privacy Program reviews of websites and applications. Also check out FPF’s new publication, Online Learning Best Practices for Schools and Educators during COVID-19.
While teaching online during this unprecedented period in American education, teachers should strive to facilitate learning, remain connected with students and parents, and protect both students’ and their own information.
Emilia Rastrick is a public school Health and Physical Education teacher who focuses on integrating technology into kinesthetic classrooms. She embraces the shift to online learning as a tool to learn new platforms and techniques to engage students in physical activity. Emilia is a National Board Certified teacher and holds a Masters in Public Administration from Rutgers University and a Masters in Communication from the University of Oklahoma.
