A Conversation with Ray Girdler About Student Privacy During COVID-19

A Conversation with Ray Girdler About Student Privacy During COVID-19

COVID-19 has placed districts, schools, and educators in unprecedented circumstances as they balance health concerns, academic responsibilities, and equity concerns this fall. How does student privacy relate to these issues? For this blog series, Future of Privacy Forum (FPF) has interviewed state, district, and school student privacy leaders, to reflect on lessons learned from the rapid transition to online learning in the spring and to offer best practices regarding student data privacy in the current academic year. 

On July 20, Juliana Cotto, a policy fellow on FPF’s youth and education team, spoke with Ray Girdler, Director of Technology Initiatives and Resources for Arkansas Department of Education, about the role of teachers and parents in student privacy, issues with using infrared cameras in an educational context, and how schools are better prepared this fall. 

Juliana: What are lessons learned from online learning last spring? How should these lessons inform preparations and operations this fall?

Ray: There are a few lessons we can learn from the spring. With schools’ rapid transition to online learning, several companies wanted to rise to the occasion and help meet a huge need in our nation. Teachers had to pivot very quickly from classroom instruction to online instruction. To do this well, it’s often a three- to five-year transition. In the spring, we asked teachers to transition in three to five weeks or even three to five days. So it looked a lot like early 2000 and the Wild Wild West when it came to privacy policies. People just weren’t looking at them. Teachers agreed to terms that weren’t passed through the district office. Everybody was scrambling out of panic to meet the needs of their students. I don’t want to say privacy was a second thought, but it definitely wasn’t at the forefront when deciding whether to use certain tools. We saw many teachers jumping into software agreements without looking into the privacy policies or knowing how to keep information private. 

Juliana: Part of that rapid transition to technology included using video conferencing platforms. Do you believe schools, educators, and families are better informed now about protecting student privacy in a virtual learning setting with video conferencing?

Ray: I think some teachers are. A new phrase came about during COVID-19: zoombombing. Zoom got the most attention, both positive and negative, but zoombombing was happening on other video conferencing tools, too. The confusion surrounding a free account versus an educational account and misunderstanding about how to set up a private meeting was not unique to one video conferencing platform. Zoom, in particular, was not initially designed for education. They were more a business platform. So the lack of privacy protections in an educational setting scared some parents. I think some are even more scared to use that tech now than before, especially for families that experienced zoombombing. You want that first experience to be positive, and unfortunately, I don’t think that happened for everyone. 

From a tech standpoint, I think the companies learned a lot. People gave them a hard time, but they try to do their best in protecting student information. Zoom is an excellent example of a company that has significantly ramped up its default settings, so people have to actually change their settings to make it less private. I think both companies and districts learned, which will improve experiences in the future. Everyone is thinking that if we could go back, do this again, and make it better, privacy would be at the center. 

Juliana: Did you see the student privacy conversation change as a result of the transition to online learning? How do you believe this conversation will evolve in the future? 

Ray: So, when it comes to student privacy, there is an expectation that the district office is taking care of it. Generally speaking, I don’t think teachers are trained or aware. They’re most definitely concerned about their students’ privacy, but there’s an assumption, whether they realize it or not, that they are trusting the district to take care of it. This is applicable to parents, who are also making the same assumption. But whose responsibility is it if the teacher or the parent uses an educational tool that is not district licensed? Whether or not a tool is district authorized is not always discussed, especially when a parent or teacher is sharing that new tool. This education and awareness was something that was needed before, but because of COVID-19 and the transition to work from home, it will get more attention this upcoming school year than it has ever before. 

A new lesson that districts are trying to preach is that everybody has a role to play when it comes to security and privacy. When students are learning from home, parents have to accept that role. When my kids were learning from home, I was the tech coordinator, in charge of my internal network, and was tech support; I was everything. I wasn’t the teacher, but I had to facilitate the learning and make sure they had what they needed. I think every parent learned that even when they’re home, they still have a role to play. And of course, the teacher does, too. 

Juliana: What are some communication strategies that districts in your state have implemented to better inform parents and teachers about student privacy?

Ray: I know school is about to start, and everyone would like us to have a perfect plan, but information is changing every day, and schools are trying to solve so many problems at once. I don’t know where this conversation lands within the school district. It’s definitely one of the things they’re trying to solve, but many schools in our state are preparing for on-site instruction and trying to learn unfamiliar tools. So they’re at the very beginning stages of trying to solve the problem of keeping student information private. I don’t see a purposeful strategy that schools are using other than preparing for onsite instruction and relying on the district technology office to ensure the tools uphold privacy protections. 

The biggest difference is everyone is getting into agreements right now in preparation for being able to pivot to a fully remote environment, which is very different than the first time. This time, districts are planning for teachers to only use tools that the school has made agreements for.

We also have our first privacy workshop next week. It’s public, but it’s specifically for districts to discuss how to strengthen their data privacy security agreements, giving them a tool to vet apps, and showing how to provide quick training to teachers. It’s about a three-hour workshop to get people started. In late August, we have an event called “SMACtalk,” our Social Media Awareness Campaign. The purpose of this event is to educate parents, teachers, and students about how to be safe online. Lastly, we have security and privacy workshops for districts.

Juliana: What are best practices for protecting student privacy in a remote learning setting? 

Ray: Everyone in the district is supposed to have or be able to pivot to blended learning in their schools this fall. This is part of new expectations for what schools are supposed to look like in the 21st century. One of our recommendations is to provide state bandwidth infrastructure to keep students on our network even when they are outside of our physical buildings. And when they’re not on our network, we’re trying to extend or encourage them to use security strategies. For example, some vendors allow content filtering even off the network. So even if schools can’t extend their network, they’re trying to figure out ways to make sure whatever devices they assign are being adequately monitored. There are solutions out there where you don’t have to sacrifice safety for connectivity. 

Juliana: Have any districts in your state considered implementing health technologies? 

Ray: Recently, the conversation has been around infrared cameras. You see them used a lot in the private sector, but using them in an educational setting presents many unique issues. The biggest issue we’ve found is what happens if the child is found to have a high temperature. One, how do we keep this private without letting others know? Kind of like the TSA random screening, does the act of moving students out of line in front of others break confidentiality? And in asking follow-up questions, at what point do we need parental consent? And if you do have to obtain parental consent, is it even effective to do infrared scanning if the parents can deny consent? It’s one of those things and exceptions around COVID, to my knowledge. It got to the point where the district was so nervous that they decided not to pursue it. They couldn’t come up with solutions quick enough, and these purchases needed to be ordered quickly to be installed for the start of the school year.

Juliana: What are strategies to build trust with families regarding their children’s privacy in an online environment?

Ray: We’re encouraging schools, parents, and teachers not to think too critically about what happened in the spring. Don’t turn your nose up at blended learning or the tools used because what we were calling blended learning really wasn’t it. It was our best attempt during an emergency situation. Blended learning, when properly planned and executed, looks a lot different. So that’s really our strategy: asking our teachers, families, and students to give it a second chance. We’ve been able to prepare and train. Districts are strategically selecting the tools that will be used, and teachers are being trained on them. You can just tell it’s so different what teachers are doing right now and how they’re getting ready. When kids do move to an online environment this time around, they will see a noticeable change from the spring. And parents will be willing to give that second chance. They are grateful an online option exists, and understand that our teachers are on the front lines risking their lives to go back to school and provide an education to their kids. We are hoping that chapter two will build trust.

Related Resources

  • EdTech Perspectives

    Demystifying the Consumer Privacy Patchwork

    Jan 18, 2024Randy Cantz

    What should edtech companies know about consumer privacy laws?As states continue to pass new consumer privacy laws, edtech companies may be left wondering what…

    Learn More
  • Higher Ed Perspectives

    Higher Education Compliance with Updates to the GLBA Safeguards Rule

    Jul 6, 2023

    Higher education institutions participating in the US Department of Education’s federal student aid programs need to be aware of recent updates to requirements…

    Learn More
  • FPF Perspectives

    FTC announces a complaint and consent agreement against Chegg

    Nov 7, 2022Jamie Gorosh and Lauren Merk

    Since May 2022, education technology (edtech) companies have been on notice that the Federal Trade Commission (FTC) is closely monitoring the industry to ensur…

    Learn More