Our education system needs data to improve outcomes for students. Educators use data to inform instruction, empower parents and communities, and help policymakers make decisions and target resources. The question is, how do we ensure that teachers have the knowledge to make key data privacy decisions and follow best security practices?
For some educators, talking about data privacy and security can be overwhelming. To help teachers feel comfortable with this topic, a first step is to ensure they understand the difference between privacy, confidentiality, and security. Most teachers are responsible for maintaining each of these components:
When considering privacy, teachers should remember that all student personal information belongs to the student and therefore should be kept private. This information includes things like assessment results, grades, and demographic information. Teachers can ensure students’ privacy by empowering them to share only the information they want and helping them understand how sharing their personal information can impact them. Confidentiality comes into play when private data is shared. Students trust their teachers to keep their data confidential and share it carefully. Teachers are responsible for holding every student’s data in confidence and sharing it only with necessary parties such as parents, other teachers, and administrators. Finally, teachers can keep student data both private and confidential by establishing clear security practices in their classrooms. They may consider things such as how and where they share student data and how this data is accessed.
Teachers need to understand how privacy, security, and confidentiality apply to their work in the classroom, specifically the data they gather. Teachers gather and analyze data about students all year and in many ways, including anecdotal notes, test results, grades, and observations. Given the use of cloud-based tools responsive to student progress, how teachers gather and use that data is rapidly changing. Teachers should therefore consider the variety of data they gather in their classrooms:
Consider, for these different types of data, all of the moments in which educators need to prioritize student privacy. It may be a matter of keeping a student’s name, password, or parent information private, or maybe assessment results and grades need to be kept confidential. Teachers should also prioritize student security when handling login information or passwords. Only when teachers are aware of these different types of data in their classrooms can they make thoughtful data privacy decisions.
Once teachers are aware of classroom data, the next step is to evaluate their own security practices. When teachers choose secure online tools to use with students, safely store student data, or teach students best practices for keeping their own data private and secure, they are creating the best line of defense. Consider the following ideas for secure data storage:
Some of these practices can help teachers keep student data confidential. For example, when sharing documents with a tool like Google Drive, teachers should double check who they share the document with and the rights each individual has (view, edit, or suggest). This will ensure that only those who have an educational need are able to access the documents. Other practices can keep student data secure. Some are physical measures such as not using external storage devices like flash (USB) drives, which can easily be misplaced or stolen, and using a screen lock with features such as password protection, fingerprint access, or even facial recognition. Other practices are technical measures, such as using only approved cloud storage and email services. Some school districts have even carefully vetted their preferred and required tools and services to ensure that student data is secure; therefore, teachers should use only these tools. These considerations and practices can ultimately ensure student data security.
Once teachers understand privacy, security, and confidentiality in their classrooms, they should also consider how their roles fit into the overall picture of student data privacy in education. Safeguarding privacy must be a shared goal and responsibility among all education stakeholders, starting at the federal level, with laws and guidelines, and culminating in the classroom, with data privacy decisions and security practices. The diagram below shows just some of each stakeholder’s responsibilities:
Whether making or implementing policy, all education stakeholders have a role in keeping student data secure.
With proper training on data privacy and security, teachers can confidently work with students, colleagues, and families to ensure that students’ best interests are always a priority.
Formerly an elementary teacher, Ming Scheid has since served as an Educational Technology Specialist, an instructor at the community college level, and a Coordinator of Curriculum and Standards. She uses knowledge from her Master’s Degree in Learning and Technology as a professional learning developer with expertise in instructional design, Digital Citizenship, and Student Data Privacy. In addition to coaching schools as they roll out 1:1 initiatives, Ming is a Google Certified Trainer, an Apple Certified Teacher, a Common Sense Educator, and has completed the EdTechTeam’s Teacher Leadership Certifications.