Privacy by Decisions: Security Starts with You

Privacy by Decisions: Security Starts with You

Once you start exploring the challenges of protecting personal information online, you quickly see that digital privacy involves a variety of players, including social media and messaging platforms, internet service providers, app developers, and government agencies. Many different entities are involved in collecting, moving, and sharing your information, for many different reasons. If you want to limit that sharing, you as the user have a lot of significant decisions to make.

The complexity of this environment helps explain the many different arguments about the best way to strengthen our digital privacy. Some want government to mandate protections from online platforms and service providers. Others are more concerned about protections from government itself. Some hope for better privacy and security through business competition. Others debate which government agencies should be the primary watchdogs, and whether to focus on collection, sharing, or abuse of personal information. Some people concentrate on sectors, such as finance, health care, or education, while others want a comprehensive approach to protect all personal information.

Spend any time in digital privacy discussions, and you recognize that each of these approaches has been argued and rebutted extensively, and that little progress has been made. But in all of these debates, what’s ironic and somewhat surprising is that we spend little time talking about something that makes a big difference: steps we can each take as actors and consumers in the online world.

If you’re reading this on Student Privacy Compass, you may be an exception, but most people – including those who tell pollsters that they’re concerned about their online privacy – aren’t taking basic steps to protect their own information.

Some of these “Privacy 101” steps include building stronger passwords, creating multiple passwords for different accounts, activating and using two-factor authentication when it is available, and avoiding insecure sites. Another key step is demonstrated in news reports about data breaches and phishing incidents, which often begin when someone at a company or organization clicks on a link in a message from someone they don’t know. Maybe this step is Privacy 102, but “don’t click on unidentified links or attachments in messages from strangers” is a lesson we’ve been taught from the earliest virus attacks, and “don’t talk to strangers” is a concept that has been around a lot longer than the internet.

There are lots of pieces to the privacy puzzle, but some of the most important ones – and the place where many breaches, hacks, and other problems begin – begin with our own decisions.

These are examples of how privacy and security start with us, as users. We can each get smarter about passwords, phishing, and other security threats and protections. There are lots of pieces to the privacy puzzle, but some of the most important ones – and the place where many breaches, hacks, and other problems begin – begin with our own decisions.

Privacy 101 steps are especially important for teachers and school leaders, for several reasons:

  • they are custodians for a significant amount of student information, and making decisions about someone else’s information increases their responsibility,
  • mistakes at their desks might affect dozens, hundreds, even thousands of students and families, and
  • just like parents should demonstrate smart behavior with devices at home and in a car, educators should model data privacy and security for their students. It’s hard to teach what you don’t practice.

Educators should also be smart about Privacy 101 decisions because their leadership matters to students and families. Parent concerns are still a primary driver of education privacy debates, and parents are much more likely to be reassured by smart privacy and security decisions at their schools than by proclamations from their legislators.

Obviously, users can’t control everything. Companies need to continue building better tools and settings for managing personal information. Smart guidance from government can help as well. But as we engage in nebulous debates about who must do what to protect our privacy, we have a stronger case – and more protection – if we make smart decisions to secure our information in the first place.

For more tips on how users can and should protect their information online, take a look at:


Alan Simpson has extensive experience bridging Silicon Valley and DC as a Californian who spent 15 years in Washington. He helps companies, educators, families, and others navigate policy issues – including to encourage adoption and smart use of technology, and to address concerns about student data privacy. He has worked and consulted for organizations such as the Internet Education Foundation, iKeepSafe, Common Sense Media, the National Association for the Education of Young Children, Voices for Illinois Children, National Public Radio, and the Cable Satellite Public Affairs Network (C-SPAN).

Image: “Cloud Security – Secure Data – Cyber Security” by Blue Coat Photos  is licensed under CC BY-SA 2.0. The original picture was cut to 1200×545 for this blog.

Related Resources

  • EdTech Perspectives

    Demystifying the Consumer Privacy Patchwork

    Jan 18, 2024Randy Cantz

    What should edtech companies know about consumer privacy laws?As states continue to pass new consumer privacy laws, edtech companies may be left wondering what…

    Learn More
  • Higher Ed Perspectives

    Higher Education Compliance with Updates to the GLBA Safeguards Rule

    Jul 6, 2023

    Higher education institutions participating in the US Department of Education’s federal student aid programs need to be aware of recent updates to requirements…

    Learn More
  • FPF Perspectives

    FTC announces a complaint and consent agreement against Chegg

    Nov 7, 2022Jamie Gorosh and Lauren Merk

    Since May 2022, education technology (edtech) companies have been on notice that the Federal Trade Commission (FTC) is closely monitoring the industry to ensur…

    Learn More