Student Data: Weighing Security vs. Privacy
Last month, the state of New Mexico filed a lawsuit over alleged data collection storage violations by Google through its suite of education applications. They claim in the suit that after offering Chromebook laptops and access to the G-Suite for Education to the state for free, the tech giant then used data such as videos watched and words searched for with the intent of targeting advertisements. Additional allegations purport that Google collected information on the children's physical locations, as well as their voice recordings.
Federal laws were enacted two decades ago as a means of protecting people under age 13 from the online collection of their personal information through the creation of the Children's Online Privacy Protection Act. However, as technologies have advanced at a rapid pace, there are some elements of the law that are more difficult to clearly define and have been open to interpretation. One aspect of this law does allow for our public schools to monitor student online activity. This provision was made many years ago as a means of protecting young students from viewing potentially harmful websites, such as those with pornography.
The Increase in Student Monitoring Services
As the landscape for what children are accessing online has changed, so has the offering of surveillance methods available to educational institutions in monitoring their students' behavior. Gone are the days of one administrator checking their network for the use of foul language or porn search terms. In its place has come a cavalry of monitoring software and platforms available to school districts across the country. These emerging methods of student data surveillance offer a sense of security and peace of mind for school districts, and many came to market in the wake of large-scale school shootings.
Billed as internet safety solutions, these programs - such as Bark, Gaggle, GoGuardian, and Securly - offer various means of scanning data in the interest of student safety. Their principal components typically involve monitoring for keywords or other algorithms that would flag potential threats. These systems intended to track language or behavior that might present a danger to the physical safety of the school campus or community, such as a threat of school violence. However, in recent years they have also demonstrated an "off-brand" benefit of identifying students undergoing mental health crises that required immediate attention.
While there are detractors and privacy advocates who argue that the reach of these systems is problematic, proponents advocate for these systems as a means of effectively overseeing thousands of students with limited budgets and staffing. Some of these services have been provided free of charge, or at low cost, at a time when it would take many, many working hours for one individual to pore through every piece of data accessed or shared on the school network. Additionally, many schools suggest that facing these means of monitoring from an early age encourages young people to become good "digital citizens." The hope is that by understanding the work they do online is likely to be under constant surveillance throughout their lives, young people will exercise more sound decision-making in their online behavior.
Cybersecurity Risks to Student Data
Much like in the private sector, a great deal of technology can be found in schools across the country. Classrooms are regularly equipped with in-room computers or tablets, teachers are utilizing "smartboard" systems as a next-level approach to whiteboards, security cameras are hard-wired throughout all of the spaces, and all of this requires adequate server space and monitoring. It should be of no surprise to learn that cybersecurity threats to schools such as ransomware attacks have been increasing in frequency. Cybersecurity incidents affecting public schools have only been tracked since 2016, but that number has increased significantly from a total of 408 through 2018, to 746 just one year later.
School districts should be taking necessary precautions to thwart such threats to their systems, such as regularly updating virus protection software, backing up information at regular intervals, and encouraging all users to update and strengthen passwords. School budgets should reflect the changing technology needs of their classrooms beyond the installation of hardware, and adequately staff for monitoring and updating their programs to prevent cybersecurity attacks. There should also be proactive discussions about what education in the digital age means for the potential exposure of young student's data. One school district in Maryland just enacted a "Data Deletion Week" which will occur annually, to purge unnecessary student information from online databases such as the Google platform and the GoGuardian monitoring program they utilize.
Parents and educators both have a weighted interest in providing safe and secure environments for children, whether at home, in the classroom, or online. While Federal laws exist for the protection of our children's data, there is still much work to be done in defining how far that reach can or should extend, and those discussions should be engaged in thoughtfully. At the very least, parents should be aware of their child's school district policies and procedures for handling student data and encourage their review as necessary.