This guest blog was submitted by After School–a social platform network for teens.
In August 2017, a single error by an employee at a school in Cottage Grove, MN resulted in the release of the private information of over 9,000 students. Mistakes like this have happened at countless schools and in many different types of industries, but all are preventable. As a social network for teens, After School takes precautionary and intentional steps to not collect, store, or distribute public information of our millions of users.
The After School network uniquely allows students to verify their attendance at their high school, but still remain anonymous within their school’s network if they choose to do so. In fact, our Community Guidelines require students to agree to not share personal information, whether their own or that of their peers.
Still, mistakes can happen, and without processes in place, errors can occur that cost innocent bystanders their right to privacy. In today’s digital world, where nearly everything can be accessed online, this is a difficult challenge for us, as it is for you as a teacher. As Natasha Singer points out in Privacy Pitfalls as Education Apps Spread Haphazardly, “At school districts across the country, the chief technology officers responsible for safeguarding student data are tearing their hair out.”
From our experiences working with students, online safety organizations, and teachers, here are our recommendations on how to protect the privacy of your students:
Know the Risks
Our team works with state attorneys general, federal government agencies, nonprofit organizations, teachers, students, and parents to understand the most serious risks to our network and its student users, and how to minimize those risks.
Similarly, to minimize the chance that the information of your students will be compromised, you have to know the human and technical risks specific to your school and the data systems it utilizes.
For example, in the scenario described above in Cottage Grove, an employee thought they were sending personalized information to each family, and instead sent an entire list of private information to all 9,000+ families. In this case, there should have been in place a procedure to help the employee take precautions to make sure they were not accidentally sending all of this information, instead of family-specific details.
To know your risks, take the following steps:
- Know what information you have access to, and what privacy risks are associated with it.
- Learn your district, state, and federal laws around privacy.
- Review school information and policies.
- Have an open conversation with school staff to make sure everyone with access to student’s information is aware of risks and policies.
iKeepSafe’s unique expertise can help in these areas. Vendors can work with them to have their products assessed–eventually earning a certification to show compliance, and educators can download their free Privacy Educator Training Course.
Ask Before Action
One piece of information can do a lot of damage to the safety and security of a student. If you are sharing a class roster, picture of your class, or even tweeting the location of where your class will be on a field trip, think of the impact it could have on a student who does not want their information to go public for whatever reason.
Always ask for permission before taking a photo of a student, and before posting that photo where it might be accessed by others. You also should ask yourself, “is there any way this picture or piece of information could be used against one of my students?” before sharing.
Use Private or Anonymous Channels for Class Activities
Keep class discussions off of public sites by using private and/or anonymous platforms on a secure network. Incorporating social media platforms like Twitter, Facebook, and even Instagram into your class activities can be beneficial, but it also puts your students at risk as anyone may be able to view these conversations and join in on your private class discussions and projects.
Limit Access
Information isn’t private if everyone has access to it. A select few should have access to student information and everyone who is given access should be made aware of the risks and know how to safeguard this information. Before giving anyone access to sensitive information at your school, make sure they need access, know how to protect that information, and notify the technology representative at your school.
Don’t Access Information on Public WiFi Networks
Anything you submit on a public WiFi network may be able to be viewed and stolen. Whether working from your local Starbucks or library, information on these public networks can be accessed by others. When viewing, sending or receiving any sensitive information, make sure that you’re using a secured and private WiFi network.
Educate Students
A big part of our efforts to keep networks safe and secure is through proactive education. Here at After School, we educate our users on what’s appropriate and the consequences of not following our guidelines and policies beforehand. Every user should be made aware of how to protect their information on school networks.
Protecting the personal information of your students and their families takes planning, along with carefully following processes and procedures. Be part of the solution and protect your student’s information