Managing cyber safety and student privacy is becoming a tough balancing act for school districts
Everyone would like to protect children from the dangers on the internet, but it’s not an easy thing to do. As students are spending more time online, both at school and at home, managing cyber safety and student data privacy is becoming a difficult issue for district administrators, parents, students…and society.
Further, children’s experiences online are more apt to translate into physical, offline experiences. For example, in addition to in-person bullying, 47% of young people have been the recipients of bullying messages while online. For a child who is struggling with their self-worth, it seems that negative messages are everywhere, all the time. There’s no safe place for them.
People say things online that they might not say to another person when they’re face to face. Thoughts of violence or suicide can grow based on internet interactions and then translate into action in the physical world.
The cyber safety industry emerged as a response to these issues. But there is growing controversy surrounding the use of cyber safety programs, particularly those administered by schools. The big question is how to preserve student data privacy while trying to protect them while they’re online. Parents are also concerned about how constant surveillance will affect our children during their formative years.
Most cyber safety tools gather information about a student’s behavior, which raises questions about how that data is being stored and handled. Without privacy protections, things that a student does in grade school could have an impact on the rest of their life, including things like where they go to college and career opportunities.
Cyber Safety and Student Privacy in the News
The use of for-profit cyber safety companies in K-12 schools is causing controversy that has spilled over into the news. Companies such as Gaggle, GoGuardian, and Bark are players in the cyber safety marketplace. The scope of monitoring varies by company, but most track and store students’ browsing behavior online and actions in school apps and social media. Some even have people on-staff monitoring students’ activity.
Santa Fe High School uses Gaggle, which integrates with the two most popular software suites used in schools, G Suite and Microsoft 365. It monitors everything online, including social media, browsing history, email, homework documents, uploads, chats, pictures, and calendars. The company claims to be able to detect brewing violence and says that it saved hundreds of students from committing suicide in one school year. However, experts aren’t convinced this monitoring is effective or healthy.
The Woodbridge, New Jersey school board is using GoGuardian to promote school safety. The students there are so concerned about privacy that when they appeared at a board meeting to voice them. They shared their concerns with the board members and asked how the board could guarantee their privacy.
The Montgomery County School Board in Maryland and GoGuardian agreed to delete student records once a year after pressure from parents. The parents’ concern stemmed from situations like an innocent internet search leading to a site sponsored by the Ku Klux Klan. The parents didn’t want a record of that search haunting their children throughout life.
There is nothing inherently bad about any of these products. The concerns arise when questions about how the information they collect is stored and used are not sufficiently answered.
Is There a Happy Medium?
A perfect solution for protecting students from all the issues they’re facing doesn’t exist. Schools, parents, and society are struggling with the challenges that schools and children face in the modern world. But that doesn’t mean that the problem of cyber safety and student privacy is going to go away.
School districts and parents will try various solutions, probably based on the perspective and needs of local residents. Open communication between school officials, parents, and students is the best way to identify a course of action.
Schools should also create and use a documented vendor policy that outlines data privacy, infrastructure security, and other requirements of any platform or contractor prior to entering a contract with them.
ManagedMethods is a cloud data security platform first. This means that the platform focuses on securing the sensitive information stored in district G Suite and/or Office 365 from malicious attacks and accidental leaks.
But, since we cater specifically to the K-12 market, we’ve used our cloud monitoring and data loss prevention technology to develop some cyber safety capabilities into the product.
We’re helping those customers who want it configure our data loss prevention technology to monitor and flag text and images to identify potential cyberbullying, explicit content, and threats of violence or self-harm. But we only monitor school districts’ G Suite and/or Office 365 apps—including Gmail and Outlook 365, Drive and OneDrive, Shared Drives and SharePoint. We also monitor G Suite and Office 365 for additional apps connected to district environments through OAuth and give them a risk score, which allows system admins the ability to sanction, unsanction, and remove 3rd party apps from the environment.
Unlike cyber safety vendors like Gaggle and GoGuardian, we only monitor text and images in a school district’s G Suite or Office 365 accounts. We don’t monitor:
- Student or staff personal Google or Microsoft accounts
- Social media accounts and activity
- Internet searches
- Any content or behavior outside of the school district’s G Suite or Office 365 suites
Many cyber safety vendors store data on their systems, which leads to the fear that the data could be compromised, or even sold to third parties. The deep API monitoring we use to keep an eye on G Suite and Office 365 means that we don’t collect, store, or backup any data on anyone. The school district maintains control of all data because it’s stored in their apps.
Cybersecurity, Safety, and Student Data Privacy
We concentrate on securing school district data in the cloud because school districts are under attack. Student, staff, and district business data are considered “soft targets” by criminals, and are increasingly being targeted. We believe that the best way to ensure students (and parents and staff) don’t fall victim to identity theft and other safety issues is to secure their sensitive data. This is an issue that many people—including students and parents—are unaware of.
School districts are responsible for protecting their data to comply with student data privacy laws. But the reasons why student data privacy needs to be protected goes beyond compliance requirements.
It’s also important to secure student data for the safety of the child. When criminals gain access to student data, the students become vulnerable to physical attacks because the criminals know where they live, or financial attacks because criminals can ruin a credit history based on access to social security numbers.
Cybersecurity in K-12 schools is more important today than ever before. School districts rank number two, after municipal governments, as the industry sector most often targeted by cybercriminals. A look at 2019 K-12 Cybersecurity year in review shows shocking statistics such as a 256% increase in data breach incidents between December 1, 2018 and 2019. Overall, school districts are woefully underprepared for data security in the cloud.
Unfortunately, the questions remain. Do we focus on protecting school district systems, or allow companies trying to protect our kids to store information on their systems? Do we try to ensure safety while making students paranoid because they know someone is monitoring and recording their every move? Do we take the chance that a student can’t get into the college of their choice because of something they did as a child?
There’s no obvious solution to the challenge of balancing cyber safety and student data privacy, but It’s a balancing act we need to master.