Schools, administrators, and parents need to find a balance between safety and privacy
Concerns about the mental health of K-12 students are increasing. Depression, anxiety, self-harm incidents, and suicide rates among minors have spiked during the pandemic, bringing the need for K-12 cyber safety monitoring to the top of many districts’ priority list.
The CDC recently published a report on mental health-related emergency visits that confirms those concerns. They looked at emergency department visits because that is often the first line of defense when children are in crisis. At a time when overall emergency room visits were declining due to the pandemic, mental-health related visits for children aged 5-11 increased by 24%, and visits for children aged 12-17 years increased 31%.
Parents and schools alike are concerned about what kids are being exposed to online that may contribute to mental health problems.
As a result, school districts are increasingly turning to technology vendors that provide student cyber safety solutions. These solutions have done great things for protecting students online over the years. But they’ve also begun to create student data privacy concerns.
What is Cyber Safety Monitoring?
In general, cyber safety monitoring refers to the ability of adults to monitor minors’ activities online with the goal of helping to keep them safe.
Cyber safety monitoring includes making sure that children aren’t engaging in activity that could expose their personal information online. It also encompasses protecting them from online predators, scams, and exposure to explicit and inappropriate content. It also includes spotting signals that a child is in crisis such as self-harm monitoring, cyberbullying monitoring and monitoring for other types of toxic online behavior.
How Does Cyber Safety Monitoring Impact Student Data Privacy?
Over the past several years, students and parents have raised concerns about school cyber safety monitoring programs and tools and the impact they have on a student’s privacy rights. Some of these concerns include:
Schools allowing 3rd party vendors to collect student activity data and personally identifiable information. There are concerns that these vendors can build profiles on students over time. One of the primary concerns is that this information could be used against the student in the future when it comes time to apply for college and scholarships, get a job, or run for public office.
Vendors selling student profiles. Parents and students are concerned that these personal profiles could be sold to other companies to use for marketing and advertising purposes.
Living in a “surveillance state.” Students and parents are concerned about the effect on students who may feel like schools and third-party vendors are tracking their every move.
Data security. There are concerns about how well schools and the vendors they are contracting with are protecting the personal information they collect. Accidental data leaks and malicious attacks expose students to identify theft, harassment, and more.
These concerns are certainly not without merit. School leaders, district administrators, and parents need to work together to find the right balance for their students between keeping the students safe and protecting their privacy.
In some cases, schools are required to monitor and restrict students’ access to certain types of information. On the federal level, districts must be concerned with CIPA compliance which is meant to protect children from accessing harmful content online. Many districts must also comply with additional local and state regulations.
Approaches to Student Online Monitoring
Different districts take different approaches to cyber safety monitoring, typically based on the devices students are using.
Perhaps the most common approach is driven by the belief that students should have little expectation of privacy when they are using school devices. This is roughly equivalent to an employer monitoring employee activity when the employee is using a device provided by the company. The employers need to use layers of monitoring technology to make sure that the device and the information it can access are secure.
In some cases, employers will also use technology to monitor employee productivity and restrict them from visiting websites that aren’t related to their work. Districts can, and often should, take a similar approach to school-owned devices the students use.
There is a difference of opinion about whether districts should monitor students’ social media accounts and personal browsing activity. Many districts adhere to the idea that if the student is using a school-provided device to access personal social accounts or perform personal online activities, the student has no expectation of privacy. Other districts limit what they monitor to focus only on the students’ use of school-provided technology.
Some districts are structured for “Bring Your Own Device” (BYOD) as opposed to 1:1, where the district provides a device for every student. In those situations, the issue of cyber safety monitoring and data security can be a bit more nuanced.
These districts often use a cloud-enabled content filter layered with cloud-based cybersecurity and safety monitoring technology. This method allows IT admins to monitor data security and student safety in school-provided apps like Google Workspace and Microsoft 365.
When it comes to monitoring technology, cyber safety artificial intelligence (AI) tools are becoming more popular on the market. Toxic behavior, cyberbullying, and self-harm monitoring technology that uses AI can significantly reduce false positives and false negatives. Not only does this save district staff members a huge amount of time, it also increases the likelihood that students who truly need help will get it quickly.
From a data privacy standpoint, AI vs. keyword scanning technologies can also significantly reduce the sheer amount of data being collected by vendors and/or schools on students’ activities online.
Monitoring School-Provided Applications
There’s a good reason why districts and parents pay a lot of attention to monitoring student behavior on social media. Social channels are the home of a significant amount of cyberbullying, inappropriate content, toxic behavior, and more.
But, districts must not turn a blind eye to the safety risks that may exist in their own domains. School-provided learning and collaboration apps also provide a home for the same type of risky behavior seen on social media.
Many K-12 IT leaders have reported finding Google Docs that students use as chat rooms. And students are finding creative ways to avoid detection. For example, they may change the name of the document frequently, leave the document untitled, and/or change the text color to white. Other admins have found students using shared Google Slides to share discriminatory, violent, and/or explicit pictures and memes.
Sadly, many IT leaders, counselors, and campus safety managers are also seeing an increase in student safety signals that indicate student self-harm, thoughts of suicide, and/or abuse. These signals can come up in emails, chat apps, and documents that students are using as personal journals.
In many cases, these activities are a cry for help. These students don’t feel like they have a place to go for help. They’re expressing their thoughts and feelings in school-provided technology, perhaps with the hope that someone will intercept their distress signal.
The issues of student cyber safety monitoring and student data privacy are difficult ones. We know that students are online more than ever before. We know that keeping student data private from vendors and bad actors is critical. And we also know that allowing students some level of privacy is important to their development.
Schools, administrators, and parents need to work together to find a balance to do what they can to keep students safe—both online and offline—while also protecting their privacy.