SXSWedu – Becoming a Security Ninja

Courtesy of Intel Free Press on Flickr

Courtesy of Intel Free Press on Flickr

I can’t believe that I’m at SXSWedu!! I’m so excited for the opportunity to be around forwarding thinking, innovative educators. The first session that I’m attending is “There is No Try: Becoming a Security Ninja.” This is an important topic as we go to more cloud computing and third party technology services. The speakers are Aimee Guidera of Data Quality Campaign, Brian Rawson, Joel Reidenberg (who unfortunately was snowed in and couldn’t make it), and Lori Fey of the Ed-Fi Alliance.

This panel discussion is based as an interactive discussion, so let’s hope that I can capture the meat of the round-table! The speakers argue that data is vital for effective education today. However, we must ensure that we can safeguard that data. It’s important to use actionable, quality, and useful information but must let people feel safe using it. Parents and educators are vital for the discussion of security and educational data.

Student data privacy is one of the most important and prevalent topics in education today. Lori states that the objective of this panel is to highlight the concerns of student data and usage today. Aimee says that it’s important to distinguish bad information that is often promulgated on social media and discuss the legitimate concerns surrounding student data. Other key questions are who owns student data and what are appropriate uses of that data? Also, it’s important to keep up with federal statues of student data,  such as COPA, especially with children under 13. Also, how do we bridge the gap between security and responsible use/accessibility?

What are some of the gaps in policy that must be addressed as we move forward?

Brian states that our primary obligation is to secure and protect data that we have of students. All of the stake holders (parents, administrators, students, vendors, and government) are all key to ensuring that this data is not only effective, but protected. Vendor contracts must be compliant with federal law and government must ensure that we execute these policies effectively. Technology today enables data capture on an unprecedented scale, yet our laws and policies are racing to catch up (and are woefully behind). Our guidelines must play catchup. Another key issue is that we must be transparent in our collection, use, and protection of data.

Brian highlights vendor contracts: they must be secure and explicit, data breech and disclosure procedures must be outlined, and what exactly will be done with that data. The contracts must be public, available, and accessible to anyone who wants access to it. He also argues that FERPA training must be in place for vendor staff. Joel Reidenberg published a report recently on “Privacy and cloud computing in the Public Schools.”

Aimee also highlights that FERPA is not the ned all be all of student data and security. In fact, this conversation is continuing at the state and local level. She argues that this is vital as we have not done a great job of ensuring that parents and guardians understand what is going on with their student’s data.

Is There Agreement that Student Data is a Valuable Tool?

Some of the audience members step in here to bring up that data is valuable to understand where students are in their learning and how they can help students to progress in their academics. Additionally, because privacy and security is at the forefront of discussion we are getting better at retaining info. Purser argues that electronic data is actually more secure than the “olden days” when we kept manila folders with student content that could easily be lost or picked up by prying eyes.

Data is important to focus and improve instruction in the classroom. It has increased exponentially and it can show us in a focused way what a student needs. It takes away wasted time where we used tests and reviews to try to gauge a student’s progress.  This information helps us to use this information as a diagnostic tool to pinpoint students’ needs.

Another audience member brings up the point that the data is only as good as the assessment. As such, we need to have multiple assessments that are addressed in multiple modalities. This way, the information can be put into one screen for teachers to see where/how students are struggling. We need to get the tools that are best for the student. “Data is not just a test score.” It has numerous different data points that we must explore and examine. We must use and collect data continuously to limit surprises. We must change the conversations about using tests and data as a “gotcha” and using it “as a flashlight” so that we can help every child succeed.

Another audience member asks how we train teachers for using data as an effective diagnostic. For data to be used effectively, training and effective professional development is vital. I would argue that this is also important when it comes to security of the students.

Who owns the Data?

So who owns student data? Can a parent “opt-out” of allowing a vendor having access to their student’s data? This is a current hot topic in the world of education. Parents/Guardian are concerned about who has access to their child’s data. At the same time, we need to ensure that educators have the best tools available to help their students. If we have 200 students, can we have multiple different tools/methods for each student? I can imagine the nightmare of management for teacher if some students can have data on the cloud or with specific vendors.

Aimee argues that this is why it’s important to bring parents into the discussion. They become especially nervous when they don’t understand the tools or content. Often they will pick up wrong and inaccurate information. We must make sure that they understand the role and value of data. This is true also for vendors – they must listen to the concerns of parents/administrators/teachers. They cannot dismiss those concerns and meet people where they are.

Brian also argues that we need to develop a standard lexicon when it comes to information security. We must be able to have a shared vocabulary in order to have effective conversations with one another, parents/guardians, and vendors. Security and privacy are different issues. Aimee also argues that we all need to change our responsibilities and understanding of data. This is now a shared endeavor – we all have a role to play in this conversation.

Aggregate Data vs. Individual Data

Aggregate data can be helpful, but one audience member brings up the issue that access to information on an individual level can be limited. For example, college counselors can have trouble getting access to individual data to help low-income and at risk youth become college ready.

Linking and sharing data is important but also requires effective tools in securing and protecting that data. Again, aggregate data is readily accessible. However, the struggle comes with the individual level. If we cannot link data to students, how can we effectively use it?

Aimee highlights that we also have to clarify for parents the difference between aggregate and individual data. We must limit individual, identifiable information to very few users. This is not all information that higher level politicians at the state or federal level. They may need to know that girls in low income areas are struggling with math, not the names of those individual girls.

Teaching Students Data Literacy

We focus on educating parents about data, but another audience member brings up the importance of educating students on their data literacy. While students are becoming more tech savvy, they are not always familiar with the importance of their data – how to protect it and how it can be used. So how do we go about having those conversations with students?

Courtesy of mikolajgr,

Courtesy of mikolajgr,

Many students, especially as they get older, do want more ownership and agency of their lives as well as their work. Technology has been effectively employed in high schools and is now trickling down to middle and lower schools. It’s important to have age appropriate discussions with students about this content and data. At the same time, we have to ensure that students are aware of their own presence online, especially in the realm of Social Media. Common Sense Media has some great resources in this realm. We must teach students how to protect their own information online.

Who is Beholden to the Data?

When FERPA was drafted, no one anticipated the glut of student data that would arrive. Specifically, the issue of targeted advertising. This is something that we must investigate as we go forward. Common Sense Media argues that student data should never be used for commercial purposes and I would wholly agree.

This is an issue that is currently going through federal and state legislation. Data is not cut and dry, nor is ownership. For example Google+ is a prominent tool used for Google Hangouts between teachers and students. Now, it is tied with local advertising. You can opt-out, but it requires a concerted effort. Commercialization of data is very specific and can target advertising to students and parents.


At the end of the day, the key issues here are cleaning up and demystifying privacy and security with student data, building a common vocabulary, and defining (via legislation and policy) the obligations of schools and vendors. This is not one organization’s job, it is a big conversation that must take place over multiple conversations in various contexts. As Aimee says, “We all must do it.” It’s also important to understand that there is a cost, nothing is “free.” So when using vendor’s material it’s important to understand what the business model is that supports the service.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s