Category Archives: COPPA

Protecting Student Privacy in the Digital World

This year, I had the privilege of collaborating with other professionals in my field: Thelma Almuena, the Principal of Columbia Elementary, George Philip, teacher and technology integrationist at the Stanley Clark School, and Ana Albir, founder and CEO of Drawp Entertainment and creator of Drawp for Schools. We have put together a panel proposal for SXSWedu 2016 conference focusing on student privacy in the digital age. I hope you will support our session and vote for it to be accepted. You can vote for our session via this link:

http://panelpicker.sxsw.com/vote/48239

If you do not have a SXSWedu account, you can create one here.

Our session summary is:

With ubiquitous classroom technology, students’ privacy is an increasing concern. Federal laws, such as the Children’s Online Privacy Protection Act and the Family Educational Rights and Privacy Act, are difficult to navigate but vital to protecting students’ rights. This panel will focus on demystifying the process, providing key strategies for lawfully implementing technology, and looking to the future of technology and education. Panelists include technology and school administrative leaders (at both public and private schools) as well as a software developer for PK-elementary tools.

Questions Answered

  1. Gain an understanding of current Federal Privacy Laws that apply to schools.
  2. Understand how to vet and implement technology tools in schools.
  3. Understand the direction that privacy and educational technology will take in the future.

Speakers

Organizer

Jennifer Carey Ransom Everglades School

Advertisements

Terms of Service Cheat Sheet for Parents & Teachers

This is reblogged from my post on Edudemic

If you have email, iTunes, Facebook, or any other online account, then you are familiar with Terms of Service; you know, those excessively long, confusing legal documents that we all click “accept” on so that we can download the latest episode of Modern Family. These documents are confusing, and very few of us have the time or knowledge necessary to process 56 pages of legalese (yes, the iTunes Terms of Service is 56 pages!). Fortunately, there are several movements out there to encourage technology institutions to present easier to understand and more transparent Terms of Service and Privacy Guidelines; in fact, Microsoft and Google have recently revamped their TOS agreements. In the meantime, here is a brief “cheat sheet” to help parents and teachers to assess the safety of online tools. It will also help to clarify what happens when your children engage and share online.

Keep an Eye on Age Limits!

It’s easy to want to dismiss age restrictions for online services. After all, with just a little creative math your child can use some great resources like email or Skype to communicate with family far away or even enjoy videos from YouTube. However, an age restriction may be a sign that this is a tool to examine more closely. If you find it of value to your child, then you might want to create an account in your own name and with credentials that you can use together. This could open up a myriad of opportunities to help guide your child through appropriate usage.

acceptThere are two age restrictions that frequently appear with online resources: age 18 and 13. If a company or organization requires that an individual be 18 years old to use their services, this is often a sign that they require their users to enter into legally binding contracts (such as financial agreements for purchases such as with airlines). Additionally, it may have adult content (nudity, violence, tobacco and/or alcohol use, language, etc). It is important to note that an 18 year old age restriction is not an automatic black mark. For example, if your child is working on a stock market project for school, then it may be useful for them to have access to a brokerage account in order to get up-to-the-minute stock price updates. This is an appropriate use, but because your child is under 18, it’s also a perfect opportunity for parent-child collaboration on homework; you can create the account and use it with your child!

Because of the Children’s Online Privacy Protection Act (COPPA), companies are limited on what information they can collect and share for children under the age of 13. This magic number is a prime indicator that data is being collected and shared, so keep in mind that the age 13 requirements for Facebook or Google are not arbitrary! These are organizations that make their income from selling user data to advertisers. Deciding whether the cost is worth the benefits is highly personal; however, this is a great opportunity to discuss online behavior, digital citizenship, and digital footprints before deciding to sign up.

Know what information is being Collected & keep up with Changes!

If a company is collecting data, they should state what information they are gathering – either in the Terms of Service itself or a separate privacy agreement. Google has recently published its privacy policy outlining how it collects and uses data. Still, many companies are not as transparent, so you may need to do some research on an individual businesses.

Many organizations will allow you to sign up for notifications of updates. They will email you every time that there is a change to their privacy policies. This is a great way to stay up to date. In addition to this, you can go back and check privacy policies on a regular basis (every few months). Big companies often make the news when they make drastic changes, especially if they are controversial, so pay attention to these stories and follow up with your own research. You may want to keep a special eye on things like changes to default sharing settings (public vs. private) and how data is being collected.

Don’t Be Afraid to Ask for Help!

Navigating Terms of Service and privacy policies can be confusing and challenging. Never hesitate to enlist others in your quest. Speak to other parents, join discussion groups, read websites dedicated to online privacy (check out “Terms of Service; Didn’t Read”). If your child is in school, seek out the Tech Director with questions. They navigate this world on a regular basis and can help to assuage your concerns or highlight areas where you should be more vigilant. As Director of Educational Technology, I am always eager to form partnerships with parents and colleagues to raise awareness of common security issues and keep them informed about the tools we are using in school.

The Good News: It will get Easier!

There has been a lot of push-back on the tech world to encourage companies to be more proactive and transparent in what type of data they collect and how they use it. Many organizations (such as Google and Microsoft) have responded positively to public pressure. Additionally, federal and state legislation is beginning to address online privacy with a special eye to protecting children. Reaching out to government officials and adding your voice to the cause will help to push this along. Parents are reasonably concerned about their child’s online presence; and with the abundance of online tools, it’s a challenge to keep up. However, by enlisting others and making a concerted effort, you can help to keep your children safe online.

Google Turns off Email Scanning in GAFE Enterprise Accounts

In my recent article, “Those Terms of Service on Popular Ed Tech Websites DO Matter” I brought up the fact that Google was currently embroiled in a lawsuit in California related to scanning student gmail accounts within their Google Apps for Education (GAFE) Enterprise accounts. Today on their official blog, Google has announced that it has fully turned off this feature in their GAFE suite to assuage any concerns about invading the privacy of students and teachers.

You can read more about this announcement on Google’s Official Blog.

Those Terms of Service on Popular Ed Tech Websites DO Matter!

This is reblogged from my post at PLP Voices

I recently attended a prominent and popular educational technology conference. As I always do, I made sure to visit the vendors’ floor. I like to be able to chat with company representatives, see what new tools they have, play with tools hands on, and generally get a feel for promising new resources available to schools.

Reviewing Terms of ServiceAt this particular conference I was excited to visit a vendor’s booth that focused on 3D printingsoftware. It promised to be easier and more intuitive to use. When I signed up for the account necessary to use the online tool, I did something that many people do not do: I read the terms of service.

The first thing I noticed was the “age 13” requirement. I asked the representative if they had an option for children under the age of 13. She responded, “Well… not officially. But it all depends on how seriously you take the terms of service.” I promptly ended the session and walked away from the table.

Here’s the reason this exchange was so striking and troubling for me: There is a pervasive attitude in educational technology (held by educators, IT professionals, developers and students) that the terms of service “don’t matter.” After all, (nod-nod-wink-wink) you can fudge your age by a few years or a few months and take advantage of great tools such as YouTube orTwitter (both of which have such restrictions).

This is for the benefit of the children, right? If the tool is useful, many will say, why do we need to bother with such hurdles as age requirements? And let’s face it, those Terms of Service are so long – we don’t have time to read all that!

But the reality is that the Terms of Service do matter.

Modeling

When discussing this issue with peers, I always highlight the fact that we cannot ask our students to behave ethically and morally if we direct them to violate policies and the rules for using tools by being deceptive. In essence we are telling our students that it is not appropriate to lie or cheat, with the caveat that it’s okay in this one situation.

If you want to advocate for an effective Digital Citizenship program, you must first take the position that behaving responsibly and appropriately online is paramount. As such, this means not violating a company’s age or usage policy (even if someone in the company might suggest it’s okay).

YouTube-Terms-560

Legal obligations

Believe it or not, the age 13 requirement found in many Terms of Service statements is rarely an arbitrary policy. While governments (local, state, and federal) are slow to catch up with existing and emerging technology, there are several federal statutes already in place. The two most important are FERPA (Family Educational Rights and Privacy Act) and COPPA (Children’s Online Privacy Protection Act). These statutes specifically relate to what information can be collected, stored, and transferred – and they include especially stringent restrictions on children under the age of 13. By signing students up for these tools, you and your institution may be in violation of Federal law. Disregard for these policies not only compromises the safety of your students, but opens a school and individuals up to institutional and personal liability.

The ethics of commercializing education

One of the most controversial issues in education today is the commercialization of education. This is especially relevant in educational technology. Many companies offering free or heavily discounted tools use a business model based on collecting and then selling information (names, birthdates, contact lists, and more).

While the world is very much aware of these practices with Social Media tools like Facebook, other services are less obvious in the way they collect user content and what they do with it after the fact. When you see that a service requires all users to be age 13, that should be the first red flag that sensitive data is being collected and possibly redistributed or sold to third parties.

Google-Apps-EducationMost companies are not transparent about what they do with the information they collect – a practice that many of us in the educational technology sphere are rallying to change. Several states are considering legislation to put restrictions on what type of data companies can collect on students and who can then see that information.

Most recently,Google has been sued for violating student privacy and their stated contract conditions in Google Apps for Education by data mining students’ emails. (It is important to note that, at this time, Google claims that the data-mined content is not being distributed to third parties or used for advertising purposes.)

Pay attention to what companies collect

If an educational technology company collects information on your students, then it is important to take this into consideration as you consider the digital tools that you will use in your institution. Perhaps you feel that the benefits outweigh the extra cost of paying for a tool that is not underwritten by these kinds of practices (especially if your school and/or district is cash strapped). But don’t pass over these decisions lightly.

Safer tools are available

There are many great tools and online services available for students that specifically focus on protecting the information and identities of students under the age 13. Often, these have a financial cost (as they cannot make money through other avenues like advertising or selling personal data). Still the costs are negligible when you focus on how they protect children.

To find a tool that will work for your institution, be sure to go with a reputable company, read their Terms of Service, speak to a representative and ask questions such as, “How do you protect students’ identities online?” and “What do you do with the information that you collect from our students such as names and email addresses?” Companies that are truly COPPA and FERPA compliant are always willing to be open and transparent with this information.

TRUSTe-logoAnother great resource to find and assess an organization’s COPPA compliance is with TRUSTe. A TRUSTe COPPA Compliance Certification ensures that an organization meets Federal compliance for protecting the information of students under the age of 13. Recognize that not all COPPA compliant tools have been certified with TRUSTe, but that those that are have met stringent requirements and adhere to these statutes.

Tools that allow teachers to be administrators of the tool or service (restricting content & publication and monitoring use) can provide your students with a safe, “walled garden” environment that will allow them to take advantage of internet connectivity while being safe. Additionally, be sure that your Technology Director has fully explored the service (and continues to do so as the service is updated) to ensure that the service stays compliant with its previously stated policies (sometimes an update will negate earlier privacy restrictions). Also, any time that there is a update to those Terms of Service – read them!!

Student security comes first

Anytime you are considering an online tool or service, it’s important to ensure that the securityof your students plays a key role in your decision. Implementation of new tools in your school or classroom should never violate a company’s Terms of Service and should always be in compliance with existing law. Members of the educational community (administration, faculty, parents, and students) should be involved in the broader conversations about reasonable restrictions.

I believe it is also important to advocate for greater student privacy and security, and I think that transparency on the side of developers is absolutely vital in this process. We cannot effectively make decisions for our schools without adequate information. Ultimately, schools and districts must make choices that are right for them and their communities, with their eyes wide open.

Protecting Student Data & Privacy Online – TrustE, COPPA Compliant

Securing student data and privacy is an important topic in the economy of educational technology. While the Federal Government has declared several guidelines via COPPA and FERPA, it is very tricky to know whether or not a company or organization adheres to these requirements. Many of them assert that schools/institutions are responsible for enforcing COPPA compliance.

A great tool for educators and institutions to determine a company’s abilityto protect student data is TrustE certification.

The TRUSTe Children’s Privacy Certification program certifies compliance with the COPPA Rule and meets the requirements of TRUSTe’s standard TRUSTed Websites Program, which include ongoing site monitoring and privacy dispute resolution.

After passing the certification process, members receive TRUSTe’s trusted web seals to display throughout their respective web pages. Client Service Managers provide seal placement guidance to ensure members are maximizing the impact of the seals. More than 25 million consumers click on these seals annually to confirm TRUSTe membership.