With more and more educational institutions saving student data on third-party cloud servers, more Americans are growing concerned about the security and privacy of such information, according to a national poll released today by Common Sense Media (CSM), a leading non-profit that, among other efforts, advocates for the safe and ethical use of technology.
“We think that education technology and cloud computing services, if they’re used wisely, can help transform education, student learning, and school functioning in a good way,” said Joni Lupovitz, vice president of policy for CSM. “But we want to make sure that student privacy is part of this, and that schools, vendors, and service providers are protecting student data.”
CSM worked with Benenson Strategy Group, a global research and consulting firm, to conduct the study, which involved phone interviews with 800 registered voters. “Once fielding was completed, the sample was weighted to ensure it was proportional,” the results report says. This study reveals alarming and illuminating findings, including…
- Voters don’t realize just how deep this problem runs. Most–even parents–are unaware that schools contract with private companies to store students’ personal data like age, weight, attendance, grades, or other performance measures. A majority (57%) of parents hasn’t heard much if anything about these contracts, and only 18% have heard “a great deal.”
- Whether parents or not, over two-thirds are very concerned about this issue (68% and 67% very concerned, respectively; 89% of both groups are very or somewhat concerned).
- Almost 6 in 10 parents have heard little or nothing about schools letting private companies store personal data about their children.
- 65% of non-parents and 63% of parents are very concerned that no restrictions exist on how companies use student data for marketing purposes.
- A range of reforms to protect student privacy has overwhelming support, from increased transparency, to bans on schools selling data, to more restrictions on companies and cloud services.
Neither Lupovitz nor CSM is necessarily against schools using cloud computing to store student data—just that not enough steps are being taken by schools and companies to safeguard private information. Understandably, she says, many schools find it more affordable to save large amounts of data off-site, rather than invest in more expensive on-campus technology.
“We’ve gotten involved to try to make sure, as more and more education technology is used, as more cloud services are used, that students’ privacy is safeguarded and that tech companies and vendors don’t cross the line,” Lupovitz said, adding that this includes the sale of student data to marketers.
Little has been reported on schools accused or found guilty of actually selling student data, but in late 2013, a class action lawsuit against ACT and the College Board made headlines. “The lawsuit, filed this week in a federal district court in Illinois, seeks more than $5 million in damages from the test makers for ‘unfair, immoral, unjust, oppressive and unscrupulous’ conduct,” reported Inside Higher Ed in an insightful Nov. 1 article. “Namely, the plaintiff, a Cook County woman about which little else is known, alleges that ACT and the College Board do not tell test takers what will be done with their personal information.”
Schools often enter into contracts with service providers, Lupovitz says, but most contracts don’t address how such companies use or store student data. “We’d like to make sure that, when schools are hiring outside vendors and entering into contracts with them, the contracts specify that students’ personal information should only be used for educational purposes, it should not be used to market to students, and the information should be secure,” she says.
Lupovitz says that CSM is trying to start a wider conversation with all stakeholders—schools, students, parents, educators, and service providers—to make certain that personal information isn’t used for non-educational purposes, and that schools and cloud computing companies invest in doing more to protect and conceal data.
“If you had a paper record, and it had personal information from the student, you’d put it in a file cabinet and make sure it was locked appropriately, and that people only got the information if they really needed to have it and they were well trained,” Lupovitz says. “We want to make sure there are also appropriate safeguards as students’ information leaves the premises.