Reposted from the New York Times:
Protection of student data is gaining attention as schools across the country are increasingly introducing learning sites and apps that may collect information about a student’s every keystroke. The idea is to personalize lessons by amassing and analyzing reams of data about each student’s actions, tailoring academic material to individual learning levels and preferences. “For many younger companies, the focus has been more on building the product out and less on guaranteeing a level of comprehensive privacy and security protection commensurate with the sensitive information associated with education,” said Jonathan Mayer, a lawyer and computer science graduate student at Stanford University. “It seems to be a recurring theme.”
To help schools evaluate companies’ security practices, the Consortium for School Networking, a national association of school district chief technology officers, published a list of security questions last year for schools to ask before they sign purchase agreements with technology vendors. “It is a huge challenge because there hasn’t been the time and attention and investment placed in security that school districts need,” said Keith R. Krueger, the group’s chief executive.
Although a federal privacy law places some limits on how schools, and the vendors to which they outsource school functions, handle students’ official educational records, these experts say the protections do not extend to many of the free learning sites and apps that teachers download and use independently in their classrooms. In an effort to bolster confidence in their products, more than 100 learning companies recently signed on to a voluntary industry pledge on student privacy. The signers agree, among other commitments, to “maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality and integrity of student personal information against risks — such as unauthorized access or use.”