Tracy Brovold
Director of Educational Technology and Information Services
Mankato Area Public Schools

Last spring I walked into a third grade classroom and watched the students engage with their devices. Some were reading online, some were working together while others were creating videos. As the Director of Educational Technology, this is exactly what I wanted to see in a classroom where technology was being used as a support to instruction. Peering over the shoulder of a student, I saw he was using an online tool I was not familiar with. I asked the student what site he was using and how he began using it. He told me the name of the site and shared that his teacher signed him up for it. He excitedly showed me a QR code that was laminated with his full name, date of birth, grade level, email address, and student number.

After class, I spoke with the third grade teacher about the online tool she had signed the students up for. She said the app was a recommended tool to help students with reading. I let her know that the tool was not on our approved list of online instructional resources and asked if the privacy policy of the app addressed the selling of student data. The teacher stood there, staring blankly at me. She wasn’t aware it was her responsibility to look at the privacy policy. She didn’t know of our district guidelines for vetting and approving apps and online tools used by students. Her intentions were good. Yet, in our ubiquitous world of technology, teachers can easily create student accounts anywhere online without the knowledge of anyone else in the district, unintentionally creating unsafe digital environments for our students.

Over the last decade we have seen many new and exciting innovations in education. Our schools have become filled with electronic devices and students logging into websites and apps used to support learning. These online instructional resources are making it possible for students and educators to create, collaborate, think critically, and share ideas more easily than ever. In the educational setting, when it is so easy to click, “Sign in with Google,” how do school districts ensure the privacy and protection of all students and their data?

Traditionally, student data consisted of things like attendance, grades, and health records. Access to that data was locked in a filing cabinet which was placed in the administrator’s office. Access to these records would be limited to the administrator, counselor, teacher, or other school officials who had a legitimate educational interest to view the information. As schools have moved toward using online instructional resources, such as applications and web based tools, traditional data is shared with companies that provide Student Information Systems, Learning Management Systems, and apps that are used within the classrooms. When schools use technology, students’ data, including some personally identifiable information is collected by both the teacher and the companies that provide apps and online services. Privacy-related concerns have risen related to the extent of information collected digitally about students and how that information may be used today or at some time in the future in ways that could exploit or even harm them.

What are the federal laws educational staff should be familiar with?

Two main federal education privacy laws are important to note when providing a foundation of protection for all students and their families online: the Family Educational and Privacy Rights Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA).

FERPA is a federal law that protects the privacy of student education records. The law applies to all schools that receive federal funds. This law grants a number of important rights that provide some control for parents over what personally identifiable data can be collected and shared about students.

COPPA, enacted in 1998, addresses the obligations of operators of commercial websites, online services, and ‘apps’ targeted to children. COPPA requires companies to have a clear privacy policy, provide direct notice to parents, and obtain parental consent before collecting information from children under 13. Teachers and other school district officials are authorized to provide consent on behalf of parents to use an educational program, but only for use in the educational context. This means that the company can only collect personally identifiable information from students for the specified educational purpose, and for no other commercial purposes.

Is there a vetting process in my school district?

To make the most out of opportunities for teachers to try new online instructional resources, school districts must help educational staff understand why a vetting process is needed and create a pathway to approval. The vetting process should help assist educational staff in utilizing online instructional resources while maintaining data privacy, equity, and responsible tech use.

Some questions to help staff quickly evaluate whether an online instructional resource will protect students’ information:

  • Do you have to make an account in order to start using the online instructional resources? If so, did you have to provide personal information (email, name, age, etc.)?
  • Does the resource require parental permission?
  • Does the developer share personally identifiable information with others?
  • Does the resource collect additional information such as location or contacts?

All of the answers to the questions listed above should be included in the privacy policy. If educational staff answer ‘yes’ to any of the questions above, the online instructional resource must go through the vetting process prior to use.

A strong vetting process will vet the online instructional resource for content quality, curricular alignment, data privacy and security. When creating a vetting process, school districts should:

  • Develop clear adoption guidelines for educational staff to make the selection process easier for both the district and staff.
  • Make sure the vetting process is thorough, but also quick and clear. If getting online instructional resources approved is too cumbersome, staff may be likely to avoid the vetting system altogether and try a tool anyway.
  • Inform educational staff of the vetting process. Make sure it is clear that staff are not responsible for vetting resources, but the information is being shared with them so they can be more informed users of online instructional resources.
  • Integrate data privacy into the curriculum for students. Once educational staff understand privacy implications, they are better prepared to inform their students. Prior to having students login to a new vetted resource, the staff member could show students the privacy policy and highlight what students should look for before they create accounts on other sites.
  • Inform families. Provide families with information about the vetting process and a list of online instructional resources that are being used in the classroom

We are in an amazing age of educational technology. Online instructional resources help provide learning that is engaging, productive, and student-centered. Using online instructional resources are a valuable part of today’s classroom and keeping students safe online is of utmost importance to school districts. Having a system in place to vet online instructional resources is a responsible, important part of education in the digital age.

To help with creating a vetting process for your school district, visit these valuable resources:

Student Privacy Pledge –

FERPA/SHERPA The Education Privacy Resource Center –

Common Sense Education –

Leave a Reply