When Baltimore County Public Schools started giving every student a computer for daily use in the classroom, teachers sought out more online learning materials to go with them. That meant more partnerships with third-party vendors, some of whom tracked student performance or required personal information about students to open new accounts.
Parents in Baltimore County became concerned. Was their children’s private data going to be safe even outside the district’s hands?
Baltimore County has become a leader in student data privacy and security, and is one of only 13 districts in the nation to earn a Trusted Learning Environment seal from CoSN, the membership group representing the nation’s K-12 school technology leaders. The seal identifies Baltimore County as going above and beyond mere compliance with laws that require schools to protect the privacy of student records.
Among the extra steps the district has taken to foster trust is posting online a complete list of all third-party vendors that receive student data and exactly what type of data they get. Parents can also read the student data privacy agreement, a strict set of expectations with which vendors must comply to do business with the district.
Jim Corns, director of innovation and digital safety in BCPS, said he put these two documents online last year during the application process for the Trusted Learning Environment seal. CoSN, the Consortium for School Networking, began awarding the seals last year, as a way to articulate exactly what districts should do, at all levels, to keep student data safe. While federal privacy laws have been on the books since the 1970s and a 2014 effort identified 10 high-level Student Data Principles, CoSN’s seal is the first to enumerate the day-to-day practices around safe handling of data that should exist in schools.
“The thing we have been constantly reinforcing is that … without doing any of this work we were complying to the law,” Corns said. “But that’s not where we wanted to be.”
An extensive seal application process requires districts to prove they engage in 25 practices across five core areas: leadership, business, data security, classroom and professional development. These include things like having an administrator responsible for developing and implementing data privacy and security policies and practices; having a process for vetting online services for data privacy and security; conducting routine audits of data privacy and security practices, and embedding data privacy and security training into professional development.
Linnette Attai, project director for CoSN’s privacy program, said going through the Trusted Learning Environment seal process combats the climate of fear and lack of information among parents and others.
“The program provides a way for schools to demonstrate the specific, tangible steps they’ve taken – what they’ve done to protect the privacy and security of student data,” Attai said. Just applying for the seal sends a message that a district is being proactive about data privacy and security, she said.
And that’s something that is important to more than just parents. Elected officials in state houses around the country have passed a flurry of laws in recent years reflecting a mistrust of schools’ abilities to truly keep student data safe, especially in the digital age.
Keith Krueger, CoSN’s chief executive officer, estimated there are hundreds of new privacy laws being implemented at the state level. The lack of trust is pervasive, and Krueger doesn’t see that as a short-term trend.
“It’s a long tail across all of society and all of education,” he said. “Unless we’re able to be more transparent and clear about our beliefs, we won’t have the trust of parents and policymakers.”