Not all data exchange solutions are equally secure. How do you know if your data exchange puts your district at risk of exposing PII?

School districts have been using data exchange for years to give edtech vendors and other third parties the information they need. Unfortunately, most data exchange puts districts at risk of exposing PII (personal identifiable information). How does this risk occur? In most cases, legacy applications and services were initially granted access before today’s more stringent data security requirements came into play.

Report: K-12 Apps Share Student Data Nearly Unchecked

Advertisements are still making their way onto technology platforms used in U.S. schools far too often, proving a vehicle for sharing student data on social media sites, according to a recent report on K-12 product safety. The vast majority of K-12 districts, meanwhile, are not vetting all technology used by students or communicating with parents about potential privacy concerns, and many are exposing PII.

The nonprofit Internet Safety Labs (ISL) released Part 2 of its K-12 EdTech Safety Benchmark: National Findings report on June 27. The nonprofit agency conducts independent product safety testing in K-12 schools and reports its findings and evaluations every three to five years. Part one of the report, released in January, noted that the vast majority of apps used in schools — 96 percent — share student information with third parties. Part III, which will be released at a later date, will specify what type of personal identifiable information (PII) from students and parents is being shared, said ISL Executive Director Lisa LeVasseur.

For the entire report, ISL in 2022 evaluated K-12 technology in the 50 states and the District of Columbia using samples from 455,882 students in 663 schools, and 1,357 different technologies/apps. In doing so, it collected more than 88,000 data points on the apps and 29,000 on schools and their technology habits, according to the report. The resulting report assigns composite scores to surveyed districts as well as to states, noting level of security concerns. The higher the score, the riskier the overall technology used. Texas had the highest score, at 89.18, while Hawaii had the lowest at 30.43.

Other key findings:

• Despite their intentions to ban retargeting ads that can follow students between multiple applications, Internet privacy laws in 24 states have not been effective in stopping ads on technologies used in schools.
• Regardless of “safe harbor” certifications or other privacy protection promises on ed-tech products, student data from those tools still made their way to large platforms like Facebook and Twitter.
• Eighty-six percent of the districts surveyed did not have a function for obtaining parental consent for technology that shares student data with third parties.
• More than 70 percent of schools do not vet all technology used by students, and those who did have some sort of vetting process (29 percent) were using a higher number of unsafe apps than schools that did not have a vetting process.

LeVasseur cautioned that the report isn’t intended to fault school personnel, students or parents for inadequate safeguards. She said technology consumers as a collective — whether individuals who choose free versions of streaming content services loaded with ads, or software companies that have assumed for years that there were no consequences of sharing resources — inadvertently played a role in this. Read more.

What To Look for in a Data Exchange Solution

There are many options for districts in need of data exchange. It’s important to ensure that the solution you choose offers the following to prevent exposing PII:

Zero-Trust

A zero-trust data exchange is the only way to ensure that data is secure at every point. Zero-trust is exactly what it says – an assumption that all network traffic is potentially malicious and requires verification before it can be trusted. Zero-trust in K-12 schools means better overall cybersecurity, better student data protection, and a higher likelihood of meeting compliance measures. It is the only way to truly reduce the risk of exposing PII.

Seamless Exchange

Your data exchange solution should allow your district to seamlessly exchange any data to any platform. Most districts need to be able to share more than just roster data. In some cases, you need to be able to share additional information with vendors.

Total Control Over Your Data Exchange

It’s best to have a zero-trust data exchange in which any data used in a data exchange between systems requires acceptance from both sides of the exchange. One side pushes data, and the other side needs to accept it, or one side requests data, and the other allows it to flow. By having controls on both ends of the exchange, it reduces the risk of exposing PII.

Behind-the-Scenes Functionality

Your data exchange should support open standard APIs such as OneRoster, LTI, and others. Every exchange should be authenticated using SSO. And all of it should integrate seamlessly and efficiently with your LMS and SIS.

Minimize Risk with the Right Data Exchange Platform

SchoolDay is a pioneering solution enabling vendors and schools to securely orchestrate their ecosystem of third-party SaaS applications without sharing student or parent data. SchoolDay simplifies vendor integration by offering token-based, on-demand provisioning, replacing personally identifiable information (PII) with anonymized tokens—a true “Zero-Trust” data exchange.

SchoolDay Reduces Risk of Exposing PII

Utilizing a zero-trust data exchange like SchoolDay, which has the capacity to offer robust data exchange using enterprise-grade security standards, pre-built connectors for different data exchange challenges that are readily available for your school district, and custom workflow automations, can help your district be more efficient and more secure.

SchoolDay safeguards student privacy and educational data by providing a secure ecosystem orchestration platform for schools and classrooms. Serving over 36,000 schools, 3,000+ districts and colleges, and hundreds of EdTech vendors, SchoolDay champions open standards and secure data exchange, solidifying its role as a trusted leader in educational technology. Visit www.schoolday.com for more information.