Promoting Digital Privacy
Best Practices for Educators
In an age of continuous technological innovation, protecting confidential information requires more than an armed guard at the door. Schools are now faced with the task of protecting information and maintaining digital networks through which learning is facilitated. Thus, communicating ideas regarding privacy to children requires an understanding of their perceptions of technology, as it is fully integrated into their lives8, as well as a baseline knowledge of popular technology.
Potential Threats to Digital Safety
The issue of digital privacy encompasses a host of potential concerns within a school environment. For instance, administrative records contain personal information about students such as their name, date of birth, address, and social security number --- most of which are stored on computers and could possibly be at risk of identity theft. Personal identification information could also be retrieved from Internet websites, through the use of mobile applications, or by breaching computer server security. Many of these procedures can be performed by someone with limited technological know-how. Identity theft is not the only danger that exists in the digital world. The TxSSC article "Teen Sexting and Prevention Strategies" explained the prevalence of sexting among children, and "Recognizing the Signs of Human Trafficking" examined how the Internet can be used to facilitate the sexual exploitation of children. Issues of cyberbullying, privacy violations, or a general sense of vulnerability in the digital world can disrupt a healthy learning environment. Threatening situations can make children fearful or anxious, and these distractions can spread throughout the classroom to other students.
“The issue of digital privacy encompasses a host of potential concerns within a school environment.”
Further, as more school districts begin to use cloud computing, additional challenges to digital privacy will need to be considered. Cloud computing utilizes off-site computer power and storage that is accessed by users on an as-needed basis through the Internet. For example, rather than opening data saved on the hard drive of a computer, cloud computing enables users to access data stored on a remote server12. Understanding the benefits and concerns can help a school or district achieve an optimum compromise of risks and rewards.
Using cloud computing technology provides many advantages in an education setting. Data stored "in the cloud" can be retrieved from anywhere, at any time, and from any device connected to the Internet. Content is automatically backed up, so students and teachers do not need to worry if their computer crashes. Multiple users can access and edit files simultaneously without being in the same location. For example, students have the convenience to work together on a school project file from home without needing to meet in person. Teachers can host their lesson plans, grades, and assignments in the cloud and do not need to spend time printing copies for each student. Assignments can even be turned in online, rather than spending class time collecting homework12.
Despite numerous advantages, cloud computing can allow digital hackers to gain unwarranted access to information by invading "the cloud". A report produced by "Fordham University" suggested that cloud computing services in schools are not well understood or governed. Without better agreements, vendors managing these systems are not required to take proper care of the sensitive information they possess and could potentially market or sell the information. Student information is increasingly vulnerable if appropriate precautions are not taken. The Fordham Report recommended that the risks of cloud computing should be shared with the public and open for discussion. Contracts with third party vendors and internal policies within school districts must be strengthened to ensure that procedures are used to protect sensitive student information11.
In an effort to increase digital safety, and mitigate some of the potential threats, several practices should be adopted by school districts and further discussed with staff and students:
1. Use secure websites, secure wireless connections, and the automatic anti-virus/firewall update option when handling sensitive information.
From social media chat rooms and mobile banking applications, to Excel spreadsheets in the administration office or stored on a remote server, protecting information is a critical step in keeping children safe. The IT department of a school may be in charge of maintaining secure network computers, but it is the responsibility of the user to verify their own protection. When viewing, storing, or submitting any sensitive information, always confirm that the websites and wireless connections (Wi-Fi) being used are secure. Secure Wi-Fi is typically password protected and requires a login. Logging into a school network computer should be adequate protection. Secure websites have a lock icon in the address bar and a URL that begins with "https." Inspect every webpage to ensure that both conditions are present before typing any personal information, including login information. Also, be sure that that the computer's antivirus and firewall protections are up-to-date. Updates guarantee that the system has the most current protections against digital intrusion and will pop-up on the screen if they need to be installed. Always be sure to logout of websites and computers when done using them. This prevents others from easily gaining illegitimate access7.
“Protecting information is a critical step in keeping children safe”
2. Prepare a brief and accessible guide that details computer disposal procedures.
The hard drive of a computer can contain names, passwords, account numbers, license keys, addresses, phone numbers, and other files created automatically by browsers or operating systems. Simply deleting a file can leave fragments of information behind. When this happens, personal information could still be retrieved. Before disposing of a computer, be sure to delete all the contents of the hard drive. Utility programs can be purchased or downloaded from the Internet to wipe a hard drive clean. Most of these programs are relatively inexpensive and many are free. When choosing, consider programs that wipe the hard drive many times to be sure that information cannot be restored. The other option is to physically destroy the hard drive5. Preparing a brief guide to computer disposal and making staff aware of the protocol can help ensure that the safest procedures are always used. The guide can be included in the staff handbook or in other documentation readily available to staff.
3. Learn to recognize "phishing" scams.
Be aware of "phishing" scams that send pop-ups, emails, or text messages that mimic trusted organizations. Legitimate companies will never ask for sensitive information over an email or text message. Never share personal information for a prize or other benefit, especially over the Internet. Delete these messages without opening or responding to them6.
“Be aware of "phishing" scams”
4. Verify that policies on cloud computing adhere to FERPA and COPPA laws.
In short, FERPA4 gives parents the right to inspect and review education records. Information handlers must have written permission to release information (although directory information may be disclosed) unless specific circumstances are present. COPPA1 protects against the distribution of information about children without proper consent. Schools should refer to the complete FERPA and COPPA laws to inspect their contracts with third parties for inappropriate conduct. If schools adhere to the suggestions stated above and Federal law, the advantages of cloud computing can greatly exceed its security shortcomings.
“Verify cloud computing policies adhere to FERPA and COPPA laws”
5. Consider sharing a "cloud" system with other schools or districts.
Some schools have found that managing their own "cloud" is the best balance of risks, expenses, and rewards. While it may cost more to operate an internal cloud computing system, the value far outweighs the expense (assuming privacy is not at substantial risk). Consider sharing the costs, responsibilities, and benefits of cloud computing. While it may be expensive for a single school to handle, collaborating with other schools or districts to purchase and manage these systems may be more feasible. Regardless of whether the district manages their own cloud computing system or contracts with a third party vendor, it is vital to understand the privacy issues and effective ways to address such issues3.
6. Ask students how they protect their personal information from others online.
Networks play an important role in the digital world, and it may not be enough to simply alter privacy settings on an account to prevent outsiders from gaining access to private information9. Many people want to employ some of the same "structural" privacy strategies to social media. One study stated that social media privacy strategies of middle-school students included withholding personal information from their online accounts, adjusting privacy settings, "untagging" their names from others' posts, and even posting false information (such as a fake name or address to uphold anonymity)2. Although these methods were often poorly executed, they still may be inadequate to protect personal information on social media. It has been suggested that privacy on social media websites is ultimately governed by shared social norms and social ties. To give an example, a photograph privately shared and thought to be only visible to friends, can easily be circulated by those friends to others for whom it was not intended. Viewing posted content does not require direct access, but rather it is determined by shared social norms within the user's network9. Dispersing someone else's personal information can be problematic, and selling this message to children is sometimes difficult.
Social media platforms are also heavily governed by market forces, and networks such as Facebook often share user data so that consumers can be more easily targeted by advertising. The data stored by social networks covers a vast array of actions performed by the user: Facebook, for example, constructs "social graphs" based on likes, tagging, and commenting10. Many teens are not aware of the extent to which their actions are being monitored, scrutinized, and capitalized on by advertising firms. Teens are particularly vulnerable to manipulation through social advertising10. The best way to minimize this is through education; making sure that teens are informed of the risks of sharing too much information online.
7. Communicate the "golden rule" of digital privacy.
Properly re-conceptualizing privacy in a networked era should include more thoughtful discussions with youth about how behavior online can affect the privacy of others5. Perhaps using the idea of the "golden rule" to illustrate potential harm caused by careless actions could persuade children to evaluate their role online. Students may not want their privacy invaded, and in turn, may take preventative measures to protect privacy of their peers. Once the value of privacy is established, discuss practical ways to keep personal information confidential. Some middle-school aged students, for example, have already reported talking about creating explicit guidelines with family and friends about digital conduct2. School staff should reinforce this behavior and engage students in proper digital citizenship.
In an effort to enhance digital safety, administrators should regularly inspect the ways in which the school or district governs technology. Often times, policies were created years ago and have little relevance today due to the rapid expansion of technology. Not every educator needs to know how to organize the backend of an enterprise server or navigate a complex network of social media followers to preserve privacy; however, learning to understand and educate students to use technology in a more secure way can keep schools and children safer.
“To enhance digital safety, administrators should regularly inspect the ways in which the school or district governs technology”
1Children's Online Privacy Protection Act (COPPA). 15 U.S.C. §6501–6506.
2Davis, K., & James, C. (2012) Tweens' conceptions of privacy online: Implications for educators. Learning, Media, and Technology 38:1, 4-25. Retrieved from http://www.tandfonline.com/doi/pdf/10.1080/17439884.2012.658404.
3Davis, M.R., & Cavanaugh, S. (2014) Cloud computing in K-12 expands, raising data privacy concerns. Education Week. Retrieved from http://www.edweek.org/ew/articles/2014/01/08/15cloud_ep.h33.html?tkn=TYCC4d8BqsAa2%20RmuOcTzjvMGeSt2fF988rhbftcmp=clp-sb-ascd.
4Family Educational Rights and Privacy Act (FERPA). 20 U.S.C. §1232g.
5Federal Trade Commission. (2011) Disposing of old computers. Consumer Information. Retrieved from: http://www.consumer.ftc.gov/articles/0010-disposing-old-computers.
6Federal Trade Commission. (2011) Phishing. Consumer Information. Retrieved from http://www.consumer.ftc.gov/articles/0003-phishing.
7Federal Trade Commission. Safeguarding your child's future. Retrieved from http://usgovinfo.about.com/library/nosearch/safechildfuture.pdf.
8Green, H., & Hannon, C. (2007) Their space: Education for a digital generation. Retrieved from http://www.demos.co.uk/files/Their%20space%20-%20web.pdf.
9Marwick, A.E., & boyd, D. (2014) Networked privacy: How teenagers negotiate context in social media. New Media & Society, 16:7, 1051-1067. Retrieved from http://nms.sagepub.com/content/16/7/1051.full.pdf+html.
10Montgomery, K.C. (2015). Youth and surveillance in the Facebook era: Policy interventions and social implications. Telecommunications Policy, 39(9), 771-786.
11Reidenberg, J., Russell, N.C., Kovnot, J., Norton, T.B., & Cloutier, R. (2013) Privacy and cloud computing in public schools. Center on Law and Information Policy. Book 2. Retrieved from http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1001&context=clip.
12Weaver, D. (2013) Six Advantages of Cloud Computing in Education. Pearson School Systems. Retrieved from http://www.pearsonschoolsystems.com/blog/?p=1507#sthash.B44x6OGz.dpbs.