Districts evolve to keep up with CoSN privacy standards
As the general public becomes more aware of issues surrounding individual privacy — especially the corporate collection of data to shape what we read, hear and learn online — there is more urgency than ever for defining how to properly protect student information.
Melissa Tebbenkamp, director of instructional technology for Raytown Quality Schools in Missouri, sees this happening in real time. In 2016, she shepherded her school system through the Consortium for School Networking’s (CoSN) evaluation, earning the district one of CoSN’s first Trusted Learning Environment Seals (TLE).
Tebbenkamp said she sees a real shift taking place in the broader K-12 community on the issue of data governance.
“It’s starting to become more urgent,” she told EdScoop. “Before, talking about data privacy, [the reaction] from the broader education community leadership would be, ‘What’s the real risk?’ Now, the conversation’s shifting to, ‘Oh my, how do we do this right?’ So the concept of data governance and having policies is becoming more common.”
To date, a dozen school districts around the country have earned a TLE Seal, a distinction reserved for districts that demonstrate leadership, classroom transparency, data security, smart business practices and continuing professional development for teachers. The certification lasts for two years; afterward, school systems have to reapply, showing that they not only still meet their original goals but that they continue to expand their efforts.
Linnette Attai — founder of PlayWell, a consulting firm that guides companies through their compliance responsibilities in the education sector, and CoSN project director — agrees that the sense of urgency has intensified.
“I think schools first need to understand the laws and their responsibilities, their community norms, what it is they want to do with data, what are the positive uses of data, in order to make a thoughtful compliance program,” Attai said in an interview.
She said the education sector is not as mature as other regulated environments. “Look at the financial sector, the health sector, around data protection,” she said. “They went through the same thing to get to a place of sensible balance, that provides what we consider as society’s privacy expectations.”
Keith Krueger, CEo of CoSN, noted that “most educators have focused on compliance, checking the boxes … What we’ve learned at CoSN over the past several years is that’s an expectation of parents and educators, but that doesn’t build trust.”
It’s critical to build trust around issues of student data privacy, Krueger said, and earning trust requires transparency about what is collected, why it is collected, and what will be done with it. CoSN has defined 25 practices, comprising the elements of the TLE Seal, that schools should achieve to be trusted.
“We know it’s challenging because every school starts from a different place,” he said. “So the way the practices might be achieved may be different.”
All of these concepts — privacy, trust, transparency — are taking place in a technology ecosystem that continues to change rapidly. “Mobile devices, the cloud — more student data is available, therefore it’s more at risk,” he said.
“Things pop up all the time in this fluid, technology-driven area, whether it’s security or the way in which schools or the private sector are collecting data,” Krueger continued. “That’s why the TLE Seal is for two years. If [a school system] has achieved it, they only recertify what they were doing, plus whatever has changed.”
Since Raytown achieved the TLE Seal, Tebbenkamp has been splitting her time between evangelizing about proper data governance at schools outside her district and developing a new approach to staff training.
“We’re developing a whole new program,” Tebbenkamp said, “a video series with humor.” Among the topics:
- A “Shark Tank” spoof where her team evaluates websites and software, how those websites and software use student data (as laid out in their terms of service and privacy policies), then decide whether to invest in them and under what conditions.
- A “Star Wars” spoof on how to avoid email phishing scams.
- An IT-centric version of “Where in the World is Carmen San Diego,” or in this instance, “Where in the World is My Data At?”
Tebbenkamp already is thinking about TLE recertification for Raytown. “You need to show growth,” she said. “When we became a TLE member, we acknowledged that we can always do better, and we strive to increase the strength of our data governance programs.”
Melissa Tebbenkamp will be speaking about these and other K-12 privacy issues during an EdScoop-moderated panel on Tuesday, March 6, at SXSW EDU in Austin, Texas; click here for details.
