In the wake of the Cambridge Analytica leak, legislators and the general public have had a number of questions and complaints. So, too, have educators and educational technology proponents. But when Facebook CEO Mark Zuckerberg appeared before congressional committees last week, the 10 hours of questions yielded little in the way of progress, or even of laying out an action plan that appeased anyone with grievances.
What the transcript does reveal, however, is a lack of understanding of how our information is used and stored online. Policymakers asked Zuckerberg questions about the nature of targeted advertising, Facebook’s oblique terms and conditions for data collection and use, and the company’s slow response to the recent leak. Many of their questions demonstrated a lack of basic technological understanding.
Zuckerberg appeared to take the questions seriously, but it was difficult for the CEO to keep a look of bemusement off his face; before he could answer, he had to reframe many of the lawmakers’ questions so they made sense in the context of the issues at hand.
When it came to ideating potential solutions, legislators were unsure of where to even begin. Sen. Lindsey Graham, a Republican from South Carolina, simply deferred to Facebook for advice on regulations going forward, presenting an obvious conflict of interest:
Graham: So, would you work with us in terms of what regulations you think are necessary in your industry?
Graham: OK. Would you submit to us some proposed regulations?
Zuckerberg: Yes. And I’ll have my team follow up with you, so that way, we can have this discussion across the different categories where I think that this discussion needs to happen.
In short, this hearing highlighted the truth that there is a serious technological literacy gap — not only with lawmakers, but among different generations. Unfortunately, 70 percent of data breach victims are unaware that their information has been compromised until it is too late. Given the risks involved with data use, such as identity theft and a loss of privacy, we as a society have an obligation to arm individuals with the agency to control how their information is used. This begins with education.
The first step toward helping society embrace a healthier relationship with technology is to create a greater understanding of the benefits and risks of data collection. What role can IT directors and teachers play in this transformation? Below are some best practices for educating K-12 students and parents about these sensitive issues.
When considering how to approach the topic of data collection on the internet with parents, think about how school districts handle educational data today. Regulations demand that disclosures must be authorized by parents, and school districts must be transparent about how it is used. When parents are given information about how educational data is collected and used, they become more trusting of the school. This buy-in can have a dramatic influence on their child’s ability to reach personal and academic objectives.
Of course, this same principle has applications for data collection on a broader level — and it needs to be a point of focus going forward. Data collection plays a major role in our day-to-day lives, and with technological innovations such as health trackers, it will only grow in scope and importance. With such trackers, for example, users benefit by gaining access to more information about their physical well-being than ever before. On the downside, it also generates more data — often sensitive personal data — that can be put at risk.
Guidance should be provided to both parents and students and reinforced on a consistent basis. This can be included in the school’s student/parent handbook, for example, or mentioned routinely during parent-teacher conferences. In both cases, school leaders and teachers should make a dedicated point to discuss students’ behavior online; to ignore that conversation is to ignore the reality of where students spend their time and the risks they face.
If school districts can help parents understand the nature of data collection and the associated risks, they can help protect their child’s information, as well as reinforce best practices.
What do these best practices look like? Here are a few relevant guidelines for K-12 students about being a good digital citizen that educators should focus on:
- Social media etiquette: A common problem for students is oversharing on social media. Providing too much information about themselves online could inadvertently provide cybercriminals with information regarding passwords, security challenge questions, or other details about them in order to commit identity theft or credit card fraud. It could also risk their reputations and be a factor in college applications and job searches.
- Carefully read privacy policies: As evidenced in the Zuckerberg hearing, users frequently fail to read privacy policies. Strongly encourage both parents and students to read such agreements so that they know precisely how their information may be used by vendors and other websites or applications.
- Be aware of impersonators: Make parents and students aware they should not give personally identifiable information (PII) to people over the internet unless they’ve initiated contact and know who is accessing their data. If an emailed request for info seems legitimate, contact the organization in question to see if they truly need that information. Some organizations, such as the IRS, will never use the internet to request information from individuals.
- Rely on data encryption: Encryption software is essential for safe data storage online. Teach the basics of such software, as well as the importance of only submitting information on online forms when that data will be encrypted.
Having open and honest discussions is especially important when it comes to implementing new technologies, such as VR or AR. Establishing smart security policies early can offset the cybersecurity risks inherent in new devices or software. When introducing new technology in the classroom, be proactive in reaching out to parents to allay any concerns and answer questions regarding their child’s information.
In plain language, explain how students can avoid putting their information at risk, both in and out of the classroom. Just as teachers should encourage parent participation in student learning, teachers should play an active role in instilling good cybersecurity habits in their students. If your school or class keeps an open line of communication with guardians through regular newsletters, give regular, practical advice for combating current cyberthreats. Educators and administrators should make cybersecurity a part of the ongoing conversation.
As Sen. Chuck Grassley, a Republican from Iowa, said during the Congressional hearings last week, the Cambridge Analytica scandal “[has] ignited a larger discussion on consumers’ expectations and the future of data privacy in our society. It has exposed that consumers may not fully understand or appreciate the extent to which their data is collected, protected, transferred, used and misused.”
While legislators have a responsibility to take action, educators can play a part in resolving this problem by raising awareness among students and parents about these concerns and teaching them basic security and privacy practices.
Bob Hand writes regularly from Boise, Idaho, on the way that
teachers use technology in the classroom. His studies at the University of
South Carolina and his experiences at high schools across the state allowed him
greater insight into current edtech issues.