Reducing online security and privacy risk in your school


Student privacy and school security are growing concerns that have real consequences, from attracting negative media attention to losing parent and student trust.

Defining and assessing levels of risk in the school is a crucial part of online security and privacy. Although there is no such thing as zero risk, school and district leaders can take a number of clear, immediate measures to significantly reduce risk. In a recent webinar, “Online Security, Privacy and Risk: How to Avoid Becoming a Headline,” Bill Fitzgerald, director of the Privacy Evaluation Initiative for Common Sense Media, provided simple ways for schools to assess online privacy and security.

Along with potentially being the subject of negative headlines, consequences for inadequate security and protection in schools can include the degradation of family and student trust, which affects learning as well as the quality of the work environment.

One way to lay groundwork for reducing risk is by following a checklist of a few guiding principles. Fitzgerald said. For example: What do you want to protect? Who do you want to protect it from? How much energy is required to protect it? Once you have the answers to questions like these, you’ll have a strong sense of your risk profile.

When you’re implementing solutions to manage and avoid risk, take a hard look at whose needs are being met, he said. The school, district and curriculum needs may be coming before teacher, parent and student needs — and that’s a problem.

Those who are impacted the most are often not brought into the decision-making process at all. Figure out how you can involve students in evaluating and providing feedback on the tools they’re using to learn. “Ensuring that students have a realistic expectation of what’s protected and what’s private and what’s public is a key part of creating an environment that respects student agency and supports student inquiry,” Fitzgerald said.

To get a quick sense of the online security and privacy of a website, he recommended checking for “https” in the URL. If you can only load the website under “http,” the website may not be enforcing encryption. Also, if a website has social media “share” buttons, using them often sends information about your behavior back to these services.

To quickly scan through a privacy policy, Fitzgerald recommended doing a search for terms like “changes,” “changes to,” “notice,” “notification” and “personal information.” However, there is no substitute for reading the full policy, he said.

Although it’s easy for school administrators and technology specialists to feel overwhelmed when dealing with privacy and security issues, you can start tomorrow with simple solutions like finding out what your school’s breach notification plan is. And if your school doesn’t have one, start you can take the first step by starting that conversation.

Fitzgerald also recommended reviewing the school’s data and file backup plan, as well as your own personal plan. Read your school’s social media guidelines and review your privacy settings.

Last, understand why it’s important to care about these issues by having “the talk” with others about data privacy and security, he said.

About the presenter

Bill Fitzgerald is a privacy advocate and technologist at Common Sense Media. Prior to joining Common Sense, he started and ran FunnyMonkey, an open-source development shop focused on education, open educational resources and peer-based learning. Prior to that, Fitzgerald worked as a classroom teacher for 16 years.

Join the community

Digital Learning & Leadership is a free professional learning community where you can share, learn and discuss ideas and best practices to enhance teaching with technology.

This edWebinar was hosted by and Common Sense Education and sponsored by Symantec.