Technology is increasingly used throughout schools to teach complex concepts and supplement curriculum. As educators incorporate technology into lessons, tech privacy and data protection naturally become priorities.
A survey of K–12 edtech leaders for the CoSN 2024 State of EdTech District Leadership found cybersecurity ranked as their number one priority, followed by the closely related issue of data privacy and security at number two (up from number five in 2022). When asked about professional learning, 75% said they were extremely or very interested (39% extremely) in Data Governance/Data Privacy.
That’s why ExploreLearning takes information security seriously and works proactively to ensure our resources are built with high-standard data security measures. This is crucial to providing safe learning environments.
What is data privacy in education?
Data privacy in education refers to properly handling sensitive information, such as personal data. Protecting school and student data requires due diligence from edtech companies. Stakeholders, including educators, students, and families, demand and deserve to feel safe about data privacy.
Examples of student data privacy
What is student data privacy? It includes protecting a wide range of identifiable pieces of information. Obviously, this includes student names, birth dates, addresses, phone numbers, email addresses, and Social Security numbers. But student data privacy goes further. Educational data involves grades, attendance, test scores, and even records about discipline. There are health-related data points, such as medical conditions. Student privacy in schools also encompasses observations about student behaviors and interests noted by educators.
Student privacy concerns with edtech
While data breaches are a security concern, there are other issues to consider when choosing edtech tools. It’s also critical to understand a provider’s third-party sharing and data-collection methods and the steps that edtech companies using data take to protect student data.
What is ExploreLearning doing to enhance data privacy and security?
ExploreLearning is a leading provider of supplemental edtech for STEM. We focus on critical learning needs that impact student success in math with Reflex for fact fluency and Frax for fractions. From kindergarten through 12th-grade, our science solutions bring interactive, authentic learning situations centered on critical thinking with Science4Us and Gizmos. From early science exploration to foundational math skills to virtual science labs, we develop solutions for the most critical STEM learning needs.
Kent Kanipe, the Vice President of Software Engineering of ExploreLearning, gives his insights into data security challenges and what ExploreLearning is doing to operate as a trusted partner committed to a culture of security across our business.
What are some of the biggest information security challenges educational technology providers face today?
Edtech providers like ExploreLearning face many of the same challenges as schools, especially with the fast pace of change brought on by cloud services, big data, and AI. These technologies have transformed how data is used, increasing school leaders' concerns about data security and privacy.
New technology is not necessarily any less secure than older technology. However, anything different can impact existing systems and processes related to information security. That means that for ExploreLearning, it’s critical to ensure we have the necessary controls in place to safeguard our data and that of our customers as we continue to grow and adapt our products.
We also see schools implementing more controls to affirm and validate providers’ data security capabilities. The number of districts with unique data privacy agreements and new or expanded technology evaluations has dramatically increased in the last several years. This can make the review and purchasing process more involved for districts and us as we navigate evolving requirements.
How important is information security in your overall technology plan?
Information security is a key component of our overall technology plans and roadmaps. Over the past several years, we’ve made investments in hardware, software, and staffing to ensure schools can count on us as a trusted edtech resource for their communities.
What are some ways your organization has improved its security to keep up with new threats?
The good news for schools and districts is that while information security is a rising priority, its practice in IT isn’t new. Principles like data encryption, secure coding practices, and data minimization are software engineering fundamentals that are already built into the ExploreLearning product development process.
Recent actions that help amplify our ability to keep pace with the evolving cybersecurity landscape include:
- Increasing IT staff specialized in information security to increase our development expertise
- Strengthening monitoring and prevention systems to better detect and stop attacks from happening
- Enhancing application authentication security to prevent unauthorized access to data and systems
- Partnering to share data management practices across all departments so they aren't limited to just engineering teams
We also undergo various audits to validate and demonstrate that our actions positively impact our data security capabilities. ExploreLearning earned ISO 27001:2013 certification earlier this year. This certifies that ExploreLearning applications conform to this internationally recognized information security standard in managing and safeguarding sensitive data.
ExploreLearning applications are also certified COPPA and FERPA compliant by iKeepSafe, a recognized third-party privacy assessment service for edtech.
How important is employee training in keeping your systems secure?
Increasing employee awareness and knowledge is a crucial information security measure. Even the best systems can fail if people aren’t careful! We need all our employees – not just software developers and engineers – to understand risks, best practices, and standard protocols.
A big change we made this year to help is requiring monthly information security training for all employees. As mentioned earlier, we also partner with other departments, like Marketing, Sales, and Customer Success, to build our understanding collectively.
5 key data security factors for educators to evaluate before purchasing
There are critical components to scrutinize for educators considering product trials or in the market to purchase new edtech resources. Awareness-building in data security goes beyond just a surface-level overview of systems and processes. Here are some key points to keep in mind:
- Focus on programs that use strong authentication practices and site security, such as HTTPS, two-factor authentication, and strong passwords.
- Ensure that the data privacy policies are clearly outlined, including information about the kind of data being collected, how it's handled, and what happens after you no longer use or subscribe to the service. Find out if those policies also cover the free, freemium or trial versions.
- Choose edtech products that collect only the necessary and minimum amount of data to support the programs. Consider who can access sensitive data and how it’s used effectively and ethically.
- Look for third-party certifications, such as ISO, which shows certain types of compliance with practices and protocols. There are many third-party edtech evaluators.
- Ask questions. Most districts and schools have tech and legal departments to help educators assess whether a program meets policy guidelines. Additionally, most companies are happy to facilitate those conversations.
The growing concerns with data privacy and protection
It’s important to keep sensitive information safe. School districts using digital tools to enhance student learning experiences do so with data privacy and protection in mind. Because cyber-attacks and privacy breaches are real threats, protecting student data and promoting safety for students online is paramount. Just as educators strive to understand the laws and regulations about data privacy, edtech companies like ExploreLearning also work to design programs that educators can rely on to safeguard data.
Educators can depend on ExploreLearning STEM solutions for data security protection. Privacy policies are serious issues for our programs that make math and science learning serious fun!
Kent Kanipe
Kent Kanipe is the Vice President of Software Engineering at ExploreLearning, with over twenty years of software experience in the edtech space. Since joining ExploreLearning, Kent has played an important role in establishing quality control measures, enhanced monitoring, and acquiring ISO 27001 certification.
He earned is Computer Engineering degree from the University of Michigan.