Technology is central to just about everything school districts do these days, from helping accelerate students’ math learning to calculating payroll to communicating with parents.
But the potential benefits of high-tech platforms for student learning and district management come with a big risk: exposing sensitive student data.
Eighty percent of school IT professionals reported that their schools were previously hit by ransomware, according to a global survey of 3,000 IT/cybersecurity leaders conducted by cybersecurity company Sophos between January and March of last year. In fact, a higher percentage of K-12 schools reported cybersecurity threats than institutions from any other sector, including financial services and healthcare.
Most school districts don’t have the capacity to carefully examine every platform or tool to see what kind of student data is collected and how it is used. That’s particularly true in a largely rural state like Oklahoma, where in many small districts the leader in charge of technology may also oversee curriculum, teach classes, and coach a school sports team.
Enter Jun Kim, the director of technology for the Moore public schools near Oklahoma City. Kim not only created an educator-friendly system for vetting technology platforms for his own district, he also spearheaded the creation of a statewide database, so that tech leaders across the Sooner State could see which platforms and applications had met other districts’ privacy standards. Twenty-six other states have systems similar to Oklahoma’s.
Education Week spoke to Kim on Zoom about how to tackle student data privacy, both at the state and district levels.
This conversation has been edited for length and clarity.
What do you tell colleagues when they ask why it is important to secure student data?
Students and kids are the highest target for scammers because their information is so pristine [since they haven’t had any debts or other problems]. They can sell those kids’ data over and over and over. We’re not going to be 100 percent [protected]. There’s nobody that can say that. But how do we mitigate or minimize risk?
What questions do you ask to decide if a learning platform meets Moore’s safety bar?
Number one, does it meet our curricular needs? Is it redundant? If we really want to help the teachers to be successful and learn the programs, let’s just pick one or two really effective applications and use them.
Then we look at interoperability. Can we integrate it with the technology we already have?
And then the final component really is data privacy. The company has to send us a privacy agreement. They have to meet certain [requirements] on how they’re using the data. Are [they] willing to destroy the data when we are no longer using [their] services?
How do you get teachers to respect the value of data-privacy procedures when it might mean they don’t get access to a tool they like?
There are thousands of websites being developed every day. I can’t block everything. If I were still a classroom teacher, I’d be the first one to throw a fit. I’d say, “I want this. I need this. Give me access, you sorry sack.”
It’s a cultural shift. Teachers are starting to ask those questions. “Hey, is this safe? I have to put this information in. Is that OK?” Five years ago, that never would have happened.
I think 99 percent of that is just communication. We have open communication. I’ll say “Let’s take a look at [the platform you want to use.] I’m not saying no, but let’s make sure it’s safe. Here’s the information you cannot put in or share.” It’s phenomenal to see how our teachers are reacting to that.
In my position, it’s finding that balance, making sure my IT team is OK with the decisions as well as making sure the teachers get what they need. And sometimes, it’s a no to both sides.
Why was it important to come up with a state-level database showing which platforms other districts have approved?
Really, my focus has been with rural schools or smaller school districts. I imagine what I call the slash IT director. They’re the assistant superintendent of curriculum slash IT director, slash bus driver, or the PE coach. I’m trying to make life easy for them.
I’m blessed that I have a team. I’ve got a great IT team and I’ve got a great ed-tech team that I work with. And so we have some more resources available. I want to give back time to all the small schools as much as possible with this. I want to say “It’s already been taken care of. It’s been vetted for you.”