Technology Not Going to Solve Data Privacy

Technology Not Going to Solve Data Privacy

Washington, D.C. and the MLB All Star game were the backdrop for the inaugural CoSN Student Data Privacy Workshop. 35 CTOs, CIOs and Superintendents from as far away as Texas gathered to collaborate on this important topic. The framework of this event was the CoSN Trusted Learning Environment (TLE) Seal Program. This seal program is the “nation’s only data privacy seal for school systems” that recognizes school districts’ commitment to high standards around student data privacy. The workshop presided over by Linnette Attai, CoSN Project Director, President of PlayWell, LLC and author of Student Data Privacy: Building a School Compliance Program focused on four of the five TLE core practice areas: Leadership, Data Security, Business Practices, and Professional Development and Classroom.


The workshop began with a very informative keynote address by Michael Hawes, the Director of the Student Privacy Policy and Assistance Division (SSPAD) for the U.S. Dept of Education. He stated that the SSPAD’s core mission is to promote best practices, raise awareness and to seek adoption of student data privacy policies “above and beyond” FERPA. He went on to highlight the challenges that school districts face when dealing with third-party service providers and student personally identifiable information (PII). He emphasized that edtech is here to stay and that until data privacy policies and procedures are in place, districts, students, teachers and parents are vulnerable to phishing and identity theft. He ended his keynote with words of encouragement for the group by saying that it doesn’t have to all happen at once… set reasonable goals, involve leadership and utilize the many resources that are available such as SSPAD resource site and the CoSN Protecting Privacy in Connected Learning Toolkit.


Champions was the term most used during this session. During both the leadership failfest and the discussion panel by four TLE seal leaders, it was emphasized that it is critical to have leadership champions. By getting district and building leadership involved, decisions around student data policies will be value driven not fear driven.

Data Security

The tabletop exercises around data security was educational for many at this workshop. Linnette energized us into action when attendees were walked thru a comprehensive incident response plan model that included response team identification, detection and analysis of the situation, containment, remediation, communication, and post-mortem.

Business Practices

This third core element ignited much discussion around the building and implementation of third-party vetting processes. The consensus of the group was that it is important to look at what other schools are doing, get into dialog with third-party vendors around a district data privacy agreement and recognize the risk management around vetting possible third-party applications and program adoptions in your district.

Professional Development

This share session focused on creative ways to approach professional development within our districts. It was a lively discussion that ranged from posters around the school to phishing tests to weekly tips for faculty in creative locations. We all agreed that student data privacy is a mindset and cultural change that will take time. If we can make connections for parents and teachers about how this could impact their personal life then we can make those critical changes that will protect our students. Educating teachers then helps to inform their classroom practices, and how they can then educate students and parents around these important issues.

Action Planning

This CoSN workshop modeled the practice of engaging in the process by having all participant complete a CoSN TLE Practice Self-Evaluation. This self evaluation had the group taking a hard look at strengths and areas of concern around data privacy policies in our own districts. The workshop ended with a reflection activity that resulted in a data privacy action that participants could build upon in our own districts.

Data privacy is not an IT problem, it is a people problem. As Keith Krueger, CoSN CEO stated in his welcome letter, we need “to reframe the conversation around privacy of student data and the key is to move from privacy to trust with our parents, community and policymakers.”

Eileen Belastock, CETL, is the Director of Academic Technology at Mount Greylock RSD Williamstown, MA.