OKLAHOMA CITY – The pandemic put devices in the hands of more schoolchildren than ever before, as schools pivoted from remote learning. Students, teachers and administrators learned how to adapt – and so did those who would exploit students’ data for personal gain.
Friday’s JR/Now webinar focused on how that data is being managed by schools and the companies they contract with to make remote learning possible. Journal Record Interim Editor Joe Dowd was joined by Jun Kim, director of technology for Moore Public Schools; AnnaMaria Gallozzi, senior solutions engineer for Hayes Software Systems; and Dalton Brown, business development manager for CDR Global.
Kim works with the school district to implement the systems used for remote learning. Gallozzi’s company provides the software that facilitates remote learning. And, at the end of the school year, Brown’s company deals with the hardware that was used.
“We were already working toward how to acceptably integrate technology into the day to day, so we were a little bit ahead of the curve,” Kim said. “What we did not expect was pushing this out K-12, to all students.” Parents and teachers were very patient with a lot of big changes that happened very quickly, Kim said.
A lot more devices were distributed to students, even very young students.
“March of last year it became Halloween, kind of – it was like candy they were passing out, and no one cared how many pieces, you just wanted to make sure you got everything in the hands of those students so there was no interruption in learning,” Gallozzi said. Later came the challenge of tracking down the inventory and monitoring how it was being used.
Hayes Software Systems provides software for schools all across the country. Part of the software’s function is to track the device and its usage. The company’s basic contract includes security protocols to make clear to everyone involved what information is being tracked and how students’ privacy is being protected.
Some school districts in New York got together to determine what issues and protections are most important to their administrators and parents, and to ensure that their contract with the software companies reflected those values – a practice that is recommended for school districts across the country, Gallozzi said.
“One of the things that we have to be very cautious about is all the data mining that is happening,” Kim said. “There are certain companies out there, third-party software companies that are tracking where your computer’s getting logged into and how much time you’re spending with clicks what kind of searches you’re doing. There are companies that make millions of dollars on this and selling that information.”
In this case, the user being tracked is a student, perhaps as young as 5 or 6 years of age, whose information may become available on the internet for many years to come, Kim said.
Administrators and parents need to ask questions about how students’ data is being handled – including historical information that is not being accessed on a day-to-day basis, and thus may not be protected by the same security measures as active data. Contracts should stipulate that those companies are not selling any information to third parties.
Many software companies may work with a third party to collect analytics to help the software developer improve their product, which is understandable, Kim said, but that also raises the question of how that third party is handling the data they collect. Some software companies ensure the data they work with is handled securely, but cannot or will not make the same assurances for third party companies they work with, Kim said.
“These software companies need to take ownership of it and hold them accountable,” Kim said.
“Work with vendors who care, care about your students, care about who they’re serving, make sure they have a service mentality to them,” Gallozzi said. “A lot of vendors might lose that as they get bigger or as they’re first starting out. For us, it’s our core value.”
Then there is the question of what happens to the devices used by students at the end of the semester. Ideally, that equipment can be reused – keeping costs down for the school districts that could reuse the devices or recoup costs for equipment that is able to be resold. That’s where CDR Global comes in.
“A lot of schools have policies in place that says we need to cleanse the equipment or try to do something with the data before it leaves,” Brown said. “We still have equipment that comes in that still has data on it.”
The hard drives must be either wiped clean of the previous student’s information or destroyed, Brown said. Equipment must not be sent to the recycle bin or even the trash with sensitive information still on it.
Brown encouraged administrators and parents to ask questions of the companies that handle their used equipment to ensure that students’ data is safeguarded even after the device has reached the end of its life.