Privacy Issues and Remote Learning: What Educational Institutions Need to Consider

You have to give COVID-19 credit where credit is due: it has forced us all to be adaptable. Case in point: educational institutions. No matter what age their students are, educational institutions have had to pivot and learn how to teach students remotely. Amongst the many new ways education has evolved, day to day life for a teacher now involves planning online lessons through video and posting notes on online platforms. Gone are the days when your homework assignments appeared on a chalkboard limited to just the curious eyes of the students in the physical classroom.

Whenever we talk about activities taking place online, we have to consider the privacy implications. I’m sorry, I know you hate me for bringing it up. However, it is imperative. We may be in the middle of a pandemic but that is no reason to think that state and federal laws have been suspended. Are there privacy laws that specifically relate to remote learning? What do we need to be concerned about?

The California Consumer Privacy Act (CCPA) is the first to spring to mind if only because it is the most expansive state law dealing with the regulation and enforcement of use of personal information. You better be careful if you are collecting information from kids under a certain age without consent in California or are a business located in the state doing the collecting (whether from the child or the parent depending on the exact age) particularly if you think you are going to sell that information. Most schools might avoid the grips of the CCPA as it doesn’t apply to non-profits. However, there might be some private organizations that are large enough to fall within the gray area regarding the other requirements (i.e. revenue and data amount). 

You aren’t located in California, you say? I get it but whether or not a specific state law applies should hardly be the point! In a perfect world, all educational institutions would be focused on protecting their students’ personal information and making sure all of their activities are following best practices. What are some of these best practices? I AM SO GLAD YOU ASKED!

1.     Consider the vendors you are using to assist in remote learning and really take a look at those agreements. I know it seems laborious, but you need to actually read those Terms and Conditions that the vendor requires you to click acceptance to. There could be something shady there and trust me, you don’t want to be the last to know.

2.     You should think about the vendor’s privacy policies. The Zoom hacks make it clear that even the largest vendor can fall short in protecting your information/preventing a cybersecurity event. Privacy policies aren’t the most interesting read so if you are unsure, reach out to an attorney. They can alert you to any red flags.

3.     Think about what data these vendors are collecting and for what purpose. Do they really need information relating to children under a certain age and if so, shouldn’t a parent need to consent?

When all else fails, use common sense! If a vendor seems disinterested in providing you information or seems to have flimsy safeguards in place regarding security and data collection/processing, kick them to the curb. While we will of course return to normal eventually, remote learning likely isn’t going to completely disappear. Knowing what should make your spider sense tingle will enable your educational institution to make smart decisions regarding who to give business to and knowing is half the battle!