PDXEdTech Meetup: Designing with Student Privacy in Mind

December 23, 2019

Security and privacy

On Thursday, December 5th, the PDXedTech meetup (a function of the Northwest Education Cluster, and organized by Clarity Innovations) hosted VP of Engineering at Alma Technologies, Dan Siger. His presentation, Designing with Student Privacy in Mind,  was the last in this year’s Design for Education series, with this particular evening looking at education through the lens of privacy. 

Siger gave a spectacular presentation: digging deep into privacy issues in a way that was thoroughly engaging while managing to be both comprehensive and comprehensible! Siger has spent over 20 years as a developer in online education software, and it showed!

Alma Technologies develops industry-leading Student Information Systems. According to Siger, the company is devoted to creating sleek and powerful UX/UI so that educators can make sense of student data in a way that’s fast, intuitive and elegant. In this way, they can start making more data-driven decisions and spend more time implementing progressive instructional policies.

Siger began his presentation by setting a dire tone of the data privacy issues facing schools today. Over 500 schools have been affected by ransomware this year. Two Long Island, New York school districts, for example, were hacked and forced to pay $88,000 in ransom this summer.  

Hackers typically infiltrate a school server by sending a phishing email to an administrator or administrative assistant. This person will often inadvertently click on the email and— when they leave school—the illicit program activates and downloads on to the school server and will often change passwords and lock the school out of their own data. 

According to the CoSN 2017 IT Leadership Survey, 62% of education IT leaders said concerns around privacy and security are more important than they were last year—with 30% saying it was “much more important”—with cyber security ranked as their third highest priority and privacy fourth, up from 2014 where privacy was ranked second to last.

Legislators and lawmakers are trying to address the issue of data breaches in educational data. According to the Data Quality Campaign, 36 states introduced 95 bills and passed 31 new laws in 2017 that addressed the collection, linking, and governance of education data. Additionally, legislators in 42 states introduced 183 bills and passed 53 new laws that explicitly addressed how their state collects, manages, uses, reports, and protects data about students and schools.

According to Siger, all of these laws are in some way a derivative of the General Data Protection Regulation (GDPR)—the most comprehensive data protection and privacy regulations. Originating from the UK, GDPR makes it the responsibility of a company or organization to protect any data that it collects. This means that a citizen in the European Union can sue a company that has their data in the event of a breach.

Siger then went on to explain how to design for security in mind, utilizing specific threat personas. First, there is the hacker that attacks from outside of the US, looking for easy targets. Then there are threats posed by people such as programming students who poke around looking for ways to change their grades, for example, or individuals who prey on assistants and secretaries who keep passwords on sticky notes. Potential threats also include employees who accidentally leave sensitive reports and documents on printers or out in the open, and interns who utilize file-sharing apps such as Dropbox and Google Drive that put sensitive data at risk.

Over three dozen people attended Siger’s presentation, held at ISTE headquarters in downtown Portland. At the top of the evening we shared the results of a survey of potential topics to be covered in 2020. These topics include:

  • Educator Panel: What Tech Works in the Classroom
  • Challenges and Opportunities for Open Educational Resources (OER)
  • Professional Development Done Right
  • Next-generation Performance-based Assessment
  • Mobile Learning Best Practices
  • Augmented and Virtual Reality in the Classroom

If you consider yourself an expert in any of these areas, please let us know. The PDX EdTech Meetup is a gathering of Portland-based designers, developers, content creators, and business leaders working in the Educational Technology space. We look forward to seeing you at our next meet up!