How long will it take young people to recover after a catastrophic Edtech breach?

Bad Privacy Blog by Claudiu Popa
2 min readJul 14, 2023

How can public education institutions prevent the loss of children’s data?
Avoid collecting it in the first place and require #edtech vendors to purge it annually from their entire supply chain. It sounds sensible, but it’s easier said than done in our post-pandemic world.

Click to read the referenced article: Students’ psychological reports, abuse allegations leaked by ransomware hackers (

Since 2016, school boards have been under continuous pressure to adopt cloud applications to ‘centralize’ and ‘modernize’ learning. Unfortunately, the security problems inherent in cloud technology can create vast privacy violations of children’s data in a public education setting.

From the lack of consent offered to families to the absence of independent security certification of these platforms, data protection problems have been plaguing many edtech platforms for the better part of the past decade.

Fortunately, there are many steps that can be taken to alleviate the problem:

  1. industry standards exist to validate the often-outlandish claims of edtech companies
  2. vendors should be required to demonstrate evidence of independent security and privacy auditing
  3. teachers should be trained to recognize privacy issues and report security incidents

Most importantly, school board administrators no longer need to be cowboys (and cowgirls) when selecting potentially dangerous technology. They can now learn from numerous mistakes made by the industry and share those lessons learned with their peers, or even with parents. In effect, parents and children are in the ideal situation to ask questions about the collection and use of their own data, because it’s their current safety and future well-being that will be impacted in the event of another data breach suffered by a hapless school board at the hands of a negligent “edtech” snake oil salesman.

Claudiu Popa is a book collector, author and the co-founder of the Knowledgeflow Foundation, a nonprofit organization that empowers communities to weaponize digital literacy and critical thinking against disinformation. He is also the CEO of Datarisk Canada, one of the first information security companies focused on the protection of intangible assets.



Bad Privacy Blog by Claudiu Popa

Fīat jūstitia, ruat cælum. Personal musings on data protection fails, snafus & oddities, written & edited by Claudiu Popa; author, educator, booknerd.