3 Immutable Conditions for Trustworthy #Edtech

Because Edtech Without Integrity is Fraud

After two decades in information security, I was a latecomer to the edtech party back in 2016 and what I found was a land rush for the last frontier of intangible assets: children’s personal data.

To be clear, 2016 was a watershed year in edtech cybersecurity breaches. With tens of millions of records compromised, the concerns were not limited to data breaches, but also unintentional leaks, evidence of oversharing, and shocking privacy violations.

The nascent industry had already failed to live up to service level agreements, disappointed school boards and deceived families by, among other things, exploiting children’s data for profit. The most sensitive data had received the lowest amount of security scrutiny.

What’s more, all of it was preventable. All the breaches, the violations and the misconfigurations can be prevented on three conditions that I call my three baseline considerations for security (3BC), privacy and integrity:

  1. #Security: Independent professional assessment of secure development and standards-compliant implementation.
  2. #Disposal: Demonstrated evidence of deletion of student data and metadata from all repos and dependencies (especially other parties and backup sets), or proof that no data can be reidentified.
  3. #Consent: Proof of informed consent from parents, illustrating that they are aware of all tools and technologies in use, understand all the parties involved and have been informed of all the risks related to surveillance and long term privacy violations.

I built the 3BC into a standardized cybersecurity audit offered at cost to school boards, and it has so far resulted in a shared awareness of priorities among vendors, families and school board administrators.

Make no mistake, the 3BC are by no means the complete set of controls required for good, resilient edtech to work, but they represent a good starting point for anyone to begin asking questions.

--

--

--

Fīat jūstitia, ruat cælum. Personal musings on data protection fails, snafus & oddities, collected & edited by Claudiu Popa; author, educator, booknerd.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Fantasy Mosaics Hack Free Resources Generator

What to See when Digital Identity Misinformation is Gone?

{UPDATE} Drift Ride Hack Free Resources Generator

{UPDATE} Dress Up Beauty Free Games Hack Free Resources Generator

THE SECURITY SYSTEMS OF FTXF

Comprehensive OSINT framework —  ReconSpider

Cyberfraud at Scale

Domains With Hosting: Not At All The Same Anymore

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bad Privacy

Bad Privacy

Fīat jūstitia, ruat cælum. Personal musings on data protection fails, snafus & oddities, collected & edited by Claudiu Popa; author, educator, booknerd.

More from Medium

Transformation to digital

RIawards 2022: expert intranet awards winners

How to Do Your Own Research (DYOR) in Cryptocurrencies?

Top 20 Employee Learning Platforms