3 Immutable Conditions for Trustworthy #Edtech

Because Edtech Without Integrity is Fraud

After two decades in information security, I was a latecomer to the edtech party back in 2016 and what I found was a land rush for the last frontier of intangible assets: children’s personal data.

To be clear, 2016 was a watershed year in edtech cybersecurity breaches. With tens of millions of records compromised, the concerns were not limited to data breaches, but also unintentional leaks, evidence of oversharing, and shocking privacy violations.

The nascent industry had already failed to live up to service level agreements, disappointed school boards and deceived families by, among other things, exploiting children’s data for profit. The most sensitive data had received the lowest amount of security scrutiny.

What’s more, all of it was preventable. All the breaches, the violations and the misconfigurations can be prevented on three conditions that I call my three baseline considerations for security (3BC), privacy and integrity:

  1. #Security: Independent professional assessment of secure development and standards-compliant implementation.

I built the 3BC into a standardized cybersecurity audit offered at cost to school boards, and it has so far resulted in a shared awareness of priorities among vendors, families and school board administrators.

Make no mistake, the 3BC are by no means the complete set of controls required for good, resilient edtech to work, but they represent a good starting point for anyone to begin asking questions.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bad Privacy

Fīat jūstitia, ruat cælum. Personal musings on data protection fails, snafus & oddities, collected & edited by Claudiu Popa; author, educator, booknerd.