Trust, Because You Can't Verify: Privacy and Security Hurdles in Education Technology Acquisition Practices

Educational technology systems generate enormous amounts of data, which allow schools and colleges to provide more personalized services to every student. Creating a culture of efficient data use for students is critically important, but equally important is securing the data collected from these systems. Data privacy and security cannot be a "behind the scenes" approach for education agencies; risk assessment and mitigating practices should be common knowledge and inherent in the culture of effective data use. Although data privacy and security go hand in hand, they are two different concepts. Data security involves the technical and physical requirements that protect against unauthorized entry into a data system and helps maintain the integrity of data. Data privacy is about data confidentiality and the rights of the individual whom the data involve, how the data are used and with whom data can legally be shared. Without clear policy, the concerns of the stakeholders cannot be fairly balanced in the best interests of students, their achievement, and effective and efficient educational decision-making.