what you don’t know can hurt you you don’t... · 2015-06-29 · personalized learning architect...
TRANSCRIPT
PERSONALIZED
LEARNING ARCHITECT
LITERACY
DEVELOPER
SOCIAL AND EMOTIONAL
LEARNING FACILITATOR
DEEPER LEARNING
CULTIVATOR
DATA
DRIVEN
LIFELONG
LEARNER HISD
WHAT YOU DON’T KNOW CAN HURT YOU
Beatriz Arnillas, Houston ISD
Omar Khan, Common Sense Media
PERSONALIZED
LEARNING ARCHITECT
LITERACY
DEVELOPER
SOCIAL AND EMOTIONAL
LEARNING FACILITATOR
DEEPER LEARNING
CULTIVATOR
DATA
DRIVEN
LIFELONG
LEARNER HISD
School Practice Challenges Balance “innovation” and security
Managing opt-outs, parental consent/notification
Ease of signup/self disclosure
Maintaining a central list of vetted educational online services
Vendors and Online Service Challenges High rate of change
“Free” like a puppy
Contracts vs. click-wrap
Hard to understand, validate and negotiate
Regulation Challenges Gaps in interpretation (e.g. Education Record, Student Data)
Gaps in coverage (FERPA, COPPA, PPRA, HIPAA, School vs.
Vendor)
HISD GLOBAL GRADUATE
CLOUD COMPUTING
3
Benefit Risk
Leverage Learning analytics/adaptive
capabilities
• student data could be collected and
used for inappropriate purposes (e.g.
targeted marketing)
Users access services over the Internet • Potential data breach, or accidental data
disclosure by users
Rapid provisioning and deployment of
new services
Free services
• Ease of signing up lends itself to
unregulated/unapproved use
• Gray area for vendors as “school
officials”
Cloud services are updated regularly • Control over changes
• Changes to privacy policies and terms of
service with consent/review
• Privacy related “bugs” introduced
through new features
Economies of scale/shared infrastructure • Risks of shared infrastructure/database
(Developed by Jim Siegl, Fairfax Co. Public Schools)
HISD GLOBAL GRADUATE
CLOUD MODELS
4
(Developed by Jim Siegl, Fairfax Co. Public Schools)
• Private: District hosted SIS, LMS
• Contracted: Microsoft Office 365, Google Apps,
Textbooks, iReady, or dedicated hosting
• Operating Systems, App Stores: Apple, Google,
Microsoft
• Free (and clear): No non-educational data collection
• Freemium +: Free for user/class use with fee for
school/district use, or security (e.g. Edmodo,
TypingClub)
• Free with a catch: Ads or data collection (data
brokers)
• Identity Ecosystems: Sign-in with Facebook, Twitter,
Google, Microsoft, Yahoo
• Extended Social Networks: “Like” buttons, social
commenting
School
End-User
HISD GLOBAL GRADUATE
HISD PRACTICES
5
• Educate
Social Media Statement: https://goo.gl/EL4gKj
– http://www.houstonisd.org/cybersafety
– Raise awareness using rubric
www.houstonisd.org/edtech
• Manage (control)
– Google Domain | O365 Domain
– Reduce options (supported apps)
– PD
– Partnerships
– Contracts and DSA
• Are We Overregulating Student Data Privacy? (Ed Surge)
https://goo.gl/YJfpfe
HISD GLOBAL GRADUATE
HISD RUBRIC
6
• Security: Encryption in Transit
• Privacy Policy and Terms of Use
Account creation, data collected, data
minimization, supportability, product
ownership, account deletion practices
• Student Safety: Boundaries, Public
Sharing, Contact & Privacy Controls
• Advertising: General and Behavioral
HISD GLOBAL GRADUATE
DEVELOPING EFFORTS
7
HISD GLOBAL GRADUATE
ROLL-OVER RATINGS AND RECOMMENDATION POP-UPS
HISD GLOBAL GRADUATE
HOUSTON ISD CYBER SAFETY PAGE
HISD GLOBAL GRADUATE
SUPPORTING APPS TO CONTROL APPS USAGE
11
Student Privacy Ratings: The Need
• Privacy a growing challenge to Edtech adoption - 138 178 student privacy bills pending in 39 45 states - About a dozen active state bills based on CSM’s SOPIPA covering large proportion of school kids - Risk of misguided legislation that doesn’t address the real issues and stifles innovation • Pressure from parents, schools, districts who want
to protect kids’ privacy - We already serve both parents and teachers • Vendor changes and responses - to press coverage, e.g. ClassDojo - with Privacy Pledges and certification solutions • No existing privacy rubric on edtech products for
use by districts, schools, vendors, parents - neither for education nor consumer
12
12
District-Driven Common Sense Privacy Ratings Initiative Goal: Provide a clear privacy rating to inform districts, schools, teachers and parents about an app’s privacy and data security policies on Graphite
• In collaboration with major school districts and key thought leaders and privacy experts, we are developing a comprehensive privacy checklist and process
- Detailed info to districts to make decisions based on their own policies - Districts to share key info to support each other - Houston ISD and Fairfax, VA key players
• Working with vendors to secure support and compliance • Creative Commons licensed to spur adoption
• Beta Testing March-August
- Presentations to SIIA, Council of Chief School Superintendents, Council of Great City Schools, Texas COSN, ISTE, privacy/security experts and others to gather input and build base of support
- Many vendors to go through
Representing ~3M students
13
Common Sense Comprehensive Privacy Evaluation
Five Key Checklist Elements: A. PRIVACY B. SECURITY C. SAFETY & SOCIAL MEDIA D. ADVERTISING & CONSUMERISM E. LEGAL COMPLIANCE (COPPA, FERPA)
An open source rubric protected under Creative Commons license
Access: Send an email to [email protected] or [email protected] with your username on Graphite and we will enable for you
14
STEP 1
Vendor/District Common Sense Kicks off process with entry of key info
Common Sense Community Completes Transparency Evaluation, addresses issues to vendor for response in time frame.
Common Sense Comprehensive Privacy Evaluation: Step 1 STEP 1a
STEP 1c
Archive Policy in
Database
Map Policy Terms to
Evaluation Sections
Transparent
Not Transparent
Check links against
most recent database version
Map Policy Terms to Changed Sections
STEP 1b (ongoing)
Common Sense Community Updated Privacy Policy forces a revision putting the current rating on hold.
STEP 2
Steps can be done simultaneously ( e.g. Step 1 and Step 5) although it is preferable to start with Step 1
Teachers/Students/Schools
Term may change
15
STEP 2
Vendor Common Sense Community Fills out evaluation on Graphite for their product, a well- explained checklist. Can be done together with Step 1 or afterwards.
Common Sense Community Manually reviews info before it goes live. Checks if any District review/Issues w/ App. Contact vendor as needed. Common Sense approves publication of rating.
Third Party Co. (as needed) For enterprise apps, 3rd party review paid directly to firm.
.
Privacy Review & Rating Published on Graphite
Live Rating via Graphite API
Common Sense Comprehensive Privacy Evaluation: Steps 2-6
C H E C K L I S T
STEP 3 STEP 4 as needed STEP 5 as needed
STEP 6
F U L L R E V I E W
C H E C K L I S T
No Issues Found
Think Twice
Not Safe
District CIO Staff
Reviewing District (as needed) Takes the App from prioritized pool and performs full review or as requested by community. Uses District Handbook.
F U L L R E V I E W
- If App passes the District Review it would receive a badge of some sort - Other certifications can also be included
?
If we or districts are satisfied, rating is given based on evaluation after Step 3, 4 or 5
16
Common Sense Privacy Ratings Launch Timeline
Pressure test rubric checklist and with vendors and districts entering data on Graphite. NOT public (behind
private vendor/selected district logins)
Developer/District Pilot Program
Announce with key partners at ISTE
Build district review model and rate up to 1,000 Apps
Public Launch Q2 2016
Q2/3
‘15
Q3
‘15
Q4
‘15
Q1
‘16
Questions? Want to Join? [email protected] or [email protected] or [email protected]
FUTURE OF PRIVACY FORUM
• Brenda Leong, Senior Counsel and Director of Operations
• Email [email protected] or [email protected]
• www.futureofprivacy.org
• www.ferpasherpa.org or www.studentprivacypledge.org
• Follow on:
• https://www.facebook.com/FutureofPrivacy
• @futureofprivacy
• @ferpasherpa
• @julespolonetsky
HISD GLOBAL GRADUATE
NEXT STEPS
HISD GLOBAL GRADUATE 19
HISD GLOBAL GRADUATE 20
HISD GLOBAL GRADUATE 21
HISD GLOBAL GRADUATE 22