ISL Finds Spotty Student Tech Vetting


A new report from the nonprofit Internet Safety Labs (ISL) finds that K-12 school systems across the United States need to do a better job vetting technologies used by students to guard against leaks of student data and related data security problems.

The report, titled “ 2022 K-12 EdTech Benchmark Findings Report 2” and released on June 27, looks at technologies employed by a multitude of school systems across the country and finds that many lack proper vetting of the applications used by students.

“The purpose of this research is to provide a baseline safety measurement of technology commonly used by K12 schools, which can be repeated every 3-5 years to evaluate safety trends,” the report says.

Among the report’s key findings are that schools don’t systematically provide technology notice and consent mechanisms. And only 45 percent of schools sampled were providing technology notices that clearly state what technologies students will be using.

Other findings include:

  • Only 14 percent of schools provided students and parents the ability to consent to use technology, while 86 percent of school districts failed to have any type of function to provide consent;
  • Only 29 percent of schools appeared to be vetting all technology used by students;
  • Despite schools’ intentions to ban retargeting ads to students, Student Online Personal Information Protection Act (SOPIPA) statutes were found to be less than fully effective in practice;
  • Community Engagement Platform (CEP) apps were consistently found to be some of the least safe apps in the sample. CEP apps are largely comprised of the commonly found “School Utility Apps.”

Although the report suggests that schools using vetting processes do better on average with promoting good security practices, some applications being used run a higher risk of exposing student data.

“It’s possible that the presence of vetting is giving schools a false sense of security about technology, which motivates them to require/recommend more technology,” the report says.

Gaining more consistency in practices to protect student data may be a function of the current legal landscape for data privacy and security, the report suggests, asserting that the U.S. now has a “confusing patchwork of federal and state laws that protect student data.”

The ISL report is based on a study of 663 schools across 50 states and the District of Columbia, covering 455,000 students, and 1,700 technology apps.