Educational technology (“EdTech”) such as unified communications programs, educational software, and networked devices has become an integral part of education due to its ability to help educators, students, and institutions manage information, provide educational materials, and improve administrative functions. But the FBI is now warning of the data privacy risks associated with EdTech.

The FBI notes the wide range of personal data that EdTech collects from users:

  • personally identifiable information;
  • biometric data;
  • academic progress;
  • behavioral, disciplinary, and medical information;
  • web browsing history;
  • students’ geolocation;
  • IP addresses used by students; and
  • classroom activities.

The FBI has seen an increase in cyber actors exploiting school information technologies by hacking into school district servers, including a specific hack in late 2017 where such actors were able to access student contact information, education plans, assignments, medical records, and counselor reports. Those hackers then contacted the students and posted the information on social media. Another 2017 hack involving two EdTech companies resulted in the public disclosure of records for millions of students. The FBI warns that hackers are targeting school districts with weak security and that these risks will increase as more networked devices are used.

The FBI recommends that school districts participate in online consortiums and organizations to learn about security best practices for EdTech. The FBI also advises parents and families to learn more about the EdTech they are using and understand the risks.

More information is here.

We regularly review and negotiate EdTech contracts on behalf of clients, and provide advice about reducing security risk. Please let us know if you have any questions or concerns about these issues.