Saturday, April 7, 2018

Vetting Apps

Good morning colleagues! I'm back! I was going to post last week... I had this great plan of reading The Innovator's Mindset and doing a book review blog post. But then Spring Break happened, i.e., I sat around and did NOTHING and enjoyed my time off. So then I was going to finish it this week, but we started track practice, and having two and a half hours less each day really cramps my time! SO...  I have a completely different blog post this week!

While reading The Innovator's Mindset, I saw a great quotation from George Couros, "My belief is not that teachers don't want to change, but they sometimes lack clear guidance and support to make the desired change." This bit of information has stuck with me this whole week as I've thought about supporting teachers in my position, but also as I've read more on the news about Cambridge Analytica. If you don't follow the news, Cambridge Analytica is a political consulting firm that mines and analyzes data. Why this story is huge is because they accessed private information from between 50-80 million Facebook users to influence and target American voters in the 2016 Presidential election. Cambridge Analytica is mostly funded by two people: Robert Mercer and Steve Bannon.

So why am I bringing up this breach on my educational blog? Because I, along with a group of three other teachers, have embarked on an ambitious program to "vet" apps for our school district. Traditionally, large school districts have an "edtech" team that does this, but because our district is still designing (hopefully) this team, some of the responsibilities have fallen on everyday teachers.
What is app vetting and why do we do it? In simple terms, we are auditing/reviewing apps to ensure that they meet student data privacy laws such as FERPA and COPPA. The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. One aspect of this is that schools must have written permission from the parent to release any information from a student's education record which includes their name, location, student ID, etc. The Children's Online Privacy Protection Act (COPPA) is a law created to protect the privacy of children under 13. COPPA imposes specific requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Right now, D49 is not meeting the requirements of these two federal laws. After the Cambridge Analytica scandal, it is even more imperative to be in compliance ASAP! We have to ensure that our students' data is not being accessed, let alone mined, for nefarious purposes!

So why did I bring up the George Couros quotation? Because it has been briefly mentioned to my 1:1 colleagues that there will be changes next year and some apps will not be able to be used. Some teachers were quite frustrated and wanted to know why this change was happening. I even mentioned FERPA and COPPA, but the teachers didn't know what those laws were and wondered if they were new. After looking at, reading, and thinking about the quotation,  I've realized that the frustration stems from teachers lacking the guidance and support for the change.
So I'm going to lay out how we vet apps (what we're looking for) and how we will make changes for the next school year.
  • We look at the applications that teachers want to use and determine if they will be used for educational purposes. 
  • We access the iOS application's App Store page so that we can quickly find the developer website and privacy policy. 
  • Once on the privacy policy, we scour for a few things. What types of information are being shared?  Is there any information shared that could be considered sensitive?  Are students sharing personally identifiable information? How does the application gather data? Does it share or sell the data? Does it retain the data after the account is deleted? Does the application have ads? Are students under 13 allowed to use the application? Does the app require parental consent before use? Are students generating content? Is that content shared publicly? What happens if there's a breach of data?
  • After finding answers to all of the questions that we have, we put the application on a spreadsheet. The app will fall under one of four categories: 1) approved with no limitations, 2) approved with limitations, banned completely, approved for a teacher account only. 
  • By the end of the year, all 1:1 teachers need to make a list of applications that they want to use in the classroom. We will compile the list and vet apps over the summer. At the beginning of year registration, parents will sign off on all applications to be used. 
  • If a teacher wants a new application through the next school year, at SMS I will vet the app. Once approved, the teacher will have to send home a parent permission form, receive all forms back, then I will add the application to the 1:1 device. 
This is all a work in progress, and it is very slow moving as there are only four of us teachers vetting applications. I hope, through this process, that teachers understand the importance of vetting apps to keep our students safe in the 21st century.

Thanks for reading! I'll see you next week :)

- Rachel
My Teacherspayteachers website