You’re confident that your education technology product is going to support student learning and success in the K-12 sector. You’ve assembled your team, and your engineers are ready to go to work. The market research tells you that with the right investment to back your launch and a good dose of sweat equity, your business is going to succeed. However, before you take another step, be sure you are prepared to answer the question “How do you plan to protect the privacy of student data?”
Education technology sits in a heavily regulated sector, and if your business is in the K-12 space, it sits at the intersection of two such sectors: education and children. Here are some things you need to consider in order to succeed.
1. Build your company as if you work in the financial sector. There are rules, regulations, and expectations for protecting the privacy of student data that create a complex matrix to move through. Start by understanding the requirements of the Family Educational Rights and Privacy Act, the Children’s Online Privacy Protection Act, the Protection of Pupil Rights Amendment, and at least some of the 125 state student data privacy laws that have passed within the past four years. Build your fluency over time, and be sure the principles behind the laws are embedded into the design of your product.
2. Speak the language of education, not just tech. Whether you’re communicating about your privacy practices or your pedagogy, what you say and how you say it matters. You may have an extraordinarily sophisticated piece of technology on your hands, but if all schools and parents hear from you is the way you will use data to produce results, the more you will find yourself looked at with suspicion. Fears around student data privacy are real, and communications can derail your product even if your practices are sound.
3. Go beyond the laws. The regulations in this sector are complex, and there are limitations on data use that extend well beyond the rules in other sectors. In addition, the success of your brand will depend in part on trust from schools and districts. Build a culture of compliance within your organization from the ground up. Connect your compliance program to your brand sensibilities, and ensure that everyone on the team understands the role they have to play in protecting the privacy of student data.
4. Look out for your customer. Schools and districts are responsible for assessing the data privacy and security practices of every product they bring into their buildings, from the network underpinnings to what are often hundreds, if not thousands, of apps and websites used in the classrooms. They often feel that technology companies don’t understand their data privacy responsibilities and can easily take advantage of them. Prove them wrong (and build loyal customers) by building a relationship with your school and district customers based on transparency and a spirit of partnership.
5. Get it right from the start. Cleaning up data privacy compliance practices to align with the laws is not easy, and it can be quite costly. When data privacy and security protections are designed in, the development process is less expensive, the user experience is better, and the path to market is much smoother. Conversely, if data protection is not considered at the concept stage, you may end up retrofitting your product after development is complete. This costs time and money, and it jeopardizes the end result. Choose your development path wisely.
There are a whole host of ingredients that go into developing a successful ed tech company, but data privacy and security are areas that should be part of the core. Getting your business model right depends on understanding the compliance requirements, and getting to market properly requires respecting how schools and districts need to operate around these issues. It’s a complex proposition, but by learning the rules from the start, you can innovate within the boundaries and use your data protection program as a competitive advantage.
About the Author:
For over 25 years, Linnette Attai has been building organizational cultures of compliance and guiding clients through the complex compliance obligations governing data privacy matters, user safety, and marketing, with a focus on the education and entertainment sectors. As the founder of PlayWell, LLC, Linnette advises private and public companies, schools and districts, trade organizations, lawmakers, and policy influencers. She serves as a virtual chief privacy officer and data protection officer to select clients, speaks nationally on data privacy matters, and is the author of “Student Data Privacy: Building a School Compliance Program.” She is currently a member of the Rutgers University Center for Innovation Education Cybersecurity Advisory Board, and is the project director for the Consortium of School Networking Privacy Initiative and its Trusted Learning Environment program.