As data privacy becomes increasingly prioritized around the globe, some industries have been operating under the mistaken assumption that their company is exempt from these data privacy laws. This includes educational or educational institutions.
That simply isn’t true anymore. From increasing scrutiny to amendments and flat-out new regulations being enacted, it’s more important than ever for educators to understand and comply with the law.
In 2023, several new laws are being put into effect. That doesn’t just mean they’ve been signed. That means they can and will be enforced in less than two weeks’ time.
For educational institutions – especially ones that deal with international data or children’s data – it is absolutely crucial to be prepared.
What’s different about educational data vs. regular consumer data?
That’s a great question! Inherently, educational data is more sensitive. It contains very personal information about a person’s life that cannot be altered, like birthdate, grades, personal achievements, relationships with other academic personnel and more. If that information fell into the wrong hands, it could do some serious damage.
On the other hand, while regular consumer data is still very sensitive, it’s typically something can be corrected or changed – like addresses, phone numbers, credit card numbers and so on. That doesn’t mean it’s not as important. It really is.
However, once educational data becomes breached or leaked, it is far more difficult to repair any potential damage. Additionally, educational data covers a broad spectrum of information, much of it including that of minors.
Children’s data privacy is important to protect, but what does that have to do with my institution?
Online education has been around for a while, but it truly got amplified during COVID. Many children left the classroom and joined classes virtually.
This required them to use their personal school ID as an email address, or identifier, in order to attend Zoom meetings with teachers and classmates.
Since some school districts could not or did not provide secure laptops to their students, many used personal devices and logged into accounts with their school information. This was inescapable, both in and outside of the U.S.
After all, children needed to attend school, couldn’t in person, but still had to be positively identified by their teachers and administrators. And because the pandemic spread so quickly, there wasn’t time to come up with a comprehensive and secure plan to keep kids – and their data – safe.
In EU, lawmakers jumped right on the issue. With audits, threats of fines, and loss of reputation, even the Department of Education wasn’t exempt. However, don’t expect things to stop there. New laws regarding children’s data are coming in 2023, and that could affect the way your organization collects, manages, shares and stores information from minors.
Even more worrisome is the time that children have been spending on other apps and websites that don’t have anything to do with school.
Aren’t children’s parents or guardians responsible for their online activity?
When devices and internet access wasn’t widely available, it was much simpler for parents and guardians to monitor that activity. Today, nearly everyone has their own device that connects to the internet, including toddlers.
According to a recent study, 53% of children in the United States have their own smartphone by age 11. That study doesn’t even cover the vast number of toddlers or elementary-school aged children who own a tablet or other handheld electronic device. Did we mention baby monitors yet?
With widespread access to free Wi-Fi, and devices in hand, it’s not difficult to see that protecting children’s data is more difficult – and more important – than ever. TikTok and Meta have been in the news repeatedly for “farming” the data of minors or using it in a way that couldn’t have reasonably been consented to.
This has led to many investigations and fines. It’s also had lawmakers studying on how to best crack down and prevent these things from happening again.
Much like when you have that one friend at a party who goes too far and spoils the fun for everyone… well, that’s kind of what’s happening here with these enormous companies. Because they didn’t reasonable safeguard the data of children under 18, everyone must follow a strict set of rules that is only going to get stricter in 2023.
What should educational institutions look out for?
That’s a great question. First, you must evaluate whether you collect or process the data of minors. If so, you’ll need to ensure that your organization is following all of the rules set forth in the many data protection laws around the globe that apply specifically to individuals under 18.
Second, you’ll need to understand that because educational data is so sensitive, you’ll also be expected to follow more rules than those of the average business or site owner. These regulations can vary from region to region, state to state, and country to country. They’re also changing all the time.
There is only so much information you can get from skimming a blog post or downloading an eBook. Unfortunately, it’s just not practical for most business owners to educate themselves on every single law that’s being signed, enacted, or amended. Yes – even if you work in the educational field.
Third, you’ll need to ensure that you maintain comprehensive records of consent and preferences. Whether for minors or adults, you may need to prove someday that you collected information or data in a way that was compliant with the law. You’ll also need a way to store that data where it can’t be accessed by hackers or compromised in a data breach.
Whew! That’s a lot!
It is a lot. However, you don’t need the headache. The right Consent Management Platform (CMP) can help your educational institution stay above board, no matter what happens. You don’t have to spend hours reading and decoding the law in order to stay compliant. You just need an expert team to help you get there. There are a lot of CMP options out there that can ensure your website and the tools you use are protecting both your users and your business.
Give one of our privacy experts a call today and get your business compliant in just about 30 minutes. Best of all, we’ll give you a 14-day free trial to get you started.