Part I: Introduction
When parents, educators, students, researchers, reporters, and other members of the public have questions about education, one of the first places they turn to are school, school district, and state department of education websites. For those members of the public with even moderate technology skills and access to the web—even if only via a smart phone—state and local education websites have become indispensable ways to gather school-related information and to communicate with school officials.
It is widely acknowledged that access to, communication with, and use of the information on state and local education websites may be sensitive and deserves protection, even in cases where it is passively logged by education agency website servers. In their privacy policies, for instance, state, district, and school websites routinely declare:
“We are committed to protecting your privacy online.”
“We take data security and the privacy of personal information very seriously.”
“We take very seriously the integrity of the information and systems that we maintain.”
“Security is the most important portion of customer service for any business or government entity conducting commerce on the Internet today. We take this issue very seriously.”
The message being delivered via these and similar statements is one designed to engender trust in school information systems and website management.
Yet, the web is not—nor will ever be—static. New technologies, tools, and services routinely offer up innovative new capabilities and personalized experiences. And, with every new digital experience that may amaze and delight website visitors, potential new threats can be introduced. While not frequently on the cutting edge of technology, school websites and information technology systems are not immune to these larger trends—for better and for ill.
Use of School Websites is All But Mandatory
School, district and state department of education websites serve as the definitive public sources of information about school schedules, news and events, academic standards and curricular resources, testing and school accountability, teacher certification, support services for students with special needs, supplemental learning opportunities, and school and staff contact information. These websites also allow educators and students’ families easy opportunities to update school records, check on their students’ progress, make payments for school services, and sign up for educational, financial, and other social service programs.
In order to shed light on the current status of state department of education and school district website security and privacy practices, from October 2017 to January 2018 EdTech Strategies undertook a research project, entitled Tracking: EDU, to shed light on:
- How education agencies protect and secure digital communications between their websites and users’ web browsers;
- The use of website ‘cookies’ and other trackers by official education agency websites; and,
- The nature and quality of education agency website privacy policies.
Using a variety of third-party and freely available tools, website practices and policies were reviewed for:
- Each of the 51 state department of education websites, including the state education agency website for the District of Columbia; and
- A national cross-section of 159 unique public school district websites, comprised of recipients of the Consortium for School Networking’s Trusted Learning Environment Seal, members of the Council of Great City Schools, and members of Digital Promise’s League of Innovative Schools.** This cross-section of school districts is skewed toward larger and more technology-savvy public school districts, but does include a small number of charter and other special population schools.
Significant and important findings—ones that demand prompt action at the highest levels of education leadership—emerged for each of the three research questions investigated by Tracking: EDU. Technologists and security/privacy advocates should pay particular heed. They will be motivated to validate and extend the findings of this research and then press leadership for better IT policies and practices for school websites nationwide.
**Note: These three school district memberships contain a slight overlap of membership: Denver Public Schools and the Miami-Dade County Public Schools maintain dual affiliations with the Council of Great City Schools and the Consortium for School Networking’s Trusted Learning Environment Seal initiative. Fulton County Schools maintain dual affiliations with Digital Promise’s League of Innovative Schools and the Consortium for School Networking’s Trusted Learning Environment Seal initiative. Six school districts maintain a dual affiliation with Digital Promise’s League of Innovative Schools and the Council of Great City Schools: Broward County Public Schools, Charlotte-Mecklenburg Schools, District of Columbia Public Schools, El Paso Independent School District, New York City Department of Education, and San Francisco Unified School District. Note, too, that for purposes of this study that the Hawaii Public Schools website was considered a state agency website (and therefore omitted from analyses of Council of Great City Schools’ districts).
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.