Making Sure Your Online Services Protect Your Students’ Data

Monitoring, Managing, and Vetting Apps for Data Privacy edLeader Panel recording link


After the sudden switch to remote and hybrid learning models at the start of the pandemic, the use of online tools and resources may seem like less of a concern now, but ensuring that students’ data remains protected is still a priority, especially as it is a federal requirement.

Effective ways to evaluate software and online services in regard to student privacy were discussed during a recent edLeader Panel, sponsored by CatchOn, An ENA Affiliate. The panelists included Monica Watts, Director of K-12 Engagement at IMS Global Learning Consortium, Kevin Lewis Sr., Project Manager at IMS Global Learning Consortium, and Reg Leichty, Founder and Partner of Foresight Law and Policy.

One point made during the presentation was that free apps are not always the best choice because some companies provide their apps at no charge and then generate revenue by collecting and selling users’ data, and the companies may not be aware of the requirements they need to meet when their users are students.

Complying with Federal Regulations

Reg Leichty provided an overview of the two key federal regulations regarding student data and privacy, starting with the Family Educational Rights and Privacy Act (FERPA). This legislation has been in effect since the 1970s and applies to schools and districts that receive any funding from the Department of Education, including grants and loans. It also applies to any other institutions that provide educational services or instruction while receiving DoE funding and to third-party companies that provide products or services such as apps or cloud storage to educational organizations.

The student data covered by FERPA includes any files, documents, or records in other formats that contain information directly related to a student. The primary rule is that this personal information cannot be disclosed or transferred without the written consent of a parent, or the consent of the student if she or he is over 18 years of age. There are exceptions for studies, evaluation by state and federal agencies, and health or safety purposes.

If a violation occurs at an educational institution or agency, authorities will first seek voluntary compliance, but ultimately can cut off federal funds. And if a third-party organization violates the regulations, the educational organization may not disclose private student information to the third party for five years. Parents do not have the right to sue either type of organization if their child’s privacy is violated.

A second piece of federal legislation administrators need to be aware of is the Children’s Online Privacy Protection Act (COPPA), which is administered by the Federal Trade Commission. This act prohibits the collection of private individual information from children under the age of 13, and it also covers operators of websites or online services, as well as educational organizations that use them.

Leichty recommends that education administrators have policies in place that are aligned with federal and state privacy protection regulations, and make sure that all third-party apps and services being used by the organization are complying with the regulations. It’s also important to review security procedures and practices to ensure they meet or exceed industry standards in regard to student privacy, especially as educational organizations have become a frequent target of cybercriminals using ransomware and denial of service attacks.

Identifying Trusted Apps

Monica Watts provided an overview of the complex digital ecosystems many districts now have, and the wide array of software and services included in them. While a Learning Management System may be used to collect and provide information about classes, calendars, and assignments, there may also be a separate Student Information System that holds the data on each student’s schedules, grades, and other records. Other systems include a Learning Object Repository for curriculum content and resources, as well as a collection of productivity tools used for collaboration, presentations, and other purposes. There is also likely to be an assessment system that includes tests, rubrics, and analytics.

To help educators evaluate and monitor the privacy protections of these types of systems and software, IMS has created a rubric and vetting process that was designed collaboratively and voted on by its members. The evaluation process and rubric are based on a set of questions about the types of student data being collected, how the data is secured, and how data may be shared with or between third parties.

Each vendor receives a designation as to whether it meets expectations, partially meets expectations, or does not meet expectations, and the results are posted in the IMS Product Directory where members can check on apps or other software they are considering. IMS also works with suppliers to help them understand the regulatory needs of educational organizations and how these needs can best be met.

The goal of this type of evaluation and process is to provide transparency so that administrators and educators can make informed and responsible decisions that do not stifle creativity in the learning process.

This edWeb broadcast was sponsored by CatchOn, An ENA Affiliate.

Watch the Recording Listen to the Podcast

About the Presenters

Monica Watts

Monica Watts is the director of K-12 engagement at the non-profit IMS Global Learning Consortium, providing a voice for K-12 institutions and bringing together technology providers to achieve digital equity and interoperability at scale. Monica is passionate about helping school districts integrate technology successfully. She graduated from Florida State University and received a Master of Library and Information Science from the University of South Florida.

Kevin Lewis Sr.

Kevin Lewis Sr. manages IMS Global’s TrustEd Apps program to proactively guide and support institutions and edtech suppliers in the use, collection, and sharing of sensitive student data. Kevin started his career in education as an IT customer service representative, where he was responsible for the break-fix process at two high schools. He also held “Tech Tuesday” training to train principals and faculty on all district resources. Kevin then moved on to work as an education technology specialist and headed a district’s student data privacy, internet safety, and security initiative. In the two years of running this initiative, Kevin raised awareness about student data privacy and influenced education technology products to improve their privacy practices. Kevin is a Marine Corps combat veteran who has served proudly in Operation Iraqi Freedom and Operation Enduring Freedom. After the military, Kevin worked in all areas of security and access control systems.

Reg Leichty

With over two decades of legal, policy, and lobbying experience, Reg Leichty advises education leaders, national associations, and other stakeholders about the federal laws, regulations, and programs that directly impact and support efforts to expand and improve educational opportunities. Among other laws, he counsels clients about the Elementary and Secondary Education Act, the Individuals with Disabilities Education Act, the Family Educational Rights and Privacy Act, and the Universal Service provisions of the Telecommunications Act of 1996. His current work focuses on federal requirements and programs related to education technology, early learning, accountability and assessment, data use, and educator professional development and preparation.

About the Moderator

Monica Cougan is the manager of strategic relationships and initiatives at ENA and CatchOn, where she leverages her more than 35 years of experience in education and technology to help schools make the most of new technology. Throughout her career, Monica has been an evangelist for the adoption of technology as a transformative educational tool. She also has extensive experience helping K-12 schools implement 1:1 programs and in disseminating problem-based and project-based learning methodologies that focus on helping each student develop his or her own voice. Throughout Monica’s extensive career, she has sought out the diverse experiences required to know how to implement positive changes in education: she has served as a classroom teacher, adjunct professor, and education consultant for national, technology-based curriculum companies. Away from the classroom, she has served as an independent math consultant, worked in curriculum development, evaluated research on school-based programs, and developed professional learning opportunities for educators looking for a new mastery of technology.

Join the Community

Analytics in Action is a free professional learning community on for school technology leaders, superintendents, curriculum and instructional leaders.



CatchOn is a user-friendly data analytics tool that collects real-time data on every device, enabling school districts to make data-informed decisions about the apps and online tools their educators and students are using. In 2018, CatchOn joined forces with ENA, a leading provider of comprehensive technology solutions to education institutions and libraries across the nation. Collectively, CatchOn and ENA leverage their respective resources and expertise to deliver critical services and solutions that help school districts produce positive outcomes in the communities they serve.

The summary of this presentation was written by Robert Low.

Robert Low has more than 30 years of educational publishing experience, ranging from editing and product management to online advertising and content development. He also works with to write articles on their professional learning edWebinars.