With schools starting this fall, one invariably will think about the safety of their children – both online and in the real world. There are numerous security programs and apps now that tout data security technology and online measures to keep students safer in the real world classroom. The technology generally markets itself as having the ability to predict the propensity of students to conduct acts of violence in schools. In order to do so, the software offered by these companies reads our kids’ emails and social media posts insofar as they are publicly available or sent through school networks. The technology contains certain key words and phrases that trigger alerts, which are then sent to the provider’s customer, typically schools. It sounds promising and is definitely optimistic given today’s climate, which I like. But are they really getting the full picture? If a message is privately sent between students on social media as opposed to a school’s network email, it seems that the software would not have access important information indicating a kid’s nefarious plans or potential harmful activities if it were included in private interaction. It is also questionable if the limited scope of the protection services offered by these companies is worth what we give up in terms of privacy.
In reviewing some of these companies and their technology online, I could not find a leading provider’s privacy policy that applies to their collection of data through their security service. Presumably (hopefully….), they provide their privacy policies to their actual customers (e.g., the schools), although one would think that this should be available to anyone who might be affected by the technology and services that they provide. Additionally, it is unclear how they may use the data other than to provide the service to their customers – such as for separate, commercial purposes or in connection with law enforcement requests or databases. On one provider’s website, I could not even locate a privacy policy. All in all, I find it difficult to trust these providers and their privacy practices. If a child is being monitored while using their service, the service is collecting the username (and real name) and any information posted or transmitted as well as various cookies, IP address etc. They potentially collect a ton of data on our children, without providing a whole lot of information as to how it is all used, retained and secured. Care should be taken to ensure that these companies do not misuse the data and have robust security practices to guard against data security breaches. Moreover, if this technology is targeted to use by children under age 13 (12 and under), the company needs to consider its obligations under the Children’s Online Privacy and Protection Act (COPPA). Interestingly, under COPPA, schools can agree to data collection on behalf of parents and stand in the parents’ shoes when making decisions on their students’ privacy. However, as an experienced privacy practitioner, I had a hard enough time deciphering what personal data is collected, how it used and whether it is disclosed – so I am not 100% comfortable with a school administrator reviewing the privacy and security policies of these technologies for my own children.
If this technology does serve its purpose and make our kids safer, it is worth trying something new, but at what cost?
For more information regarding Hopkins & Carley’s Data Privacy & Security practice, please visit our site.