As a parent of school-age children I see a lot of educational websites and applications. As a security-minded engineer, I look at the security and privacy practices of all of them.
Often, what I see is alarming. Many sites do not follow basic security practices or have significant vulnerabilities that can expose the personal information of students.
I also see a lack of transparency and information about how secure a given educational web site is, and what problems have been identified and fixed over time. Parents and educators can’t make informed decisions about security and privacy if they don’t have this information.
There seems to be no consensus or standards on what constitutes “reasonable” security when it comes to protecting the personal information and data of our students.
I’ll share my observations here, and hopefully shed some light on these topics. Thanks for listening!