A friend of mine said in a conversation “the cloud is a computer in another room.” Another friend looked at me when I asked him what the cloud was and he pointed to a room full of servers. So what does the cloud really look like? For the most part, it looks like this.
Today we do many different types of work in the cloud. If you have checked your email, you have used the cloud. When using the cloud, your computer or device connects with different servers in remote locations. Some of these servers are specialized for storage, while others are running applications. The cloud can be very useful when checking email or collaborating documents online with services like Google Docs.
So why is the concept of the cloud so controversial when it comes to student data and education? I believe the debate should not strictly be about the security and privacy of student data in the cloud, but whether that data is safer in the cloud than on a local server managed by a budget strapped school district. As more schools move into a digital world with managed databases providing real time student performance, schools need the ability to manage all this information. In order to do that, cloud services that remotely host this information provide an efficient, affordable and arguably safer environment for a school to operate. If each school hosted their own server they would need IT support staff on site to manage and secure their databases. Most schools have neither the budget nor enough people to maintain these systems. Often, they are reliant on parent volunteers.
And while many arguments support using cloud service providers, we must also look at the shortfalls in these systems. Recently, the Center on Law and Information Policy at the Fordham University School of Law conducted a research study on the privacy of student data in the cloud. One of the most interesting findings, for me, was that about 95% of school districts already use cloud services for managing school operations. But that most schools had poorly executed contractual agreements. School districts did not put in place adequate privacy protection policies for student records and access controls for different individuals in the schools were not clearly defined. Further, the study found that some of the contracts did not comply with FERPA’s requirement that data be deleted after it is no longer needed for the purposes it was provided. Should we be concerned? I think so. Schools and parents should be assured that student data is adequately protected by strong privacy policies and security controls. But these concerns are more with how the contracts are structured than with how secure the data is in the cloud.
Students have a right of ownership of their data and they should be informed of how their data is collected, managed and shared amongst different service providers. Schools need to understand what security controls are in place to protect their data. The Department of Education has provided guidelines on how FERPA applies to student data stored in the cloud and schools must ensure that their cloud service provider is following these guidelines in order to provide reliable privacy protections for students.
Considering the vast amount of student data stored in the cloud and in different educational apps, it is the responsibility of schools and cloud service providers to work hand in hand with students’ privacy rights in mind. And only with transparent security and privacy practices will schools and cloud service providers be able to demonstrate to students and parents they can trust their data is safe.