NORTH TEXAS (CBSDFW.COM) – It’s a threat so serious, the FBI issued a warning to parents across the country.
Third-party companies are likely collecting information on your child through the apps and programs they use in the classroom.
Students could be putting their personal information at risk by simply participating at school.
Edtech has come to define modern education. Digital programs and apps help teach kids everything from math to reading.
But to use these services, students usually need to provide some information.
In some cases, the collection is starting as early as kindergarten.
“These companies don’t need to know my child exists,” said Sarah Lowe, whose son attends an elementary school within Northwest ISD.
Lexia is a literacy program used by schools across the country, including the one Lowe’s son attends.
But when Lowe and her husband, John, read between the lines, they contacted their son’s school immediately.
“These companies don’t need to know my child exists,” Sarah Lowe said.
“I may be overreacting, but I don’t know how this data will affect my child in the future,” said Sarah Lowe, whose child attends an elementary school in Northwest ISD.
Documents provided by the Lowe family show Lexia routinely gathers a user’s name, school, grade, username and class. The company obtains that information from the school district.
At the beginning of the school year, the Lowes “opted out” by telling Northwest ISD not to share their son’s information with outsiders.
So they want to know why another third-party company later send them mail addressed to their then-kindergartener.
“If they’ve already broken this promise, what else has been broken?” Lowe asked.
A spokesperson for Northwest ISD would not address the Lowe’s situation specifically.
Instead, the district sent an email stating it takes student privacy seriously and abides by federal privacy laws.
“The school district does not give personally identifiable student information to third parties without parent or guardian consent, except in limited circumstances allowed by law. A contractor to whom the school district has outsourced its services or functions may access certain student information necessary to provide services,” wrote Anthony Tosie, a spokesman for Northwest ISD. “When enrolling their children, parents and caregivers have the ability to choose whether certain information may be released as directory information.”
After the Lowes contacted Lexia, the company stated it had purged the boy’s records from its system.
But even when parents do agree to sharing their kids’ data, they may not know what that entails.
“Honestly, I don’t know how much [information] is being collected since they’re getting online at school,” said Emily Behrens, whose child attends Fort Worth ISD.
“I wouldn’t know,” admitted Brandi Sweeney, a Weatherford ISD parent.
When dealing with the operators of edtech apps and programs, several districts in Texas use a contract known as “Texas Data Privacy Agreement.”
Depending on the program and circumstance, edtech companies can collect information ranging from birth date, gender and race to medical alerts, test scores and bus routes.
Then consider just how many programs each child uses.
The Ones for Justice filed open records requests with multiple districts to see what apps and programs their students use.
Arlington ISD listed 30 programs, while Mesquite ISD and Keller ISD identified 143 apps and 300 apps, respectively.
“The students’ information could be possibly shared with anyone else if that information got leaked out,” said John Lowe.
But that fear is already a reality, according to Suku Nair, a distinguished professor at Southern Methodist University and the Director of the AT&T Center for Virtualization.
“There will be a breach, there could be a breach so the idea is be ready,” said Nair, who argued any piece of data that’s released in any form has the potential to be compromised.
But instead of avoiding these educational experiences, Nair said the best defense is monitoring how kids use technology.
“The parent has to be the primordial responsible person in the whole equation,” Nair said.
That means read the forms.
Before signing on the dotted line, parents should read the stack of papers they receive at the beginning of every school year.
Most districts allow parents to opt out of sharing information typically included in a directory.
Additionally, many schools provide disclosure documents and privacy policies.
Generic usernames and profiles could also help de-identify a student. Logins should never reference child’s personal information, such as her name, date of birth or address.
This year, the Lowes will once again opt out of sharing student information, which is a move they believe protects their son’s privacy.
“Let him make those decisions when he’s of legal age,” Lowe said.
The FBI issued a warning in 2018 over the rapid growth of ed tech. In 2017, millions of students’ data was compromised due to cybersecurity issues. <>
A breach at one company even landed student information on the dark web.
The Family Educational Rights and Privacy Act (FERPA) is the federal law that protects the privacy of student education records.
Another federal law, the Children’s Online Privacy and Protection Act, or COPPA, deals with how electronic sites and apps can collect data and personal information from kids under the age of 13. Such companies must have their own privacy guidelines and seek parental consent before collecting data on children.
But an interpretation of the law allows school districts to provide information to third parties operating these sites if the tools are used strictly for education purposes. In these scenarios, the programs are viewed as an extension of school officials.
However most districts still ask parents for permission to share that information.
Requests for comments from Lexia and Apex were not returned by deadline.