The Underbelly of Public School Cloud Service Usage

By CIOReview | Tuesday, February 18, 2014

FREMONT, CA: The public schools in the U.S are rapidly adopting the technology trends in their bid to maintain a proficient education system byusing cloud services for cost cutting, ease of access to information and enhanced connectivity. While the schools are busy implementing these solutions in their premises, survey done by the Fordham Law School’s Center on Law and Information Policy department  finds that the cloud services in public schools is grossly underused, dearth of knowledge of cloud environment, transparency of cloud practices is abysmal and data security concerns looms large.

Fordham CLIP surveyed several districts across the country covering large, medium and small school systems. The survey says that even though federal privacy laws such FERPA, COPPA and PPRA being in place, the transferring of the student is covered in haze.

Lack of documentation is prevalent, as most of the school districts surveyed did not have proper documentation of the contract between them and the cloud service provider in place. Some of the agreements didn’t have clear mention of even the services covered. The report further states that school districts had a miniscule amount of hold on the terms and conditions of data transfers from the cloud and inappropriate provisions were mentioned in the standard form contracts offered by the cloud service vendors.

Cloud services are not properly understood, weakly governed and opaque. For example, the report says, out of all those surveyed; only 25 percent of districts keep the parents updated of their use of cloud services. 20 percent of districts do not have the policies for online services governance and contract documentation of most of districts has improper documentation and absence of privacy policies.

While there is absolute heedlessness of safety for online data for school districts in existence, survey finds that 95 percent of districts depend upon cloud services for maintaining student performance, student hosting and data hosting. Cloud service agreements with schools have little mention of data security and vendors are allowed to keep the student information eternally.

The Fordham CLIP also has recommendations to put things into order to protect the interest of students and their families. Some of those are: the information about the cloud service providers and their rules relating to student privacy protection should be made available on district websites and the districts must keep the parents updated with the services and the information transfer to third parties. Data governance advisory councils must be created by school districts and Chief Privacy Officer should be appointed to take care of the student data.