The Internet of Things (IoT) holds tremendous potential to change and improve education at all levels. Students can explore the world without ever having to leave their seats. Expanding classroom connectivity, however, also poses significant threats to student privacy and security, as IoT devices open what were previously secure classroom spaces to an online world that is vulnerable to hacking and data breaches. Educators and administrators are struggling with these competing forces to arrive at a solution that gives students an optimal education experience without dangerous compromises to their privacy and safety.
The School’s Perspective
From one perspective on the school’s side, classroom IoT will improve student security. Schools are already using security cameras and other monitors for campus surveillance. IoT also allows schools to limit access to school buildings and classrooms to authorized personnel, which removes security threats posed by outsiders.
The downside to this increased security is that all data that is collected through IoT devices and maintained in school network servers is susceptible to cyber theft. Educators and school systems administrators cite student security and privacy as major drawbacks toward implementing IoT in the classroom. Educational institutions that rely on robust IoT technology will need to implement a strong cyber security plan to secure their networks against breaches and, when a breach does occur, to limit the damage from that breach and to compensate individuals who experienced financial or other losses as a result of the breach. Cybersecurity insurance can be an effective tool for the latter purpose.
The Student’s Perspective
Students that use their own IoT devices in a school network and environment are in something of a limbo with respect to their own personal privacy and security concerns. Schools struggle with controlling security and privacy within the network structures that they own and control, but they have little or no control over information that students create and share on their own IoT devices that are connected into those network structures. For example, a student might create and store a video of fellow students using his own smartphone while on a school’s campus. That video might pass through a school’s network en route to being stored in a cloud environment. If the school’s network has been breached, that video can compromise other students’ safety and security.
Schools can erect a first line of defense against this problem with policies and procedures that preclude students from this practice. They can also implement scrubbers and other technology solutions to keep those videos out of their own network structures. This will not, however, stop a student from creating the video or from downloading the video through other networks. Again, a well-crafted cybersecurity plan will lay the groundwork for schools to protect the security of their students.
The Legislative Perspective
Various state legislatures have recognized the risks that their states are imposing upon students as they are rolling out IoT-enabled classrooms, and in response they have enacted laws and regulations that limit what school systems can do with student information. Other school network service providers are adhering to the voluntary standards in a privacy pledge, in which they agree to refrain from selling student information, to use data only for authorized educational purposes, and to follow other standards and procedures regarding that information.
None of these perspectives provide a foolproof guarantee against violations of student privacy in IoT-enabled schools. K through 12 school districts and institutions of higher education will need to increase their focus on this issue as IoT devices become more prevalent. Those districts and institutions should also consider procuring cybersecurity insurance to cover financial losses in the event of a breach of any student’s privacy rights.
Photo: JJ Thompson