Across the country, students, parents, and community members rely on websites as a primary source for information about their children’s education, meal planning, and community events. The websites may be operated by a school, a district, a county office of education, or a state-level educational agency. A recent study entitled Tracking: EDU: Education Agency Website Security and Privacy Practices, produced by consulting firm EdTech Strategies, LLC, highlights significant privacy, online surveillance, and other security issues with the websites of many school districts and state departments of education.
The study illuminates the nearly universal presence of third-party ad trackers and online surveillance software embedded in educational agency websites. According to the study, approximately 90% of state departments of education and all but one of the 159 large school districts analyzed employed Google Analytics services to gather website user data for targeted advertising. School district websites surveyed also deployed tools from approximately 40 other ad tracking services, including Facebook and Twitter.
The study also points out a widespread failure to adopt the “https” secure browsing protocols on school district websites. Such protocols help protect website users from viruses, third-party snooping, and hijacking. Fewer than half of the school district websites analyzed in the study consistently supported secure browsing.
Nothing in the study indicates any of the agencies were intentionally misleading website users about these privacy and security issues. Instead, the study’s author suggested that — given limited budgets, staff, and resources — school district IT departments and policy makers might simply be unaware of or unable to address the privacy and security issues “under the hood” of their websites.