In an early alert about potential privacy concerns that could arise as a result of public sector cloud deployments, a new study from SafeGov.org and the Ponemon Institute finds increased use of cloud technology in schools, but growing concerns over its potential impact on students’ privacy.
The study focused on cloud versions of email and document collaboration tools. While a majority of schools expect to migrate to such services in the near future, 81% of respondents object strongly to the mining of student emails, web browsing and online behavior for profit by cloud providers, while 84% say providers should never profile students.
Seventy percent say that even the option to turn on ad serving, or the delivery of advertisements to users online, should be completely removed from school-provided cloud services. The findings also show that schools increasingly are looking to move to cloud services because they expect them to bring significant educational and social benefits to students, as well as being cheaper and easier to manage.
SafeGov.org commissioned the Ponemon Institute to conduct the survey of senior staff and IT practitioners in primary and secondary schools and related administrative organizations in the UK. Respondents were asked to describe their schools’ current and expected use of cloud-based services such as email and document collaboration, and to give their views about student online privacy and cloud provider business models based on data mining for profit.
Key findings of the research include the following:
- Schools believe cloud services will offer many benefits, helping students to acquire skills needed for employment (78%), thrive in modern society (63%), and obtain better results on national exams (51%)
- Cloud deployment in UK schools is growing rapidly: 68% of respondents expect to provide cloud email or document creation in the foreseeable future, while 25% already provide such services to their students
- Schools recognize that cloud services have a dark side: 74% see threats to student privacy as the top risk of cloud, followed by security breaches (70%)
- But the vast majority reject for-profit data mining of student information: 84% say cloud providers should never profile students for profit, while 70% say ad serving should never be an option
- Some schools admit to a conflict of interest regarding student privacy, but want to give parents the tools to protect their children. Forty-seven percent say they might be tempted to trade student privacy for lower costs, but 44% also say parents should have the right to opt-out of data mining for their children.
CLO Inside Track: The privacy challenges the Ponemon/SafeGov study highlights are not unique to the UK or to public education segment – they potentially apply to public sector entities in the U.S. as well. It goes without saying that cloud delivers sizeable benefits to federal, state, and local entities – including public schools and post-secondary institutions.
But who owns the data – and how and under what circumstances that data can be used – creates a potential minefield for policymakers. Two unrelated issues are likely to shape a similar privacy debate in the U.S.: the collection of a raft of new patient data for health reform and the recent flap over the Justice Department’s move to seize reporters’ phone records and in at least one case, monitor calls. The onus is likely to be on agencies to prove – through rigorous privacy policies and broader transparency over how data is collected and used – that personally identifiable data is protected. (For more information visit http://www.safegov.org.)