6 essential ways to protect student data privacy in this new online learning era

Data Security Global Education

The current global climate has forced a majority of the world to practice social distancing; leaving administrators, teachers and parents scouring the internet to find engaging solutions to provide continuity of education for their students and children.

And as if transitioning to a completely new way of teaching is not a struggle enough, many teachers and administrators have seen their inboxes overflown with offers and promises of distance learning solutions from hundreds of online resources vying for attention.

While there are many great organizations providing distance learning solutions, it is imperative for those sifting through these options to prioritize the security and privacy of student data. At Belouga, we are working with education policy makers and administrators in over 100 countries to ensure all leaners are provided with a safe and secure online solution. Here are 6 things to know while searching for distance learning solutions for students and children.

1. Make sure the online resource is hosted over a secure connection.

When considering any online educational resource, the first thing any user should do is check the address bar at the top of their browser and make sure there is a closed lock icon and the url starts with https://

This is known as SSL (Secure Socket Layer), and it is the first step for any digital solution to provide a secure connection for their users.

Simply put, if the website url address bar presents a closed lock icon, all information transmitted through the website will be encrypted (protected) while traveling between the browser (you), and the server (the website or application). This helps to protect against undesired access to personal information and is a good general guideline to follow for any website that requests information to be sent (contact forms, registration forms, feedback forms… you get the idea.)

2. Review the privacy policy and terms of service for every digital resource being considered.

This is perhaps the quickest and most important way to discover how user information is processed, shared, stored, and utilized in regards to each digital application.

Although many privacy policies and terms of service documents are lengthly and admittedly difficult to read with all of the legal language, there are a few simple acronyms and terms to search for that will help to speed up the process of vetting potential online education service providers.

If a privacy policy or terms of service document are difficult to locate or posess language that is difficult to understand, this should be a red flag.

3. Locate the “Third Party Disclosure” in the Privacy Policy.

All online applications who work with third parties (additional resource other than the company and yourself) must disclose this in their privacy policies.

If no information is available referencing third parties, assume that the application is unsafe to use with your children or students.

If digital educational resources do work with third parties, this is not necessarily a bad thing, many times it is to the benefit of integrating an application with already existing software used in schools (LMS systems, Google Classroom, etc.)

Ensure the third parties are explicitly stated, or there is a contact email on the privacy policy where this information can be attained. (Usually found toward the end of the document)

During the review of third party disclosures, make sure the following are explicitly stated:

  • All user data (parent, teacher, administrator, student) is not sold to third parties
  • Student data is not shared with third parties. This is vital because it is not only in the best interest of parents and teachers to protect student information, in many regions around the world it is required by law to do so.

4. Ensure all data is stored securely and is encrypted at all times.

As with any online service, it is important to ensure that all user input (anything written or uploaded onto an online application) is protected once it is submitted. We already discussed the importance of SSL in protecting data while it is traveling between the browser and the server, but what about when it gets to the server?

Once data reaches the server, it comes to “rest.” Every platform that deals with student data should encrypt data while it is stored on their respective servers.

The privacy policy should state that user data is encrypted once submitted, both “in-transit,” and “at rest,” minimizing the ability for data to be hacked and sold or used without permission.

If this information is unavailable for any education technology software, make sure to reach out to ask about how user data is handled before registering.

5. Compliance with Data Security legislation is a must.

In the age of technology, it is imperative that users ensure they are protecting their information best as possible. In many countries globally there has been legislation passed both at national and local levels to help safeguard against misuse of information by online organizations.

When dealing with educational resources, make sure during review of each individual privacy policy that the following legislations are discussed:

  • Children’s Online Privacy Protection Act (COPPA): This is a federal legislation that provides guidelines to digital resources who serve children under the age of 13 in any way.
    • In a nutshell COPPA limits the information that can be collected from children under the age of 13 and limits the ways in which the information can be used and shared.
    • All education technology that operates in the USA should adhere to COPPA federal guidelines. If it is not clear in the privacy policy, do not register your students or children for the application.
    • A few states in the USA also are adopting their own versions of COPPA (New York-Ed law 2-D, California-CalOPPA), so before settling on a set of online resources for your student or child, be sure that local laws pertaining to student data security have been addressed.
  • Family Educational Rights and Privacy Act (FERPA): Federal legislation that protects the privacy of student educational records.
    • In a nutshell FERPA puts hard limits on sharing student information with anyone other than the students parents or guardian, and provides these family members with the right to access their students information upon request.
    • All education technology that operates in the USA should adhere to FERPA federal guidelines. If it is not clear in the privacy policy, do not register your students or children for the application.
  • General Data Protection Regulation (GDPR): This is a European Union (EU) legislation that applies to data collection for all web based applications.
    • In a nutshell GDPR is a ruleset that applies to processing (collection, organization, structuring, storage, alteration, consultation, use, communication, combination, restriction, erasure or destruction) user personal information.
    • Although this is not a USA specific law, many governments globally are adopting similar legislations to protect all users online, as best as possible.
    • All education technology that operates in the USA or the EU should adhere to GDPR federal guidelines. If it is not clear in the privacy policy, think twice before registering your students or children for the application.

Online organizations providing educational experiences for students should clearly state compliance with COPPA, FERPA, GDPR, and local laws and legislations.

6. Source reviews from reputable education resources.

Review sites such as https://edtechimpact.com have developed a free platform that brings together a comprehensive list of educational resources coupled with user reviews gathered from parents, teachers, and administrators around the world.

Sometimes, the best way to know if a solution is valuable, is to see how others who have tried it feel about an educational resources effectiveness.


It is important to remember while there are many resources available to support teachers and parents transition to an online learning environment, and even more representatives reaching out each day promoting potential solutions, protecting student data should always be the main focus.

If the privacy policy is transparent and thoroughly explains the who, what, where, and why for handling of student data, then the platform can be considered safe to use with your children and students. And always remember, if vital information is omitted from the privacy policy and terms of service, or you find it difficult to find, reach out to the organization and ask before registering.

Happy learning!

Profile Image

Jordan Hauge


Jordan is the co-founder and COO at Belouga, an online learning platform providing collaborative, real world learning opportunities for students in over 100 countries globally. Passionate about leadership, data security, and user experience, Jordan spends the majority of his time working with teachers and parents to ensure the team at Belouga is creating a safe and engaging educational product for all. In his spare time, Jordan enjoys volunteering with his local fire department and spending time with his family.

1 thought on “6 essential ways to protect student data privacy in this new online learning era”

Leave a Reply

Your email address will not be published. Required fields are marked *