国产精品

When it comes to sharing student information with app vendors, schools have two options. The first is data obfuscation, where you transform the data sent to application partners in a way it cannot be reversed. The second is data minimization, where you carefully audit the data sent to application partners, ensuring that unnecessary data isn鈥檛 shared.

Both approaches are inherently well-meaning; schools should be very careful about sharing student information. That鈥檚 because attackers can get around school organizations鈥� cybersecurity protections by attacking their application partners instead. Anything that the organization shares with the vendor becomes fair game for the attacker in what鈥檚 known as a supply chain attack.

In addition, both the data obfuscation approach and the data minimization approach have their merits. But in our opinion, the drawbacks of data obfuscation outweigh the merits. In the end, data minimization achieves the benefit of security while being a better choice for the realities of the classroom.

What is Data Obfuscation?

Data obfuscation is a security technique that involves permanently transforming the data sent to recipients. A one-way algorithm known as a cryptographic hash will turn a name like Jessie Jones into a random character string like A9i41 NE28U that cannot be reversed back to Jessie Jones. This means that attackers can鈥檛 access this data even if they successfully breach the vendor.

Why Would School Districts Employ Data Obfuscation?

Some edtech applications require student data in order to function. But administrators are rightly wary of sharing this information. Since there鈥檚 no requirement for the shared data to be accurate, however, the data obfuscation technique effectively tricks the app into using the substituted hash.

What Are the Benefits of Data Obfuscation for Edtech Security?

To recap, there are three main benefits to data obfuscation.
1. Data sent to application partners is permanently encrypted.
2. Even if an attacker successfully completes a supply chain attack, your data is safe.
3. Data obfuscation is theoretically more compliant because PII can鈥檛 be exposed during a breach tricks the app into using the substituted hash.

What Are the Drawbacks of Data Obfuscation?

Data Obfuscation Breaks Edtech Applications

Let鈥檚 say that you use data obfuscation and successfully present student Jessie Jones as student A9i41 NE28U, with the email address A9i41.NE28U@schoolname.com. A lot of the application鈥檚 functionality is now useless.

• The application can鈥檛 share important updates, such as grades or homework assignments, using student email addresses.
• Teachers will find it much more difficult to look up student information within individual applications (because now they have to remember that 鈥淛essie鈥� is actually A9i41).聽
• If the obfuscation method uses a different hash for each application, then it will be nearly impossible to track student performance across different apps.

What’s more, application vendors have found that data obfuscation can actually disrupt the student learning experience. Consider you are logging into your favorite math application and see “Hi, A9i41” on your screen. The student may feel confused – are they in the right account? Are their assignments correct? Just one simple name change could disrupt the entire lesson. In addition, edtech vendors now find that they鈥檙e using valuable bandwidth and storage to process meaningless data.
This leads us to our primary thesis as to why data obfuscation isn鈥檛 suitable for the edtech environment. If the data you鈥檙e sharing is so important that it cannot be seen in its intended form, why are you sharing it in the first place?

What is Data Minimization?

Data minimization is the process of applying the principle of least privilege to data sharing with application vendors. For example, if an application requires a student鈥檚 name and email for functionality, you might share those. However, depending on the application, you might choose not to share other information, such as their gender, birthdate, racial backgrounds, and so on.

Drawbacks of Data Minimization

First, it is possible to send data to app vendors that you didn鈥檛 intend to share. That being said, 国产精品鈥檚 data minimization controls are set up field by field, and application by application. Having fine control over the data you鈥檙e sharing makes these mistakes less likely (though some fields are always necessary – learn more in our help center: ).

Second, vendors may need to process some forms of PII in order to provide the full value of their application. This might give some administrators pause, but 国产精品 (along with many other services in the educational technology space) is designed to meet our responsibilities under relevant privacy laws such as COPPA and to protect personal information contained in students鈥� educational records. (You can learn more in 国产精品鈥檚 Privacy Policy.)

This brings us to the third drawback – the time and effort required to vet applications and their ability to handle PII.  While this might seem like a drawback at first, proper diligence and vetting is foundational to data privacy, governance, and security practices. There are many resources available to support you with data governance and security – including our Cybersecurity Blueprint – complete with standards from industry experts, like NIST and CoSN.

With 国产精品, Data Minimization Wins Out in the Battle for Information Security

Student Data privacy is the first thing we think about, so you can help students learn in the classroom without worry.

We maintain the highest security standards, while adapting to the classroom environment – so that schools and applications support student learning. 

国产精品 gives school IT leaders control over information access through data minimization. You can enable or disable individual form fields for individual applications, giving you superb control and understanding over your critical data and its ultimate destinations.

While data obfuscation can lock students out of learning, data minimization puts you in control. This lets you balance personalization with student data privacy. Speak with a 国产精品 expert and learn how our security philosophy is tailored for the classroom experience.