Group

Case Study

Building Effective
Communications Around Student
Data Privacy

School

Heinz College at Carnegie Mellon University, PITTSBURGH, PA

School of Public Policy & Management

summary of student data privacy & research

Joseph Babler & Amanda Prichard

Carnegie Mellon and a team of graduate students examined current practices of a select group of education technology startups in the K-12 space around student data privacy issues in this School Dismissal Case Study. Through a series of semi-structured interviews, the team explored how each company develops public-facing communications regarding data use, privacy, and security policies. 

Carnegie Mellon Case Study

Case Study Key Findings

  • Beyond complying with federal and state-level requirements, EdTech companies do not prioritize student data protections, as compared to customer acquisition and product development in their first five years. 
  • Due to factors such as limited resources and little demand from customers, EdTech companies do not establish formal strategies around public-facing communications about student data privacy for external stakeholders.
  • Most EdTech companies use an open source, standardized privacy policy as a foundation for informing users adapting sections from competitors’ privacy policies, as well as adding in sections based on customer demand and changes in federal or state-level requirements. 
  • Concerns about complying with privacy regulation and guidance do not seem to inhibit innovation at EdTech companies.