Case Study
Building Effective
Communications Around Student
Data Privacy
School
Heinz College at Carnegie Mellon University, PITTSBURGH, PA
School of Public Policy & Management
summary of student data privacy & research
Joseph Babler & Amanda Prichard
Carnegie Mellon and a team of graduate students examined current practices of a select group of education technology startups in the K-12 space around student data privacy issues in this School Dismissal Case Study. Through a series of semi-structured interviews, the team explored how each company develops public-facing communications regarding data use, privacy, and security policies.
Case Study Key Findings
- Beyond complying with federal and state-level requirements, EdTech companies do not prioritize student data protections, as compared to customer acquisition and product development in their first five years.
- Due to factors such as limited resources and little demand from customers, EdTech companies do not establish formal strategies around public-facing communications about student data privacy for external stakeholders.
- Most EdTech companies use an open source, standardized privacy policy as a foundation for informing users adapting sections from competitors’ privacy policies, as well as adding in sections based on customer demand and changes in federal or state-level requirements.
- Concerns about complying with privacy regulation and guidance do not seem to inhibit innovation at EdTech companies.