This summer, Clever released a set of new features to help teachers use instructional technology in their classes. Teachers can now create their own Teacher Page in the Clever Portal, populate it with links and single sign-on apps, and browse the Clever Library, a catalog of pre-configured resources.
We thought hard about how to build security and privacy into these new features and conducted a thorough privacy impact assessment. In this post, we’ll describe that assessment and the corresponding product decisions it enabled. The impact assessment specifically considered the privacy design principles of Visibility, Choice, Minimization, and Compliance.
Thousands of district technology teams use Clever to deliver technology to the classroom with minimal fuss. Before Clever, district administrators would painstakingly craft student data CSV files and share them over difficult-to-secure channels like email. Clever districts share data with apps at the press of a button over a secure API. They get a high level of granularity to decide what data to share about what students. By standardizing data sharing technology, Clever gives districts better data sharing security and privacy controls, like role-based access and field-level sharing.
Like district administrators, teachers make decisions about what technology resources to use with Clever. Previously, teachers weren’t able to set up new programs on Clever. Also, district admins didn’t have a great way to know when teachers would try out new resources in their classrooms separately from district-provided applications. This makes it difficult to ensure teachers are following best practices around data security and privacy.
The Clever Library is designed to help teachers use technology in the classroom and make privacy the default when they do.
Visibility means communicating data sharing to users, and informing them of any changes.
The Clever Library provides visibility for district administrators into the apps teachers use. This includes the number of student and teacher users, how frequently they use resources, and the usage breakdown by school and grade level.
We also provided visibility to districts about the changes associated with these new features. In the months leading up to the release, we sent multiple emails to Clever account owners about the Clever Library. We published the upcoming changes in the Clever Help Center and via an in-product announcement. Over 100 districts attended our webinar to ask any outstanding questions.
Choice means giving users the ability to make decisions about where and how to use their data.
When a teacher adopts a new resource using Clever, they must explicitly choose to share data with an application, just like district administrators. We examined a number of consent screens for other services, and designed ours to be as easy to understand as possible. We explicitly call out a) the data that will be shared, b) with whom the data will be shared, c) the purpose for which the data is shared.
Data sharing choices can change over time. District administrators and teachers can revoke access to student roster data for library applications.
To help teachers make meaningful choices, the Clever Library also offers a way for districts to educate their teachers at scale about best practices. Resources in the Library have certification labels, such as whether they have signed the Student Privacy Pledge. This month, districts will be able to provide recommendations and advisory notes on particular resources that they want to encourage or discourage. If there are serious concerns about the use of a given resource, district administrators can also block the use of the resource in their district.
Like any new feature that affects security and privacy, one size does not fit all. That’s why district administrators can choose to disable teacher’s ability to add SSO apps. We considered an opt-in vs. opt-out model. Based on our understanding that the majority of districts would want these features enabled, we decided to make this capability on by default. It was paramount that we gave district administrators notice about the new data sharing flows of the Clever Library, and made the opt-out choice intuitive and simple.
Minimization means sharing the absolute minimum data required for the given purpose.
When a teacher uses Clever to set up student accounts, Clever shares the absolute minimum information. We do not share student identification numbers (including student number, SIS ID, or state ID), information about what school or district the user is coming from, or any demographic information about the student other than their name and grade.
We continually look for ways that we can decrease the scope of data shared. For instance, we initially assumed student email address would be a required data field. We heard from districts that this was concerning, and so we went back to all our apps to see if they could create student accounts without email address. They confirmed that they could, and so we removed that as a provided field.
To further minimize data sharing, we are beta-testing a type of data-sharing that does not transmit student names. As long as this does not dramatically hinder the way students or teachers use their applications, we will make this the default for all resources in the Library.
Compliance means respecting federal, state, and local laws and policies around data sharing.
Almost all Clever Library applications have signed a Universal Data Sharing Agreement that applies to any sign up via Clever and offers additional protections for schools and districts beyond the application’s terms of service. Furthermore, if any application does not comply with FERPA and/or COPPA, we will promptly remove it from the Library. Concerned districts can contact firstname.lastname@example.org with any information on particular resources.
Giving districts control over their student’s data is Clever’s top priority. With Clever Library, we’re giving teachers the same superpowers that administrators have had for years: to seamlessly enable rostering and single-sign-on for apps. Making sure that everyone can achieve their goals can be tricky. Clever understands that improving edtech means building on what works. The Clever Library drives the right balance by making teacher-driven app usage easier while improving district data visibility.