Here at Clever, we think a lot about security and privacy. We support millions of students, half of the schools in the country, and have over 250 application partners—so, we closely track trends and legal requirements for both applications and districts.
We follow federal laws like FERPA and COPPA, in addition to the many state laws that have been passed in recent years. The federal laws are 44 years and 19 years old respectively. Because of the age of the laws and the speed of technological development, states pass additional laws (91 in 3 short years!), creating a complicated web of legal requirements.
At Clever, it’s important we always use a “privacy by design” approach when releasing new features. In other words, we want to design our products with privacy in mind from day one—and on equal footing with core considerations like usability.
At Clever, we have a clear commitment to student data privacy with three straightforward policies:
1. We only collect personal information schools choose to share with us
2. We only share data when schools instruct us to
3. Schools always own their data
Student data privacy and security are our foremost responsibilities here at Clever. We invest heavily to ensure that we are improving privacy for schools, students, and teachers, and we make sure that everyone at Clever is constantly working towards this goal.
Recently, a critical security issue was discovered and disclosed to the larger community. This issue, nicknamed Shellshock, could have allowed an attacker to take control of certain systems using specially crafted HTTP requests. The vulnerability came from a flaw in Bash, a tool used by the majority of Internet web servers, including some of Clever’s machines.
Schools, districts, and EdTech vendors are faced with a challenge: providing personalized learning software while protecting student privacy. With rapid changes in technology, EdTech vendors and school officials must spend time understanding the relevant laws and adopting best practices for handling student data.