Study Highlights Security & Privacy Flaws in Public Educational Agency Websites

Across the country, students, parents, and community members rely on websites as a primary source for information about their children’s education, meal planning, and community events. The websites may be operated by a school, a district, a county office of education, or a state-level educational agency. A recent study entitled Tracking: EDU: Education Agency Website Security and Privacy Practices, produced by consulting firm EdTech Strategies, LLC, highlights significant privacy, online surveillance, and other security issues with the websites of many school districts and state departments of education.

The study illuminates the nearly universal presence of third-party ad trackers and online surveillance software embedded in educational agency websites. According to the study, approximately 90% of state departments of education and all but one of the 159 large school districts analyzed employed Google Analytics services to gather website user data for targeted advertising. School district websites surveyed also deployed tools from approximately 40 other ad tracking services, including Facebook and Twitter.

Another concern highlighted by the study is a lack of clear and appropriate website privacy policies. Only 19% of the school districts studied had privacy policies published on their websites. And even when policies were published, most were incomplete or misleading. For example, the privacy policy on one school district website asserted that the website would not place “cookies” on users’ devices. But the same school district website used tools from Google Analytics and other ad tracking services that do, in fact, deploy cookies.

The study also points out a widespread failure to adopt the “https” secure browsing protocols on school district websites. Such protocols help protect website users from viruses, third-party snooping, and hijacking. Fewer than half of the school district websites analyzed in the study consistently supported secure browsing.

Nothing in the study indicates any of the agencies were intentionally misleading website users about these privacy and security issues. Instead, the study’s author suggested that — given limited budgets, staff, and resources — school district IT departments and policy makers might simply be unaware of or unable to address the privacy and security issues “under the hood” of their websites.

If you need assistance navigating the complicated intersection of education and technology, our experienced attorneys are eager to help.

Categories: Technology

Other AALRR Blogs

Recent Posts

Popular Categories



Back to Page

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Privacy Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.