Privacy and Security of State Ed Agency Websites are Awful

Posted on February 5, 2018 by A.P. Dillon

Security and privacy of state and local educational agencies are awful according to a study conducted by Ed Tech Strategies.

During their review over a 4 month period, Ed Tech Strategies look at every state-level education agency and 159 local district website. What they found was a total lack of privacy and a disturbing lack of security.

“The use of third-party ad tracking and online surveillance technology was found to be nearly universal on both state and local education agency websites While the use of Google user tracking technology, including but not limited to the use of Google Analytics services, was found to be deployed on 9 of 10 state and local education agency websites, well over 40 unique tracking services were identified in the limited scans conducted by this study. Also commonly found on state and local education agency websites were ad trackers provided by Twitter and Facebook.” – Ed Tech Strategies Press Release

Other Key Findings:

  • Most state and local education agency websites do not support secure browsing, putting both schools and website visitors at risk;
  • Virtually every state and local education agency has partnered with online advertising companies to deploy sophisticated user tracking and surveillance on their websites, quite extensively in some cases; and
  • Many state and the vast majority of local education agency websites do not disclose the presence and nature of this ad tracking and user surveillance, or the mechanisms for how users can opt out of these data collections. Those few that do make such disclosures often do so in misleading ways, including by making demonstrably false statements about their privacy practices.

The report says that 63% of state-level education agency websites published a privacy policy that disclosed the presence and use of ad tracking and/or cookies on their sites. At least 10 states policies had “misleading or provably false statements about their data collection and privacy practices.”

The local districts faired far worse, with only 12% of district websites containing a published privacy policy with the disclosure of the presence and/or use of ad tracking and cookies on their websites.

The local district data is very concerning with the increasing ‘Bring Your Own Device’ (BYOD) policies being implemented around the country and in North Carolina.

Wake County Public Schools has such a policy and I’ve written before about what a privacy nightmare it is. The privacy statement for WCPSS’s BYOD policy says that “without notice” the school can “monitor, track, and/or log network access, communications, and use.”

How did North Carolina at the state level do?  Awful.

Website: http://www.dpi.state.nc.us/
Site Security: Not Secure
Ad Trackers/User Surveillance: Present (Google)
Google Analytics: Present
Privacy Policy: http://www.dpi.state.nc.us/legalnotices/#privacy
In compliance with Google Analytics Terms of Service? No

About A.P. Dillon

A.P. Dillon is a reporter currently writing at The North State Journal. She resides in the Triangle area of North Carolina. Find her on Twitter: @APDillon_ Tips: APDillon@Protonmail.com
This entry was posted in A.P. Dillon (LL1885), EDUCATION. Bookmark the permalink.