Protecting student data is a top priority for districts and schools, and the laws governing data protection can make navigating student privacy a difficult task, especially when users do not agree on privacy requirements.

Edtech companies face these seven big privacy concerns:

1. Edtech investors are far less interested in student data privacy protections than in other benefits edtech has to offer.

According to edtech entrepreneurs, the rules surrounding data privacy protection tend to choke innovation and prevent companies from being genuinely creative.

2. No one set of parameters defining student privacy exists. Edtech can collect everything on students from binary number logins to student ID numbers.

Data collection and storage requirements are driven by policies at the federal, state, and local levels. These requirements are not always consistent. As a result, the edtech companies, parents, and schools often do not see eye-to-eye on student data privacy concerns.

3. Selling an edtech company may or may not mean selling the student data that has been collected so far.

When companies change hands, student data may or may not be part of the purchase. Unless it has been erased, the data is part of a student’s personal profile, and this information can show up long after graduation, affecting college enrollment and even employment.

4. Schools demand big data to make instructional decisions, and yet hackers may seek out personal student data for malevolent purposes.

It makes sense for schools to want to review student data; however, as edtech companies collect information, the data collection attracts hackers. In response to potential security threats, edtech companies must beef up protection.

5. Some schools and districts refuse to give up apps and social media platforms proven to release student data to third-parties.

The recent Facebook scandal involving Cambridge Analytical gave rise to concerns about data privacy, and yet many schools and districts continue to push out posts through Facebook, and they encourage families to do the same. Edtech companies may find the mixed messages about data privacy troubling.

6. School districts do not always read the user agreements thoroughly.

FERPA is clear that any personally identifiable student information must be masked. Schools should avoid asking parents to sign the user agreements with edtech companies that request permission to use, publish, or otherwise distribute data. One complaint has already targeted a Pennsylvania-based virtual charter school for violating FERPA this way.

7. New laws require absolute student data protection.

States that pass laws requiring edtech companies to comply with security requirements may be unaware of the impact that has on not only the edtech company but also the school district. Companies not in compliance with the new data security laws will not be allowed to place their products in schools.

Edtech has a Herculean task ahead. These vendors must protect student data and keep it secure. Addressing these concerns can set them on the right track.