Fun with GIS 283: Student Data Privacy

189
0
02-28-2021 04:56 PM
CharlieFitzpatrick
Esri Regular Contributor
1 0 189

In the age of COVID, overseeing young people in person means ensuring masks, social distancing, hand washing, and teaching about the pandemic; these are sensible actions for keeping everyone safe. Similarly, overseeing young people online today also takes effort by adults.

Generally, Esri believes students' personally identifiable information (or "PII") should not be shared with the public, by the students themselves, by their peers, or by adults. PII is info by which someone could specifically identify an individual, such as name, likeness, email, phone, or location. Can you spot instances of sharing PII? Imagine seeing an online post entitled "Missing: Student Privacy," with a closeup photo and caption that reads:

8th grader Pat Pupil stands in front of the Pupil residence in Center City's Anywhere Ave apartment building. Pat points to a ground floor window with a sign. "That's my sign, in my bedroom window." The sign reads "Privacy lost, somewhere between here and Lincoln Middle School just two blocks away! Contact 123-456-7890 or patpupil@email.com"

For administrators of ArcGIS Online Organizations, protecting students means not using PII for first name, last name, username, or email. Esri shows admins [document link] how to avoid that in designing logins, whether using a single sign-on approach or spreadsheets, and identifies questions that admins must address to optimize security. These involve:

  • Anonymous access: Is any Org content visible to people without login?
  • Sharing: How widely can students and adults share -- groups? organization? public?
  • "Showcase account:" Is there a generic account that can be the owner of any content approved for public sharing?
  • Profile control: Any data in student profiles should appear generic to an outsider. Can students change any content in their profile? Are student profiles publicly visible?
  • Groups beyond the Org: Can students join groups outside the Org?

Even more, have students and teachers discussed issues of privacy? Do they understand what can be shared and what should not? There is no hard and fast rule that applies perfectly in all cases without exception, so it's important for students and adults to understand principles. Recording data at a student's home address or exact dot on the map is unwise, and teachers need to model and teach strategies such as choosing a nearby street intersection, or local public land, or ZIP Code centroid, as the situation warrants.

At the same time, students, teachers, administrators, and parents should know that Esri works hard to maintain this privacy. Esri does not seek, want, or knowingly collect PII about minors. User sharing is controlled by the Org admin. A user's data belongs to the user; when a user deletes it, it is gone. The website trust.arcgis.com clarifies terms of use and issues around security, privacy, and compliance information.

About the Author
** Esri Education Mgr, 1992-today ** Esri T3G staff, 2009-present ** Social Studies teacher, grades 7-12, 1977-1992 (St. Paul, MN) ** NCGE Distinguished Teacher Award 1991, George J Miller Award 2016 ** https://www.esri.com/schools ** https://k12.maps.arcgis.com ** https://arcg.is/usk12gis ** Only education can save the world.