Disclaimer
1EdTech vets edtech suppliers’ data privacy policies according to the 1EdTech TrustEd Apps Data Privacy Rubric. As a standard process and member benefit, 1EdTech automatically vets all members' data privacy policies. Additionally, members can request a review of a non-member’s (supplier’s) data privacy policy. Achieving the TrustEd Apps Seal of Data Privacy indicates adherence to a baseline level of privacy. Institutions should review an application's detailed vetting results before approving it for use.
What are the benefits of the 1EdTech TrustEd Apps Data Privacy Program?
The 1EdTech TrustEd Apps Data Privacy program benefits institutions that do not have the time or the resources to thoroughly vet a product’s privacy policy. Organizations vetting free applications may only scratch the surface of understanding data privacy and security. 1EdTech's TrustEd Apps Data Privacy Program allows institutions to:
- Save time and money
- Safeguard against free apps violating student data privacy standards
- Catalog all of their edtech applications by quickly building a dashboard of approved apps
- Communicate with developers to clarify issues found in policies or an application’s security
The 1EdTech TrustEd Apps Program uses member-established criteria for evaluating apps that encompass data privacy, information security, accessibility, and more. While developers of edtech applications strive to meet the data privacy and security expectations from K-12 and higher education institutions, using the TrustEd Apps program allows vendors to refine their products with student data safety in mind, increasing the adoption of their products and ensuring compliance with federal or state privacy laws. The myriad of state and federal guidelines and laws regarding student data can be confusing to navigate. Giving suppliers a standard that explains what criteria to meet simplifies the process.
Thoroughly vetting an application can take several hours. As the TrustEd Apps program evolves, we are looking to further reduce the time needed to evaluate applications. Future plans include embedding details about the app vetting criteria and translating those results into a machine-readable format (JSON) so that both K-12 and higher ed institutions can thoroughly vet an application quickly and easily.
What is App Vetting?
A key component of the TrustEd Apps Data Privacy Program is privacy policy vetting. Several organizations vet “free” educational applications for use in the classroom and employ a variety of simple processes and checklists. Few organizations can thoroughly vet and evaluate any educational application, regardless of price. Vetting an application involves:
- Knowing what questions to ask to gauge the comprehensive security and privacy policies of the application
- Knowing where to look for answers in a supplier’s Privacy Policy and Terms of Service Agreement
- Reading a Terms of Service Agreement
- Reading a Privacy Policy
- Contacting the vendor to discuss policy concerns
- Verifying compliance with data transmission security requirements via testing
- Testing all application functionality to confirm policy and terms of service statements.
There are nuances in evaluating fee versus free educational software. Free applications are often used in the classroom at K-12 and higher ed institutions. Paid applications may have legally binding contracts to hold a vendor to its data privacy standards. Vendors who provide free applications do not require legally binding contracts and have no obligation to follow any standards. It is important to understand what free applications do with data and how they safeguard student information. There may not be a contract, but data is still being produced. The 1EdTech TrustEd Apps Data Privacy Program helps to protect teachers and institutions, and ultimately students by allowing the institution to understand how data obtained from an app is used.
Who vets privacy policies?
The highly trained 1EdTech data privacy team vets the privacy policies using the 1EdTech TrustEd Apps Data Privacy Rubric
Who can view vetting results?
Only 1EdTech members can view complete product reviews.
What is the process for publishing reviews?
All privacy policy reviews will be analyzed by 1EdTech staff before publication in the product directory to verify that all criteria for posting have been met. If 1EdTech determines that not all criteria have been met, 1EdTech will work with the reviewer to complete all remaining criteria. 1EdTech will also contact the product owner to notify them of a review. Applications that receive a “Does Not Meet Expectations” vetting will not be posted in the product directory before the vetter and supplier review to ensure any questions are answered and clear up any misunderstandings regarding product policies. If the supplier has not responded to a request to meet to discuss a review within 20 days of contact, 1EdTech may choose to publish the review in the product directory. Application vetting results will be valid for one year from the date posted. Suppliers may request an application vetting review be resubmitted if changes to a privacy policy have been made that result in a change to the current rating.
What is the process for submitting a grievance about a review?
If there is a grievance with a review, please contact appvetting@1edtech.org 1EdTech Staff will conduct a review to determine a mutually agreed-upon rating. If the parties cannot resolve a grievance, 1EdTech will send the matter to the App Vetting and Privacy Task Force for resolution by vote. Voting rules for Project Groups and Task Forces will apply. If the vote is inconclusive, 1EdTech staff will make a final decision.
How are edtech applications vetted for data privacy?
Each application's published privacy policy and terms of use are vetted using the 1EdTech TrustEd Apps Data Privacy Rubric, which was collaboratively developed by the 1EdTech community.
How can I access the vetting results of an edtech application?
The general public can see that an application has been vetted in the 1EdTech TrustEd Apps Product Directory. A member of 1EdTech can view the detailed vetting results by logging in to the 1EdTech website and viewing an application in the same directory. Members may contact 1EdTech for the necessary credentials to log into the website. Some members may access the detailed vetting results through the TrustEd Apps Dashboard. This access must be set up collaboratively with the member institution, an eligible supplier, and 1EdTech.
What is the 1EdTech TrustEd Apps Seal of Data Privacy?
For suppliers, the 1EdTech TrustEd Apps Seal of Data Privacy certifies that an application satisfactorily completes the 1EdTech TrustEd Apps vetting process, and its ratings on the 1EdTech TrustEd Apps Data Privacy Rubric are fully disclosed and meet expectations for data privacy in all areas of the rubric.
For educational institutions, the 1EdTech TrustEd Apps Seal of Data Privacy certifies that an institution successfully completes training in the 1EdTech TrustEd Apps vetting process and possesses the necessary skills to vet applications for privacy and security using the 1EdTech TrustEd Apps Data Privacy Rubric.
How can member institutions advocate for suppliers to achieve the 1EdTech TrustEd Apps Seal of Data Privacy?
Institutions may seek suppliers with the 1EdTech TrustEd Apps Seal of Data Privacy. They may require that suppliers without the seal obtain it before procuring those resources and include the requirement for the seal in their contracts and requests for proposals (RFPs). 1EdTech staff collaborates with suppliers to complete the 1EdTech TrustEd Apps vetting process to address potential or identified areas of concern.