Login Explore Membership
Search

 

Data Privacy Rubric

 

 

Developed by the 1EdTech Community

The 1EdTech community collaboratively designed a rubric outlining the criteria an edtech application's Privacy Policy and Terms of Service should meet. To establish this set of criteria, 1EdTech collected and compared expectations from K-12, higher education, and supplier members to develop the rubric. 

The 1EdTech Data Privacy Rubric aims to establish a baseline for evaluating an application's privacy protections. The rubric is used by 1EdTech to vet and certify applications. The detailed reports are shared in 1EdTech's TrustEd Apps™ Directory for members. The report findings can be used by education institutions in their own application review and/or procurement decision-making process.

Review 1EdTech's Data Privacy Specification
Learn More

 

 

Explore the Data Privacy Rubric

Assess Whether Your Privacy Policies Meets, Partially Meets, or Does Not Meet Expectations

How are changes to key policies managed?

  1. Do the policies list all data collected?
  2. Do the policies indicate how data is collected?
  3. Do the policies state who owns the data?
  4. Do the policies allow users to delete their data entirely?
  5. Do the policies state the retention of data?
  1. Do the policies state how data is protected?
  2. Do the policies state all confidential & sensitive information is encrypted throughout?
  3. Do the policies state whether or not it enforces strong password creation?
  4. Do the policies indicate whether or not it leverages 2 step (or other forms of multifactor) authentication?
  5. Do the policies state the use of cookies?
  1. Do the policies state the use of third parties?
  2. Do the policies state what information is shared with each third party?
  3. Do the policies state whether or not users can opt out of third-party data sharing?
  4. Do the policies state if the supplier requires third parties to adhere to the terms of the vendor/customer agreement?
  5. Do the policies state whether or not the user is notified of a change in third parties?
  1. Do the policies indicate if advertisements are displayed?
  2. Do the policies indicate whether or not users are targeted for advertisement?
  3. Do the policies indicate whether or not any third parties track or collect information for advertisement?
  4. Do the policies indicate whether or not web beacons or other tracking methods are used for ad purposes?
  5. Do the policies state whether or not users can opt out of sharing data with advertisers?

 

Please refer to the Data Privacy Specification for a comprehensive review of the Data Privacy Rubric.

 

 

Additional Compliance Areas

In addition to the criteria outlined in the Data Privacy Rubric, 1EdTech offers valuable insights into the degree of compliance with a wide range of regulatory policies, ensuring a thorough assessment of data privacy practices.

GDPR

General Data Protection Regulation

COPPA

Children's Online Privacy Protection Act

x

FERPA

Family Educational Rights and Privacy Act

 

Have Questions? We Have Answers.

Our experts are here every step of the way, welcoming you to the world’s most
united edtech community and available to ensure you achieve certification.

We're Always Happy to Help
Email Us

 

 

Wait. You're Not a 1EdTech Member? 

When you join 1EdTech, you'll collaborate with the brightest minds in education and technology. Whether as a Contributing, Affiliate, or Alliance member, our spirit fuels our determination to improve education.

 

Help us improve the accessibility of this site by emailing recommendations to web@imsglobal.org