As a component of the TrustEd Apps program, the 1EdTech community collaboratively designed a rubric that covers the base set of questions that K-12 districts and higher ed institutions need to ask when vetting an application's data privacy policy and terms of use. To establish this series of "must ask" questions, the participants compared all of the questions collected from K-12 districts, higher education institutions, and external organizations and selected all of the questions that were similarly being asked by each group. The main objective of the rubric is to develop a baseline for evaluating a product's data privacy protections that an institution may use as a component of its own application review process.
The TrustEd Apps data privacy rubric is used by 1EdTech to vet applications and produce reports shown in the 1EdTech TrustEd Apps Product Directory, and detailed reports are available to 1EdTech Members. The rubric addresses information and criteria for the following areas:
Data Collected |
Does Not Meet Expectations | Meets Expectations (Reservations) | Meets Expectations |
---|---|---|---|
This section of the rubric covers what data the supplier collects. Specifically, what information a user is required to input and how the user can interact with their own data. |
The policy does not meet the criteria established by the rubric. |
The policy is unclear as to what it may or may not do as established by the criteria in the rubric. |
The policy fully meets or exceeds the criteria established by the rubric. |
Security |
Does Not Meet Expectations | Meets Expectations (Reservations) | Meets Expectations |
This section of the rubric covers all of the supplier's back-end security policies and practices. Specifically, it addresses encryption, cookies, and authentication. | The policy does not meet the criteria established by the rubric. | The policy is unclear as to what it may or may not do as established by the criteria in the rubric. | The policy fully meets or exceeds the criteria established by the rubric. |
Third-Party Data Sharing |
Does Not Meet Expectations | Meets Expectations (Reservations) | Meets Expectations |
This section of the rubric covers all third-party interactions with the supplier and user’s data. This section also addresses the selling or sharing of user data. | The policy does not meet the criteria established by the rubric. | The policy is unclear as to what it may or may not do as established by the criteria in the rubric. | The policy fully meets or exceeds the criteria established by the rubric. |
Advertising |
Does Not Meet Expectations | Meets Expectations (Reservations) | Meets Expectations |
This section of the rubric covers how the supplier manages advertisements and whether or not there is ad targeting or tracking. | The policy does not meet the criteria established by the rubric. | The policy is unclear as to what it may or may not do as established by the criteria in the rubric. | The policy fully meets or exceeds the criteria established by the rubric. |
The full rubric may be reviewed by visiting the Data Privacy Specification.
Optional Extensions
Occasionally, an institution may have additional needs or requirements. The following optional extensions can be used with the TrustEd Apps Rubric to provide additional information and criteria:
Availability of Policy
This section of the rubric covers the privacy policy. Specifically, whether a link to the policy exists, where the link is located, when it is presented to the user, and how it is formatted. Data Handling This section of the rubric deals with how suppliers handle data with regard to data retention and deletion. Social Interactions This section of the rubric covers how social media is managed and used within the app. |
Legal This section of the rubric covers all state and federal regulations on student data including COPPA, FERPA, and HIPPA. Accessibility This section of the rubric covers accessibility and accommodation standards compliance. Mobile This section of the rubric covers mobile application privacy, safety & security. Integrations This section of the rubric covers the privacy, safety, and security of third-party integrations. |
Feedback or questions about the rubric may be sent to appvetting@1edtech.org.