Andrew Smith, CEO of Education Services Australia, on data security and privacy in schools

By Andrew Smith

Andrew Smith analyses the challenges surrounding data security and privacy in schools and recommends some resources that can help school professionals address these challenges.

Student using laptop

All of us, library professionals included, need to work together to protect our schools and students at this time of high reliance on digital technologies. 

Digital technology and innovation are an intrinsic part of society and education. Rapid technological growth and enhanced access to

technologies continuously present new possibilities for teaching and learning at school and remotely. At the same time, integration of digital technologies in schools can be a complicated process and one that is not without risk. 

The global COVID-19 pandemic has triggered an unprecedented disruption to Australia’s system of classroom-based learning, forcing teachers to rapidly adapt to new methods of digital pedagogy, resulting almost overnight in a rapid expansion in the use of education technology products in classrooms.

Understandably, most of the focus has been on making these valuable learning tools available to as many students as possible, as quickly as possible. 

An estimated 4,000 online education products and services are used across Australian classrooms. These products and services continually evolve with new features and functionality being added frequently.

School library professionals are already deeply aware of this, as they advise staff and students about quality curriculum resources, many of which are online. If you are reading this, you already know the services that SCIS Data provides in this area, and about the regular Website and App reviews in each Connections issue.

Schools and the educators you work with are already deeply concerned about online safety and security. ESA’s 2020 Voice of Education research project asked educators about the post-COVID classroom. Respondents cited ‘online safety and security for students’ as the most important issue the sector would have to manage. Three-quarters of those surveyed rated it as ‘extremely important’, placing it on a par with quality professional learning for teachers, quality curriculum resources, and accessible technology solutions. 

Specific Challenges

Privacy and data security present complex policy challenges. Family, peers and education settings have traditionally been recognised as the three most influential environments in a child’s socialisation. We now understand that the digital environment can be added as a fourth. 

For this reason we must be vigilant and take proactive steps to create a digital environment that recognises the privileges and rights of children. 

The risks that young people face as they navigate the digital world can be classified into four broad categories (5Rights Foundation, 2019):


Close partnerships are forming between education technology providers and educators through an increasing commitment to safety, privacy and security by design.
  • Content risks: the risk of exposure  to harmful material such as age-inappropriate content, disinformation, hostile discourse or content that endorses risky behaviour. 
  • Contact risks: research shows that one in four young people have been contacted by someone they don’t know online. Often the contact  is harmless but at times it can be inappropriate, unwanted or unsafe (eSafety Commissioner, DATE) .
  • Conduct risks: online interactions that are harmful such as cyberbullying, sexting or loss of personal data.
  • Contract risks: a young person is exposed to inappropriate commercial contractual relationships that include sharing of personal data or targeted advertising. 

No environment, online or physical, can be made entirely risk free. However, in a rapidly evolving digital-first world where student learning is increasingly supported through digital applications and resources we must be proactive in supporting young people. 

Available national support

Education is a key component of any safety strategy. ESA and the Office of the eSafety Commissioner both play a key role in providing education resources for young people, educators and product developers so that they, in turn, can ensure the safety of students. 

Increasing the knowledge and confidence of our teaching workforce in areas related to online safety and security is critical to developing a broad understanding of the full range of opportunities and risks in the digital environment. Initial teacher education programs have an obligation to impart a basic understanding of online safety covering choice and use of applications and programs. For existing teachers, there is an opportunity to incorporate professional learning into professional standards and continuing professional development requirements.

Library professionals including teacher librarians can also provide valuable support for teachers, school leaders and parents. Information for parents often contains conflicting messages about their child’s interaction with the digital environment. On one hand, they are told that their child’s future prospects depend on their digital literacy and ability to harness technology, on the other, they read media articles that make the risk of extreme harm loom disproportionately large. The need to arm parents with quality information and guidance on how to discuss online safety with children has never been greater. 

Children represent one-third of all internet users globally (Livingstone et al, 2016) and it is important to recognise that the data created by children in the digital world has significant economic value. Educating young people about the value of their data, in both a personal and commercial sense, will shift the dynamic. 

Increased understanding of their value will assist them to see themselves as discerning consumers with rights and, in turn, force education technology vendors to be more selective about what they collect (5RightsFoundation, 2019). The end result being better protection for children who are interacting with digital technologies in the education setting.  

Campaigns and resources to enable young people to look after themselves online are necessary, but not sufficient. It is the responsibility of all stakeholders to create a digital education world in which children can flourish and do so safely and with confidence. 

The Privacy by Design Approach

 Education technology developers are now strongly encouraged to adopt a Privacy by Design (PbD) approach to their design and development activities. The PbD approach is characterised by proactive rather than reactive measures. It does not wait for privacy risks to materialise, it anticipates and prevents privacy breaches and covers the entire lifecycle of the product. Thus, PbD ensures cradle-to-grave, secure management of a child’s information.  

 Close partnerships are forming between education technology providers and educators through an increasing commitment to safety, privacy and security by design. 

The Safer Technologies 4 Schools (ST4S) program

The Safer Technologies 4 Schools (ST4S) program is a national partnership between ESA and all Australian state, territory, Catholic and independent school sectors that assesses online education products and services against an agreed set of privacy, security and online safety criteria. The initial round of assessments found that, among commonly used education technology products, one in five did not meet the standards. While this is a cause for concern, in a positive sign of industry commitment to privacy and security, vendors addressed gaps in a timely manner, making all students safer online. 

Strengthening our collective commitment to privacy through education, product design and transparency is key to ensuring that education technology products are appropriate for the changing developmental stages of children and young adults. 

Ongoing research

The last 18 months have fast-tracked our understanding of the extent to which almost every aspect of a student’s education is, or will be, impacted by digital technology. While some students have thrived, others have likely needed additional support to navigate issues with access and digital literacy.

Research into these scenarios and their impact on young people’s learning is well advanced. Another important area to examine is how various privacy and data security protections, which exist to protect students, have performed under the surge in demand for online learning products and services.  

Our duty of care

Teachers and school leaders take their duty of care for students in the digital environment as seriously as they do their duty of care in the physical environment. All of us, including library professionals, have a responsibility to support children and young adults as they navigate the digital world. Failure to do so is a failure to uphold the protections and rights that define childhood.

Andrew Smith


Education Services Australia

Andrew Smith is CEO of Education Services Australia, a not-for-profit education technology company owned by all Australian education ministers. ESA develops and deploys national education infrastructure, develops digital education resources, and provides technology-based services to the education sector.