Assessment and survey tools
Assessment tools produce exactly the data that is hardest to de-identify: a detailed profile of how one specific teenager thinks. Small caseloads make "aggregate insights" from these tools riskier than the word suggests.
Start with these explainers
-
What "de-identified" student data actually means
Platforms keep de-identified data forever. How de-identification works, why small groups re-identify easily, and the questions that reveal the difference.
-
The bankruptcy clause: student data when a platform is acquired or folds
Most privacy policies let data transfer in a merger, acquisition, or bankruptcy. What the clause looks like and what happened when the FTC intervened.
-
Does FERPA protect your students' data? For IECs, mostly no
FERPA binds schools that take federal funds, not independent educational consultants. What actually protects the data families hand to your practice.
-
What SOC 2 does and does not tell you
SOC 2 is an audit of security controls the company chose, not a promise about what it may do with student data. What the badge covers and what it never can.
-
If the platform is free, what is the business model?
Free tools for your practice are paid for somehow. The revenue models behind free edtech and the policy clauses that reveal which one you are looking at.
-
Aggregate insights and the small-group problem
Averages over small groups can identify individual students. Why aggregate reports from a boutique practice are riskier than the word aggregate suggests.
Evaluating a specific platform in this category? Take the checklist to the demo, and run its policy through the prompt pack first.