Core Resources

As we build the privacy evaluation toolkit, we will be sharing the tools we use in our work. Two core tools include our question set and an Information Security Primer.

The question set builds off the rubric developed by the districts. Every question in the question set is mapped to federal privacy statute (FERPA, COPPA, and so on), FTC guidelines, PTAC resources, and/or data-handling best practices. Because each question is mapped to a specific rationale, the question set can be used both to evaluate privacy practice and as a training or advocacy tool to help inform people about the different elements that can be relevant when thinking about privacy terms. Additionally, vendors can use these questions to proactively review their own policies. 

We will be releasing the qualitative questions and the legal mapping as a standalone resource under a Creative Commons license later this winter. We will announce this release on the Privacy blog.

We released the Information Security Primer in late March, 2016. In addition to detailing how to set up a testing environment for Web-based and mobile apps, the primer also covers basic testing scenarios, how to test responsibly, and how to disclose responsibly if and when testing uncovers issues.

Both the questions and the information security primer can be used by anyone interested in evaluating privacy and basic information security. Vendors can use these tools to evaluate their privacy and security practices. Districts can use these tools as part of their strategy to build an internal review process. Parents, students, teachers, and privacy advocates can use these tools to ask questions about privacy and security practices and to evaluate tools on their own.