Tag Archives: ICTEdEx

Time To Get Glowing…⤴

from @ If You Don't Like Change…

My work as part of the ICT Excellence in Education group (ICTEdEx) is over, and our report was recently published. The next stage has been to hand our recommendations over to an implementation group who are charged with carrying them forward. In an ideal world, the implementation group would simply take what we have asked for and make it happen… but this is not an ideal world, is it?

Screen Shot 2013 02 10 at 16 47 26

One of the most encouraging aspects of the ICTEdEx group was that practitioners like myself and Ian Stuart, Jaye Richards-Hill, Fraser Spiers, Jo Bell and Charlie Love were an integral part of the process. All of the groups’ thinking was grounded in the realities of classroom practice. Between us, we know what works, we know what is possible, and we know how to enable this to happen for all teachers, learners and parents in Scotland. In fact, it is no secret that we were all aware of the sterling work that Charlie Love in particular has been undertaking to create Glew. Glew — for those that aren’t yet aware of it — is a brilliant, working, open example of everything we all hoped Glow would be first time round. It reflects the panoply of tools that are available and is designed from the ground up to be platform and provider agnostic. It encompasses a blog and wiki engine, an e-portfolio element, a Moodle VLE, a survey engine… and even better, Charlie is actively looking for suggestions for new tools and services for inclusion. In short, it fulfils all the requirements for a teacher wishing to move their learning online.

The danger with handing over our recommendations is that we are at the mercies of those who are not hands-on classroom practitioners on a day-to-day basis. They will make decisions based on political expediency, on business interests, on career prospects, and on a knowledge of ICT in education that is just too many steps removed from the realities of the online world that we now inhabit and into which our learners will be moving. I think it would be a terrible waste were all our recommendations to be ignored… in fact, I think they should be adopted lock, stock and barrel — especially as they are designed to allow for new services and ideas to be added as they arise. But, and it’s a big but at that, we have put forward recommendations and as such, they can be adopted or ignored and there is very little I can do other than look on from the sidelines and think about what may have been.

Hotspot iphone 5  320×415

One thing that it may be worth remembering in all this is that, as far as connected learning goes, everything we do is very much in its infancy. The rapid adoption of ‘smart phones(PDF Download), the rapid expansion of 4G networks, and the inevitabilities of Moore’s Law mean that the learners will soon have more technology in their hands than a school can ever hope to provide. In this setting, we will soon find ourselves without any real need to access the school network or Glow unless it offers something of value. The low take up of many of the original Glow’s services can be seen as being symptomatic of the lack of relevance of them. What we endeavoured to do with our recommendations was propose a solution that would be powerful, flexible and adaptable and that would recognise the professionalism and knowledge of classroom teachers. If the implementation group fail to realise this, or allow outside factors to dictate their decisions, then there is a real danger that instead of providing a dynamic and powerful set of tools to enable and support learning, they will have created another edughetto with little hope of popular support and usage. Without a compelling reason to use it, the next generation of Glow will be replaced by the hotspot option of 4G smartphone and all our work will have been for nothing. Our learners deserve better.

Safe Harbor⤴

from @ If You Don't Like Change…

Clarity on Safe Harbor

Clarity on Safe Harbor

As part of my involvement with the Scottish Government’s ICT Excellence in Education group I have been learning a lot about ‘Safe Harbor[sic] agreements and their impact on what we can and can’t do with data in schools. In addition, it has become very apparent that many people don’t know very much about the topic and that as a result, the default position is to block things rather than find out the reality. I don’t think it’s any secret that one of the services I really like for using with classes is Edmodo, but there have been questions raised about Edmodo and its safe harbor status so, in the interests of explanation and clarity, here’s a wee guide to what safe harbour is, how you can check whether a service is a signatory, and why Edmodo is safe to use.

We have a great responsibility in schools to keep pupil data safe and secure. However, in the ‘cloud’ computing age, it is becoming more and more common for our online data to be hosted ‘somewhere’, and it’s not always easy to know where. The relevant legislation and laws governing how this data is used lies within the Data Protection Act 1998 (DPA98). From a Scottish point of view, Data Protection is what is known as a ‘reserved matter’ — which means Westminster makes the law rather than the Scottish Government, so address any complaints to London!

Schedule 1 of the DPA98 lists its key principles as follows:

 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –

(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6. Personal data shall be processed in accordance with the rights of data subjects under this Act.

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

The UK Data Protection was a direct response to EU Directive 95/46/EC which was introduced in 1995 and had to be enacted by the end of 1998 (hence the date of the UK DPA). It is fair to say that the EU and by extension, the UK, have some of the most rigorous data protection rules in the world. This has had the knock on effect of meaning that it is expressly forbidden for pupil data to be held outwith the European Economic Area (EEA — ie: the EU for all practical purposes) unless the company has agreed to observe the same level of protection for the data as that provided within the EEA. Note the important point, an individual company can be approved to host data, there is no requirement for there to be an agreement with a whole country. That said, because of the importance for American businesses in particular to be able to work seamlessly with residents of the European Union, it was decided to create a US-EU agreement in 2000 whereby American businesses and service providers could adopt the principles of EU Directive 95/46/EC. In effect, they would agree to maintain the same levels of security and protection of personal data as that offered within the EU. This is the ‘safe harbor’ agreement.

In order to transfer data outwith the EU, Principle 8 of the DPA98 comes into play. This states that:

Personal data shall not be transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Sending personal data outside the European Economic Area (Principle 8)

The ‘safe harbor’ agreement is overseen by the EU and the US Department of Commerce. As long as a company is signed up, we do not have to worry about the fact that data will be held in the US. There is, however, one very important condition to this which I will mention when talking about Edmodo in a minute or two.

In short… as long as a US company has agreed to observe ‘safe harbor’ environments — which they need to re-accredit themselves with every year — there should be no legal reasons why you should not use them. So… how do you check whether a company is a ‘safe harbor’ signatory?

How do you know?

The obvious place, and the first port of call, is the US Government’s Department of Commerce Safe Harbor site which you can find at http://export.gov/safeharbor/. However, you need to be aware that this site is not fully up to date… in fact, it really does need to get a serious overhaul! You can search, but you will struggle to find some really obvious companies thsat are signed up to the safe harbor agreement… which brings me to Edmodo and TRUSTe.

Is Edmodo a ‘Safe Harbor’ company?

One of the most popular sites that teachers have been adopting for using in class is Edmodo. It looks like a very well known social media site, but is designed from the ground up to be a virtual classroom with lots of whistles and bells. It also has the advantage of being popular with classes as they ‘get it’ from the word go. Chuck in the mobile Apps for iPhones, iPods and iPads, as well as the new Android app, and you begin to appreciate that Edmodo are really on to something (Disclosure: I am a fan!). There is, however, one particular fly in the ointment that needs to be addressed. I have seen a very snippy response from someone that Edmodo is not a ‘safe harbor’ company and so should not be used. The basis for this assertion was that Edmodo does not (yet) appear on the US Gov’s ‘Safe Harbor’ listings, but, as I mentioned above, the ‘official’ site is notoriously slow at updating, and does not have all safe harbor companies listed. Fortunately, there isTRUSTe TRUSTe. This is the online privacy company used by Microsoft, Apple, Disney and many, many others to ensure data and privacy legislation compliance. In short, they are in the business of keeping companies secure, and also in the business of ensuring that all their data is entirely up-to-date and relevant.

If you go to the TRUSTe search page (http://www.truste.com/consumer-privacy/trusted-directory/) you can enter any company or service name and will be given a list of all the relevant certificates or seals that the company holds. A quick search for Edmodo returns this:

TRUSTe Edmodo Search

TRUSTe Edmodo Search

Edmodo are indeed an EU Safe Harbor company… but I decided to bite the bullet and ask them why they didn’t appear on the US Gov Safe Harbor list. I dropped them a line and got a wonderful reply from Lucia who, amongst other things, let me know that their lawyers are working on speeding up the US Gov list. What she also reminded me of, was the condition I hinted at earlier. It is essential that in order to comply with the legislation, every learner who signs up for Edmodo completes a consent form. There are some samples available through Edmodo itself, but you will need to customise them for your school and to include a space for parents/carers to sign their agreement. Once you have received these, you should be good to go… unless, of course, your LA decides that Connected Learning is not a desirable thing. :-/

Summing Up

In conclusion, here are the sound bites that I should have just tweeted!

  • You can use a service/solution that hosts personal data outwith the EU as long as the company/service are signed up to the Safe Harbor agreement.
  • You should use TRUSTe as well as the US Government to check the safety credentials of a site.
  • Edmodo is a (rather awesome) ‘safe harbor’ company.

I hope this helps clear up some of the confusions I’ve been hearing about. Feel free to post a comment if you have any questions or wish further clarification. 😉

[UPDATE — Meant to mention this in the main body of the post, but Google are also a safe harbor company which is great news if you wish to use Google Apps with your learners! 😉 ]