Publications

The Privacy Program is backed by the Common Sense Research Program, led by a team of experts in privacy law, that periodically publish research reports on the state of privacy and security that are designed to shed light on critical issues for child and student learning and digital citizenship.

2019 EdTech Security Survey report cover image2019 EdTech Security Survey: The 2019 EdTech Security Survey is part of a semi-annual examination of security practices of education technology-related online services using our security assessment tools. Our findings in early 2019 indicate no meaningful improvements in the percentage of services that either support or require encryption or that implement HTTP strict transport security (HSTS) headers.

2018 EdTech Security Survey report cover image2018 State of EdTech Security Survey: The 2018 State of EdTech Security Survey represents a yearly examination of security practices of education technology-related online services using our security assessment. Our overall findings in 2018 indicate a significant increase in the percentage of services that both support and require encryption. In addition, our findings indicate that there was a modest decrease in the percentage of services that support encryption, but do not require encryption. However, there was no significant change in the percentage of services that implement HSTS.

2018 State of EdTech Privacy Report2018 State of EdTech Privacy Report: The 2018 State of EdTech Privacy Report represents the culmination of our research over the past three years and evaluation of hundreds of education technology-related applications and services. Our overall findings are illustrative of current trends in the edtech industry including widespread lack of transparency and inconsistent privacy and security practices. The key findings illustrate better, worse, and unclear privacy and security practices of 100 popular edtech applications and services that were evaluated in the following areas: encryption, effective policy dates, selling data, third-party marketing, traditional advertising, behavioral advertising, ad tracking, third-party tracking, profiling, and the onward transfer of data to third parties.

Information Security PrimerInformation Security Primer: The Information Security Primer details how to set-up a security testing environment for Web-based and mobile apps, and also covers basic testing scenarios, how to test responsibly, and how to disclose responsibly if and when testing uncovers issues. The information security primer can be used by anyone interested in evaluating privacy and basic information security. Vendors can use these tools to evaluate their privacy and security practices. Districts can use these tools as part of their strategy to build an internal review process. Parents, students, teachers, and privacy advocates can use these tools to ask questions about privacy and security practices and to evaluate tools on their own.