Investigating the Security Privacy Risks from Unsanctioned Technology Use by Educators

With the increasing digitization of teaching and learning activities, technology-generated data has become the target of attacks from external adversaries and abuse by technology providers. Researchers have investigated stakeholders’ perceptions of security and privacy risks from technologies and how those risks are affecting institutional policies for acquiring new technologies. However, outside of institutional vetting and approval, there is a pervasive practice of using applications and devices acquired personally. It is unclear how these applications and devices affect the dynamics of the overall institutional ecosystem.

We address this gap through an online survey-based study targeting educators and administrators from K-12 and higher education institutions in the United States. Our study identified 494 unique applications used by educators, and examined the perceived and subsequent risks associated with integrating these technologies into an institution’s ecosystem. The findings highlight a significant lack of privacy and security awareness among educators when selecting new tools, as well as widespread uncertainty regarding regulatory compliance. Additionally, institutional warnings and policies on unsanctioned app use appear to have limited effectiveness in changing educators’ behaviors. To mitigate these challenges, we identified the need for institutions to provide clear guidelines, data privacy and security training, and vetted alternatives that meet the needs of educators while ensuring compliance. A collaborative approach between educators and administrators will be key to balancing automation and data privacy.