September 8, 2021

Protecting Students and Their Privacy: Q&A with GoGuardian’s Teddy Hartman

Teddy Hartman
GoGuardian Team
Teddy Hartman picture with title "Commonly Asked Questions about Student Privacy"

Nine out of ten teens who report symptoms of depression say they have gone online for information on mental health issues,¹ making it critical for schools to have tools like GoGuardian Beacon® that can spot warning signs of crisis when a student is online. As it is for administrators, teachers, parents, and students themselves, student privacy is one of GoGuardian’s top priorities and is a key part of the design of products like Beacon. To give a behind-the-scenes look at how GoGuardian prioritizes student privacy while supporting student safety, we chatted with GoGuardian’s Head of Privacy, Teddy Hartman. 

Before coming to GoGuardian, Teddy was the Director of Strategy and Data Privacy for a large school system in Maryland, where he designed and managed one of the first school district privacy programs in the country. Additionally, Teddy has been recognized as a leader in the field of student data privacy, having served as the chair of The Future of Privacy Forum’s National Network of School Privacy Leaders and currently serving as an Advisory Board Member for SXSW EDU. At GoGuardian, he collaborates with every team across the organization to help keep student privacy at the forefront of everything we do.

How does your teaching background influence how you think about the interplay of student privacy and safety?

“I was a high school educator for almost a decade, and during that time I saw first-hand how seemingly innocuous pieces of data had the potential to create a downstream effect for a student. I’ve witnessed when information we collect at school, even a data point like the number of school absences, could actually put a student in physical danger at home. This means that we should be mindful of the features we create and how those features can become data points about real students.  

So, for me, privacy is about more than compliance and standards — which are obviously important to privacy work — it's also about really understanding how the data we're collecting about students has the potential to impact them in the real world. We want to make sure, for example, that if we're generating an alert about suicide or self-harm through Beacon, that we've worked with the experts to really understand what types of things a student might be searching for that indicate an imminent risk.”

How does GoGuardian approach student privacy as a company?

“We take a very proactive approach to privacy. For example, we're certified as FERPA compliant by an external company, iKeepSafe. This means that schools maintain control over their data. We are a provider of technology for schools, but it is always the school system’s data at the end of the day.

We are also signatories of the Student Privacy Pledge, a list of public commitments that are FTC binding. Those commitments are around having privacy by design, privacy impact assessments — which is thinking through privacy of different features — and having a public-facing privacy page.”

In addition to being certified externally, GoGuardian has thoughtful internal processes to ensure that student privacy is prioritized in product design. Can you tell us about that? 

“One way we assess privacy in product design is by asking three important questions about data each time we start creating a new feature. If it's a yes to any of those questions, it generates a bigger review by me and my team. If the answer to all three is a no, then the product team can keep moving the development forward. 

The first one is: Do we need to collaborate with a third party to build out this feature?  If a feature requires a vendor for collaboration, we assess if and how that vendor would need access to data and initiate a vendor approval process.

Second: Does this feature collect new data? If so, what are we using the data for? For example, we wouldn’t try to start collecting new information like formative assessment scores unless we're creating a feature that helps administrators or educators do something with that information.

The third one is: Are we using current data to create a new data point?  In other words, are we combining the data we currently have to create a new feature or insight? If so, it needs a check from my team to consider: Do we need to change our policies? Should we notify users about this? What sort of information can we share to increase the transparency of our products? 

Overall, we want to make sure that with anything we build, the data we use passes a ‘reasonable’ test. Would a reasonable person understand that this feature uses and collects this data? If the answer is no, then we have to ask ourselves, how can we build this feature differently?”

What advice would you give school leaders or teachers in helping students and parents understand how Beacon works and why it’s an integral part of supporting student mental health?

“One thing schools can do is have a clear, user-friendly conversation with parents, kids, and their community about how GoGuardian’s tools work — what they do and they don’t do — and why these tools are important to the school system’s approach to supporting student mental health. As we can all relate to, if a student or parent first learns about device monitoring when discovering it themselves, they are more likely to make assumptions about how it works and why it’s enabled. The more a school system can proactively communicate the process and value before actually deploying it, the better.”

For more information about GoGuardian’s commitment to privacy and hear answers to commonly asked questions, visit our Trust & Privacy Center.