How secure is your child’s data in Virginia’s virtual classrooms?

How secure is your child’s data in Virginia’s virtual classrooms?
Illustration by Sam Hundley. (Source: Virginia Center for Investigative Journalism)

An investigation into Virginia school districts’ digital privacy policies reveals data breaches, decade-old guidelines and educators struggling to keep up with fast-moving tech during the coronavirus crisis.

Illustration by Sam Hundley

As the COVID-19 pandemic swept through Virginia, the state’s largest and wealthiest public school district made ambitious online learning plans — providing a suite of real-time digital classes, programs and video engagement for every grade level.

But when Fairfax County Public School students began to log into classes from home in April, they found chaos and confusion. Students joined classes they weren’t registered for and disrupted instruction. Others waited while teachers struggled to gain access to their own classrooms.

Lili Cui, the parent of a Fairfax County elementary school student, logged into her son’s account and thought the technology looked outdated and insecure. “Before the pandemic, I was assuming that they were doing a good job with privacy and security,” Cui said. “But now I feel like I was too optimistic.”

As the pandemic forces Virginia’s 1.2 million public school students to trade classrooms for laptops and smartphones — if they have them — many educators, parents and privacy advocates are raising alarms across the state about children’s digital security.

Lapses in online protections have led to issues ranging from students’ internet usage information being mined for profit to the theft of sensitive data, creating long-ranging consequences for children’s personal privacy. Weak controls also have allowed online bullying to flourish in hard-to-monitor chats and private messages.

A review of dozens of school policies by the Virginia Center for Investigative Journalism revealed incomplete or inconsistent rules for guarding student data, despite a 2015 state law enhancing protections. Many district policies appeared to be based on 50-year-old state guidelines originally intended to protect information about student health and report cards.

Advocates say many school districts, especially in poor urban and rural communities, are underfunded and unprepared to protect student privacy. The recent track record for security statewide is alarming: hackers victimized two districts last year with ransomware and serious data breaches.

Linnette Attai, a privacy project director at the Consortium for School Networking, said many districts across the country have struggled to even plan, schedule and execute online classes. “There are going to be mistakes,” she said, “and if there weren’t, it would be a miracle.”


The Virginia Mercury is a new, nonpartisan, nonprofit news organization covering Virginia government and policy.