Recent news articles have focused on the fact that some school and educational websites contain tracking technologies and potentially sell or target their user’s data, including students. One article in particular from The New York Times, shares a case study about a district in Florida that found 22 tracking snippets embedded by their website provider.
Website providers are trusted with thousands of pieces of data, including IP addresses, phone numbers, addresses, and names — all of which should be protected at all costs by that website provider.
At Finalsite, we pride ourselves on our zero tolerance policy on data breaches, and with the introduction of new regulatory frameworks like GDPR continue to uphold this philosophy. We do not and will not or otherwise share your student’s and other personal data with any third parties, (this is stated in our Master Services Agreements.)
However, based on research conducted by Douglas Levin, a Washington-based expert on educational technology, not all website providers hold this same standard, as he found numerous school and district websites littered with information tracking snippets unbeknownst to their communities. As a matter-of-fact, he found more than 150 district websites with privacy-breaching tracking snippets — a statistic that is unacceptable.
And we’re proud to not be on that list.
Therefore, we want to take this opportunity to make educational institutions around the world aware of the questions they should be asking their website provider to ensure the safety and privacy of their community.
Here is a list of questions you should ask your website provider about right now in regards to cookies and tracking.
1. What tracking technologies will be added to our website, if any?
Your website provider should provide information on this in their Master Services Agreement.
In all cases, your website provider should let you know of the cookies being used on your website, and assure you that they won’t be used to sell your data.
In most cases, website providers will add two types of cookies to your site: essential cookies and non-essential cookies. Essential cookies are cookies that enable your website host to provide their service and improve your website, as well as help website visitors find the content they’re searching for. All other cookies are considered non-essential. However, not all of these cookies will use your data, and it is best to check with your website provider on their exact tracking cookies and policies.
2. Of the tracking technologies added, will any of them share data with third-party companies?
None of the tracking technologies added by your website provider should be shared with third party providers. For example, Finalsite embeds some tracking technologies into our clients' websites but only for the purpose of monitoring the use of our website. We utilize this data in order to improve the website experience for front-end users and website admins. At no stage is this data shared or sold to advertisers or marketing companies.
3. How will Google Analytics tracking information affect data privacy?
While no website vendor can control what Google does, you can find general information about Google Analytics privacy and data storing policies here.
At Finalsite, our base build for a website does not include these trackers; however we add these tracking snippets to websites upon our clients’ request. A client-owned account allows the client to track general, anonymized user group behaviors.
4. What happens if we embed social media on our website?
It is important to note that if you add external content to your site, other tracking technologies may come with that, and they are out of your web provider’s control. For example if you add social sharing buttons, or social media content from networks like Twitter, Facebook, Instagram or YouTube, your site will get cookies associated with these platforms.
These tracking cookies are created by the third party are out of the control of Finalsite/your website provider.
5. Will you notify my community about website tracking and cookie use?
Unless your school stores and processes data of EU residents, you are not required to notify your community of your tracking technologies. However, your website provider should make you aware of the technologies used, why they are used, and how.
6. Can we add our own tracking codes to our website?
You can technically add your own tracking technologies to your website, this is not recommended.
At Finalsite, we provide the ability for the client to embed other tracking codes (e.g., Facebook Pixel) and from time to time do this at the client's request, but do not do this without the client's knowledge. If you are a client using Finalsite Feeds, please note that we do not:
- Track, or collect any personal data from, people who view a feed on a webpage
- Track you as a Feeds user, outside of cookies that help us make your use of Feeds experience easier, while keeping personal data collected to a minimum and at your discretion only
- Provide data of any kind to the social networks
About Finalsite's Data Privacy and Security
As a global leader in Marketing and Communications Platforms for schools, the privacy and security of our websites has always been a paramount consideration for Finalsite. We hold a “zero tolerance” policy on data breaches and with the introduction of regulatory schemes such as GDPR continue to uphold this philosophy.
In the execution and maintenance of our privacy and security policies we constantly review our methodologies, processes and infrastructure including:
- Infrastructure – we have rigorously reviewed, analyzed and updated our existing infrastructure to ensure state of the art performance and security of our products;
- Data Mapping – documented the information flow for personal data so that clients can always be assured that we are in full control of the personal data we receive;
- Access Control – implementing suitable access controls to certify that only authorized resources will have access to our data as required;
- Consent – we have taken all steps to ensure that the consent we seek and receive is clear, affirmative and specific;
- Sub-Processor Vendors – to provide better transparency as to the quality sub-processor vendors we use and to guarantee their adherence to security/GDPR standards;
- Application Updates - to communicate the innovative changes we make to our applications and products and to implement security/GDPR obligations;
- Customer Contracts - Finalsite has and will continue to enter into legal agreements, including Data Processing Agreements, in order to update and secure its legal obligations to its customers;
- Tracking – continuous tracking to track its data and processes to adhere to the highest security/GDPR standards.
In addition, Finalsite has made a considerable investment in our technologies and infrastructure to ensure that we operate our platform in a secure, high-integrity operating environment to further strengthen your personal data protection.
As our client (and data controller) you can always be confident that Finalsite will continuously be updating all of our procedures to ensure the highest standard of security and GDPR compliance for your students and website.
ABOUT THE AUTHOR
As Finalsite's Content Marketing Manager, Mia shares innovative and helpful content that helps schools and districts create captivating online experiences that increase brand awareness, student and faculty retention, and school-to-home communications. With more than five years experience in the industry, Mia has written more than 200 articles, eBooks, and reports about best practices for schools on a variety of topics from social media to web design. As a former TV and news reporter, and wedding photographer, Mia specializes in sharing how to use storytelling to power your school's admissions funnel. When she isn't busy creating content or hosting her #LIKEABOSS Podcast for FinalsiteFM, you can find her hiking with her Boston terrier, running an army wives meeting at Fort Campbell, or enjoying a well-deserved savasana on her yoga mat.