There are a lot of good signs to be seen in recent news about security and privacy in the education technology sector. Some of the key questions being asked by educators and administrators are “how well are student data protected from prying eyes and greedy corporations?” and “who has access and how are the data being used?” These are good questions, and they represent the vestiges of our struggles with adopting modern technology over the past 15 years. Conversations have matured from simple arguments around the value of computers in every classroom to philosophical debates about our organizations’ embrace of performance data as the ombudsman of quality education. Progress has clearly been made, but in our rush to catch-up with our corporate cousins we missed asking what turns out to be a pretty important question–who owns all this stuff?

That’s the question that ultimately sealed the fate of inBloom, a non-profit offering a cloud-based data warehouse designed to help districts and vendors share student information. Despite funding from big foundation names like Gates and Carnegie, inBloom collapsed under the weight of a five word question they were never able to answer well enough to satisfy concerned stakeholders. If data are stored on a machine that is not physically located in a building owned by the district, who really owns the data?

cyberlock_740_416The data issue is really a matter of security and access, which isn’t so different from the days of paper records in filing cabinets–information was kept in a secure, locked location and only certain people had access. With data warehouses replacing filing cabinets, the difference is that the information is stored off-site and the keys are also in the hands of the data warehouse manager (in other words, the system or database administrator). inBloom failed to effectively communicate this subtle difference early on, and any answer they eventually provided came across as reactionary, slick, dishonest, and–my favorite new term–“hand-wavy.”

Schools and districts aren’t used to asking those questions, and the education technology sector isn’t used to answering them. This disconnect doomed the effort from the beginning. Had the question “who owns this stuff?” been asked early on, the answer would have at least brokered a conversation rather than distrust and eventual dismissal–not to mention a waste of about $100 million dollars in grant funding.

Ideally, that conversation would lead to a compromise where information storage and archiving solutions satisfy the security and access needs of all players–parents, teachers, administrators, and the general public. Perhaps the right solution keeps an element of the status quo: secure data such as individual names, contact information, and other personally identifiable information could be stored on-site with the keys in the hands of the same people, but the bulk of the data could be stored in the cloud. Hybrid solutions like this are possible with dashboard software like Ed-Fi where the software itself can be installed on-site along with the secure data and set up to pull the remainder of the data from the cloud.

In the consulting world at UPD, we see those disconnect problems all the time: Group A spends a ton of time and money solving a problem for Group B without ever truly engaging the members of Group B. inBloom undoubtedly engaged their stakeholders in the early stages, but not deep enough to where someone was able to ask “who owns all this stuff?” This is often the result of too much focus on delivering a solution and providing answers rather than asking questions and identifying the problem. It comes with the territory–we get so excited about the possibilities of new technology that we jump right into requirements gathering without stopping to think if we’re asking the right questions and solving the right problem. It might just be as simple as an issue of maturity; if we’re getting serious about our relationship with technology, it’s probably time we start asking about intentions.