There are increasing reports of browser extensions doing deep data collection on browser-based users using the permissions granted to install the browser extension.
We are not just talking about browser extensions that have converted from seemingly benign extensions to malicious threats. We are talking about "normal" browser extensions.
I don't know the answer to this question, but it concerns me.
Are some of these browser extensions collecting your end-user data in a way that constitutes a backdoor FERPA violation?
Remember, the reason it is "free" is because you are the product. We are all aware of agreements from mainline K-12 and other commercial vendors doing business in K-12 to prevent or limit this type of data collection.
We have heard allegations (sometimes proven) that vendors collect data despite promising not to do so.
Depending on what they collect, this might be a backdoor to data that should be considered protected data.
I'm not sure how to fully prove or disprove this.
It is another good reason to limit the browser extensions you allow aggressively.
Extensions provided by district vendors that understand K-12 data privacy requirements must confirm that their extensions conform to the agreed-upon FERPA or state compliance standards.
It's a gray area, for sure.
If anyone has any ideas on how to address this, I'd love to hear from you.
Scott Quimby
Senior Technical Advisor, vCISO, CISSP
You must be logged in to post a comment.