TY - GEN
T1 - Investigating the Security & Privacy Risks from Unsanctioned Technology Use by Educators
AU - Kelso, Easton
AU - Soneji, Ananta
AU - Navid, Syed Zami Ul Haque
AU - Shoshitaishvili, Yan
AU - Rahaman, Sazzadur
AU - Hasan, Rakibul
N1 - Publisher Copyright:
© 2025 Copyright held by the owner/author(s).
PY - 2025/4/26
Y1 - 2025/4/26
N2 - With the increasing digitization of teaching and learning activities, technology-generated data has become the target of attacks from external adversaries and abuse by technology providers. Researchers have investigated stakeholders’ perceptions of security and privacy risks from technologies and how those risks are affecting institutional policies for acquiring new technologies. However, outside of institutional vetting and approval, there is a pervasive practice of using applications and devices acquired personally. It is unclear how these applications and devices affect the dynamics of the overall institutional ecosystem. We address this gap through an online survey-based study targeting educators and administrators from K-12 and higher education institutions in the United States. Our study identified 494 unique applications used by educators, and examined the perceived and subsequent risks associated with integrating these technologies into an institution’s ecosystem. The findings highlight a significant lack of privacy and security awareness among educators when selecting new tools, as well as widespread uncertainty regarding regulatory compliance. Additionally, institutional warnings and policies on unsanctioned app use appear to have limited effectiveness in changing educators’ behaviors. To mitigate these challenges, we identified the need for institutions to provide clear guidelines, data privacy and security training, and vetted alternatives that meet the needs of educators while ensuring compliance. A collaborative approach between educators and administrators will be key to balancing automation and data privacy.
AB - With the increasing digitization of teaching and learning activities, technology-generated data has become the target of attacks from external adversaries and abuse by technology providers. Researchers have investigated stakeholders’ perceptions of security and privacy risks from technologies and how those risks are affecting institutional policies for acquiring new technologies. However, outside of institutional vetting and approval, there is a pervasive practice of using applications and devices acquired personally. It is unclear how these applications and devices affect the dynamics of the overall institutional ecosystem. We address this gap through an online survey-based study targeting educators and administrators from K-12 and higher education institutions in the United States. Our study identified 494 unique applications used by educators, and examined the perceived and subsequent risks associated with integrating these technologies into an institution’s ecosystem. The findings highlight a significant lack of privacy and security awareness among educators when selecting new tools, as well as widespread uncertainty regarding regulatory compliance. Additionally, institutional warnings and policies on unsanctioned app use appear to have limited effectiveness in changing educators’ behaviors. To mitigate these challenges, we identified the need for institutions to provide clear guidelines, data privacy and security training, and vetted alternatives that meet the needs of educators while ensuring compliance. A collaborative approach between educators and administrators will be key to balancing automation and data privacy.
UR - https://www.scopus.com/pages/publications/105005729584
UR - https://www.scopus.com/pages/publications/105005729584#tab=citedBy
U2 - 10.1145/3706599.3720254
DO - 10.1145/3706599.3720254
M3 - Conference contribution
AN - SCOPUS:105005729584
T3 - Conference on Human Factors in Computing Systems - Proceedings
BT - CHI EA 2025 - Extended Abstracts of the 2025 CHI Conference on Human Factors in Computing Systems
PB - Association for Computing Machinery
T2 - 2025 CHI Conference on Human Factors in Computing Systems, CHI EA 2025
Y2 - 26 April 2025 through 1 May 2025
ER -