Reviewing Our Acceptable Use Policy: Are We on Target?
 |
| Image Source: https://otter.ai/blog/what-are-ai-agents-a-guide-to-types-benefits-and-examples |
Technology is woven into nearly every aspect of education, making Acceptable Use Policies (AUPs) essential for guiding responsible use. At my school, our AUP lays out clear expectations for students, but like many policies, it leans heavily on what they shouldn’t do rather than empowering them with best practices. The policy covers a wide range of digital behaviors, including internet usage, social media interaction, and device management. It is detailed and comprehensive, aligning with the requirements of the Children’s Internet Protection Act (CIPA) and addresses issues like cyberbullying, unauthorized access, and inappropriate content. However, it lacks substantial guidance on emerging technologies, most notably, Artificial Intelligence (AI). As AI tools become increasingly accessible, should our policy explicitly define appropriate AI use for learning? Without this clarity, students and faculty alike are left to navigate these tools without institutional guidance.
Faculty are also bound by an AUP, though it differs slightly from the student version. While we are trusted with more autonomy, the core principles remain the same. But are these policies comprehensive enough? And more importantly, do they adequately prepare us for the evolving risks of digital exposure?
The Reality of Data Exposure
 |
| Image Source: https://klik.solutions/great-info/top-internet-safety-rules/ |
To evaluate personal cybersecurity risks, I recently explored Have I Been Pwned, a site that reveals if an email has been caught in a data breach. What I found was unsettling: my personal email had been involved in three breaches, while my work email had been compromised six times. This raised immediate concerns. If my work credentials have been exposed that many times, what does that mean for my students?
Using this interactive tool, I traced the history of my data leaks. My first breach was in 2018 at Apollo, where information like my job title, email, and even social media profiles were exposed. A year later, LuminPDF followed, this time leaking passwords and authentication tokens. The breaches continued: People Data Labs in 2019, LinkedInScrape in 2021, and DemandScience in 2024. With each incident, more of my identity was exposed—email addresses, phone numbers, names, and job titles, all out there, potentially in the hands of bad actors.
 |
| Image Source: https://www.abc.net.au/news/2023-05-18/data-breaches-your-identity-interactive/102175688 |
This isn’t just an individual issue; it’s a systemic one. If educators and students aren’t actively protecting their data, we’re all at risk. Yet, our AUP barely touches on digital security beyond broad warnings against phishing scams. Shouldn’t we be teaching students how to actively safeguard their personal information?
Practical Steps for Stronger Security
After seeing my own data exposure, I turned to resources for improving security. One simple step is using stronger passwords. Instead of short, complex passwords that are difficult to remember, tools like Use a Passphrase generate long, easy-to-remember passphrases that are significantly harder to crack. Encouraging students and faculty to adopt passphrases over standard passwords could be a small but impactful addition to our AUP.
 |
| Image Source: https://proton.me/blog/what-is-passphrase |
Additionally, we should explicitly incorporate guidance on managing personal data, recognizing the risks of data breaches, and using AI tools responsibly. Cybersecurity education shouldn’t just be an afterthought. It should be embedded into our policies and curriculum.
Moving Forward: Updating the AUP
Reflecting on my own experiences with data breaches, I feel a mix of anxiety and awareness. It’s unsettling to realize how much of my information has been compromised, but it also reinforces the need for vigilance. The reality is that we cannot simply abandon the internet; rather, we must take proactive steps to secure our digital presence. Just as we lock our doors or set house alarms for physical security, we must implement strong passwords, enable two-factor authentication, and remain cautious about sharing personal information online.
Our AUP should evolve to reflect this reality. We need to move beyond reactive policies that focus solely on restrictions and instead provide students and staff with actionable steps for responsible technology use. Cybersecurity experts, faculty, IT specialists, and even students should be involved in shaping these updates. A strong policy isn’t just about setting rules, it’s about equipping our school community with the tools to navigate an increasingly digital world safely and responsibly.
Hi Peter,
ReplyDeleteMy school policy also lacked any guidance on AI. To answer your question, I absolutely think that the policy should outline acceptable uses of AI in a learning environment. This way all parties know what will be deemed acceptable and not acceptable across all classes and grades. However, I do not think AI should be banned in the policy/classroom. I do see how it can be a useful resource for students whether that be as an online tutor of sorts or to peer review their paper. Outlining boundaries will help students use AI responsibly and learn how to use it as a tool rather than a crutch.
Anxiety and awareness is an appropriate reaction. For me, the awareness piece is key. Once we are aware, we can begin to change our actions. Thanks for sharing your thoughts, Peter.
ReplyDeleteI liked your thoughts about AI! I do think that as AI becomes more prevalent, there should be an awareness of it in AUPs. The policy of the future should absolutely include what acceptable use of AI is for classrooms. However, I do think that AI can be useful as a brainstorming tool, and a tool for creative thinking, so it shouldn't be banned outright. I absolutely agree that we need to move past the restrictive and reactive policies- and the people who are directly involved, like students and teachers, should be involved in the creation of the policy itself.
ReplyDeleteHello Peter!
ReplyDeleteI think you bring up many excellent points in your perspective, such as the growing need in society for school policies to include greater emphasis and clearer guidelines on the usage of AI by students and facility members, such as whether or not AI is prohibited to use in assignments. I liked reading your thoughts on how policies in our public institutions, such as our schools, should reflect our reality. I think that is a great perspective to hold on the matter, because whether a school system is in favor of encouraging AI use by students and educators alike, or if it is discouraged by the school, AUPs should clarify the issue to students either way, in order for students to have a better understanding of where the school stands on the matter and so that students know whether or not their use of AI is acceptable. Great thoughts, Peter!
Hello Peter! I think it's pretty jarring how much of our data can be stolen. I have a feeling if I did any "Have I Been Pwned", my accounts will show up multiple times. I recently got a VPN, and although it's helpful, it's still concerning that our emails and social media pages can be tracked.
ReplyDeleteHello Peter, I think you've brought up many excellent points on how security for our students and updating technology policies. They truly need to reflect not only the current technology like AI but also more than just what to do and what not to do, but how to use the Internet safely to protect students' personal information. If they start young, the hope is always that less information about them will get out for bad actors to exploit and the more deeply good digital citizenship habits will be ingrained.
ReplyDelete