I’m posting on behalf of New Hampshire’s K-12 school districts, where I am CTO of one of our larger districts and a co-founder / Executive Board member of our state CoSN affiliate. Coincidentally, my first career was in GIS, with a master’s from the Geomatics program at Purdue, and have great respect for Trimble as a company. I am posting because we are between a rock and a hard place regarding using this great tool, because of Trimble’s unwillingness to sign our data privacy agreement to agree to comply with our 2018 state data privacy law.
The crux of the matter is this: the majority of our students in NH use Chromebooks and are interested in the web version of SketchUp for Schools. Our state law requires that any vendor receiving student PII (this includes first name, last name, or email address) to comply with our minimum security standards. [NOTE that a new rule allows vendors with SOC2, ISO 27001, or similar security certifications as a substitute for the minimum standards checklist]
SketchUp has thus far claimed that they do not store student PII because they use only Google or Microsoft logins. We have confirmed that with a Microsoft Azure SAML 2.0 integration, we can control the information that is sent back to the vendor, thus preventing first/last/email from being provided to the vendor. However, most districts use Google with students, and they do NOT offer the same controls over “login with Google”.
Although our first priority is to have SketchUp as an approved vendor, we would absolutely love to have a conversation with someone technical who can prove to us that no student PII is stored in SketchUp.
New Hampshire’s consortium approach to student data privacy is leading the way in the nation on this issue, and we are poised to overtake California within a few weeks on the number of data privacy agreements we have signed with our valuable vendor partners (free and paid). Many other states are watching how we handle what is one of the most strict student data privacy laws in the nation, and we are trying to work closely with vendors to give our parents confidence that we are prioritizing student data privacy. We have signed data privacy agreements with hundreds of vendors; vendors who refuse to sign will not be permitted to operate in most of our districts. SDPC: New Hampshire Alliance Website
Many thanks,
Pam McLeod, CETL
Concord NH School District