The landscape of K-12 education technology is undergoing a fundamental shift, moving at an accelerated pace that demands a re-evaluation of the roles and responsibilities. Gone are the days when IT leaders were primarily responsible for fixing broken computers and maintaining on-premise servers. The transition to SaaS (software-as-a-service) and the rapid rise of AI (artificial intelligence) are reshaping the responsibilities of IT leaders, transforming them from back-end support to front-line strategic partners. This evolution is not just about adopting new tools—it’s about leading and supporting a cultural and instructional revolution in schools.
With the adoption of SaaS, IT departments will spend less time managing physical servers and more time on data governance, security and vendor management. This change allows them to ensure different cloud applications work together seamlessly. As AI and automation handle routine tasks like password resets and help desk tickets, IT professionals will specialize in higher-level areas. Their expertise will be in data analytics, cybersecurity, and AI literacy, allowing them to guide the district on how to use these powerful tools safely and effectively.
The Rise of SaaS and the Changes in Data Management
The COVID-19 pandemic accelerated the adoption of cloud-based solutions in schools, a trend that was already underway. This widespread adoption of SaaS has fundamentally changed the IT infrastructure. When most or all your services are off premise, your network serves as a conduit for accessing external software/data hosted by vendors off-premises.
It is important to note that the disaggregation of data from the district’s central network into various separate, cloud-based environments reduces the overall risk to the district. It eliminates the “All your eggs in one basket” problem—a breach in one vendor’s system will not compromise the entire district’s data.
The shift to SaaS also means IT is no longer focused on managing physical hardware and software installations. Instead, their responsibilities are shifting to the following areas:
Data Security and Privacy
With a significant portion of student and staff data now stored in the cloud, cybersecurity has become a mission-critical responsibility for IT leaders. They must act as data stewards, ensuring compliance with strict privacy regulations like the Family Education and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA) by implementing robust security measures such as multi-factor authentication (MFA) and data encryption.
To enhance these security efforts, Student Data Privacy Agreements (SDPAs) are a crucial safeguard. These legally binding contracts are essential for ensuring that all vendors adhere to the highest standards for protecting student information. An SDPA explicitly outlines the vendor’s responsibilities, prohibiting the use of student data for purposes like ad targeting or AI model training.
In New Jersey, NJETA’s NJ Student Privacy Alliance is addressing this need. NJSPA establishes a centralized and collaborative framework to manage formal, legally binding agreements with vendors across the state. This initiative significantly simplifies the process for individual school districts, ensuring consistent, enforceable privacy standards under the guiding principles of protect, comply, and simplify.
Third-Party Vendor Risk Assessments
IT leaders now manage a complex ecosystem of third-party vendors, requiring a robust approach to vendor and contract management. This includes not only negotiating contracts and monitoring Service Level Agreements (SLAs), but also conducting third-party vendor risk assessments to properly vet existing and new platforms to ensure they meet the organization’s instructional and operational needs without introducing undue risk.
Systems Integrations
A successful systems integration program ensures interoperability—the ability of different software systems to exchange and use information. The role of a systems integration specialist becomes a critical part of an IT department with the primary function to: (1) create a unified environment between various systems; (2) streamlining workflows by automating the transfer of data between platforms, eliminates manual processes, reduces errors, and frees up staff time for more valuable tasks; (3) enhancing data integrity and security by ensuring that data is accurately and securely transferred across different systems, reducing the risk of data loss or unauthorized access.
Ultimately, a systems integration program ensures that the entire digital ecosystem functions as a cohesive whole. This strategic approach is critical for maximizing the value of a district’s technology investments and creating an efficient, secure, and user-friendly experience.
Focus on Key Risks of Unvetted AI Applications
The primary concern with AI is its capacity to collect, analyze, and use vast amounts of data to function. Unvetted AI tools can pose significant risks to a school’s digital ecosystem; therefore, IT leaders must address several critical issues:
Data minimization and collection: AI systems often have a default setting to collect a broad range of data. Without a proper review, these applications could collect more personally identifiable information (PII) than is necessary, creating a larger attack surface for cybercriminals.
Training AI models: Many free or consumer-grade AI platforms use user-submitted data to train their models. This means a student’s private work or personal information could inadvertently become part of the public dataset, violating privacy and security protocols.
Compliance and regulation: Educational institutions are legally required to protect student data under laws like FERPA and COPPA.
Bias and Accuracy: AI models can reflect and amplify biases present in their training data. An unvetted AI application could produce biased or inaccurate results that could negatively impact a student’s learning experience or evaluation.
Critical Vetting Strategies for AI Tools
Deep-dive data audits: Go beyond what data is collected. Demand to know why it’s collected, how it’s stored, and who has access to it.
Mandatory legal agreements: Make a student data privacy agreement (SDPA) a non-negotiable requirement. This legally binding contract is your school’s most powerful defense.
Thorough security evaluation: Look under the hood at the vendor’s security protocols. Verify they use robust encryption for data both in transit and at rest. Check for strong access controls that limit who can see the data.
Pilot programs and phased implementation: Before a full-scale rollout, conduct small-scale pilot programs with a select group of teachers and students. Gather feedback on the tool’s effectiveness, usability, and, most importantly, any privacy or security concerns. It’s crucial to take a slow, deliberate approach, prioritizing the foundational issues of data privacy and security before any widespread implementation. This ensures that the district’s digital infrastructure is secure and that student data is protected before the tool is introduced on a larger scale.
The change with SaaS and AI will free up valuable time and resources that were once spent on maintaining physical servers and troubleshooting basic technical issues. It allows IT leaders and their team to focus on more strategic initiatives that directly impact learning outcomes. The journey ahead for K-12 IT is one of continuous learning and adaptation. By embracing the strategic shift brought on by SaaS and leading the responsible integration of AI, IT leaders can move from being an essential support function to an indispensable partner in shaping the future of education.
For over 30 years, Fil Santiago has been serving in K-12 education as an educator, technology integration specialist, and director of technology and administrative services for the West Orange Public Schools. He is also a co-founder and the current president of the New Jersey Education and Technology Association (NJETA).
