Student Privacy Ontario MFIPPA EdTech Cybersecurity PowerSchool Google Classroom

Abstract

The increasing use of educational technology (EdTech) platforms in Ontario schools has raised important questions regarding student data privacy and legal compliance. This research examines how commonly used platforms, including Brightspace, PowerSchool, Google Classroom, and Ontario school board websites, collect, store, and manage student information. The study evaluates these practices against the requirements of Ontario’s Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), Bill 194 (2024), the Education Act, and the Personal Information Protection and Electronic Documents Act (PIPEDA). Through a review of privacy policies, legal frameworks, and recent cybersecurity incidents, including the PowerSchool data breach, the research identifies both strengths and vulnerabilities in current data protection practices. The findings suggest that while major EdTech providers generally demonstrate compliance with privacy regulations, school boards remain responsible for ensuring proper oversight, transparency, and cybersecurity safeguards. The study highlights the growing need for stronger privacy protections, regular compliance reviews, and increased awareness of emerging risks associated with digital learning technologies. As educational institutions continue to rely on digital platforms, maintaining public trust and protecting student information must remain a central priority.