Student safety has always been a top priority for Ontario schools. Traditionally, those conversations focused on physical safety, mental health, and student well-being. Increasingly, however, student safety also includes cybersecurity, digital privacy, and the responsible use of educational technology.
As Ontario moves toward new requirements under the Enhancing Digital Security and Trust Act (EDSTA), school boards are being asked to strengthen their approach to cybersecurity governance, incident reporting, and transparency regarding student information shared with third-party technology providers.
While many of these requirements apply directly to school boards, the impact will be felt by educators, SHSM Leads, Cooperative Education Teachers, Pathways Coordinators, and any organization working with students.
The question is no longer simply, “Is this program valuable for students?”
Schools are increasingly asking:
“How does this provider protect student information?”
What Changes Are Coming?
Beginning in 2026, Ontario school boards will be expected to take a more structured approach to cybersecurity and digital risk management.
Key areas of focus include:
- Enhanced cybersecurity oversight and governance
- Formal cybersecurity assessments
- Incident reporting requirements
- Increased transparency regarding educational technology vendors
- Clear communication regarding student information shared with third-party platforms
For educators, this means greater scrutiny of the digital tools, software platforms, online training programs, and external service providers used in schools.
What Does This Mean for Teachers and Program Leads?
Most teachers are not privacy experts, nor should they be expected to become cybersecurity professionals.
However, educators increasingly play a role in selecting and recommending programs, certifications, workshops, and digital resources.
When considering a third-party provider, schools should be prepared to ask questions about:
- What student information is collected?
- Why is it collected?
- Where is it stored?
- Who has access to it?
- How long is it retained?
- Is it shared with other organizations?
- Is Artificial Intelligence involved?
- What happens if there is a security incident?
These questions are quickly becoming part of standard due diligence.
Why Third-Party Providers Matter
Many educational experiences now involve some form of digital interaction.
Examples include:
- Online certifications
- Learning management systems
- Virtual workshops
- Registration platforms
- Assessment tools
- Student engagement software
Each of these services may collect or process student information.
As transparency expectations increase, schools will need confidence that their partners are following responsible privacy and cybersecurity practices.
How Schools Can Prepare
The good news is that preparation does not require major changes at the classroom level.
Instead, schools can focus on a few practical steps:
1. Review Existing Vendors
Consider which organizations currently receive student information and what information is shared.
2. Ask More Questions
Don’t assume every provider handles information the same way.
Request information about privacy, data storage, retention practices, and security controls.
3. Work With Board Privacy and IT Teams
Many boards are developing updated review processes for educational technology and third-party providers.
Engaging privacy and IT teams early can help avoid surprises later.
4. Look for Transparency
The strongest providers are typically willing to discuss:
- Data collection practices
- Hosting locations
- Security safeguards
- Privacy policies
- Data retention practices
Transparency is often one of the best indicators of a mature privacy program.
A New Part of Student Safety
The education sector has spent years building strong cultures around physical safety, workplace safety, and student well-being.
Digital safety is becoming the next important conversation.
As schools continue to adopt innovative technologies and partner with external organizations, privacy and cybersecurity will become increasingly important considerations alongside educational quality and student engagement.
The goal is not to create barriers to innovation.
The goal is to ensure that students can benefit from new learning opportunities while schools maintain confidence in how student information is protected.
Organizations that are prepared for these conversations will be better positioned to support schools in this evolving environment.
This year, many of you noted that our online courses moved to a new password protected environment, with emails etc. This was part of our security efforts to protect student privacy.
Below, you can find Flashpoint’s Privacy and Cybersecurity Information Sheet.
Free Resource
To support educators, Flashpoint Training has developed a free Checklist for Teachers to Assess Vendor Privacy & Cybersecurity with one of our sector partners Maple Open Tech that teachers can use when evaluating third-party training providers, certification organizations, and digital learning partners.
Maple Open Tech are a partner who often speak at our events and provide career inspiration for individuals in business or ICT.