There are varying levels of cloud encryption technology and we know that even the best security (Department of Defense, Homeland Security, Target, Home Depot, HeartBleed have security breaches).
No data is ever truly secure. As for privacy, parents should also know that there currently are NO LAWS regulating the transfer, sharing, and selling of online data. Companies like Pearson clearly state they can share your child's personal identifying information (also known as pii or student level) with outside parties. Additionally, these large companies who collect student data (edtech companies) have recently made a "pledge" not to sell your child's data. Again- there is no law regulating this; these companies are asking us to "trust" them. It is also virtually impossible to track where your child's data has been shared once it leaves the school computer. (ONLINE DATA is NOT covered by FERPA).