Software makers warn under-funding is prompting schools to use outdated and cheap computer programs that create cybersecurity and privacy risks.
The Education Technology Association (EdTechNZ) said the government must increase schools' funding and teachers' training.
It said many schools were using free and under-maintained programs, because they could not afford better and did not know enough about the risks.
EdTechNZ executive council member Dave Moskovitz told RNZ some of the software put schools at a higher risk of hacking and shared children's private data with third parties.
"Schools are in a weaker position than most organisations, because they're starved for funding, because they don't have the training that they need in order to be able to cope with these sorts of things," he said.
Government documents said some locally-made software was part of the problem, but Moskovitz said applications developed overseas also posed cybersecurity and privacy risks.
"While it's true that there are some New Zealand software providers whose software is not particularly privacy aware, this is the case of overseas software as well. It's not a situation that's unique to New Zealand," he said.
"I think it's unfair to single out New Zealand as performing poorly in this area, when actually I think we're probably performing at a higher level than most of the rest of the world. I think we care a lot more here."
Moskovitz said research overseas showed 96 percent of online education products provided student data to potentially harmful third parties.
"That's pretty serious. One of the reasons behind that is many of these products are offered for free where the student essentially becomes the product," he said.
"Why are there so many free products in use? Because in general schools are not funded adequately to provide the technology they need to to provide a quality education for their students, so this is pervasive."
Moskovitz said New Zealand teachers were using many of the free, overseas-developed products.
He said New Zealand-developed products generally protected student privacy.
The association said the lack of standards for school IT services and the Ministry of Education's hands-off approach were completely inadequate.
Government documents showed the ministry was moving to address both of those issues.