December 26, 2019 by Siobhan Climer
Originally Published: December 11, 2016
Though parents have been protective of their children’s student data for decades, the umbrella of “student data” includes more today than you may realize. In addition to attendance records, transcripts, and disciplinary records, student data could include medical information, web history on school devices, personal information, and social media interactions. Given the scope of the information and the potential for misuse, it is only natural that parents and the government would demand strong guidelines concerning its protection.
Yet protecting student data is easier said than done. To do so effectively, the school district’s IT department, administration, and community of parents must work together to keep channels of communication open and data security policies strong.
Protecting Student Data in Your K-12 School
- Designate a Privacy Official: One of the best ways to ensure student data privacy in your district is to explicitly assign the role to a member of the administration. Give it a title. Make it official. The prominence and importance of the responsibility will be accentuated by the act and the ongoing initiative will have a point person to spearhead any projects.
- Understand the Laws: In addition to FERPA and COPPA, which the U.S. Department of Education’s Privacy Office administers, each state often has its own laws governing the proper use and treatment of student data. In fact, just this September, Illinois amended the Student Online Personal Protection Act, adding data breach provisions – a wise move in an era of daily breach announcements.
- Remain Transparent: Your best ally in student data privacy is complete transparency. Inform the parents of your students, establish newsletters to keep parents informed throughout the year, and make your designated Privacy Official available to answer any questions.
- Limit Access: The fewer people who have access to student data the safer the data will be. Assess which members of your team need access to student data and which do not. Devise a process for reviewing data requests to make accessing student data as safe and efficient as possible.
- Arbitrary Usernames: Instead of creating a logical system to create usernames, such as “last name-first initial-class year,” create usernames at random. If there is a system breach and hackers find their way into student records, a logical system will make it easier to pair up usernames with the actual student.
- Data Encryption: Data should be encrypted at all times. Establish encryption during all data transfers, but also make sure the data is encrypted while stored on the hard drive.
- Follow Data Security Best Practices: The standard best practices for network security go a long way to protect student data from external threats. Deploy a next generation firewall, use an advanced Intrusion Prevention System (IPS), and staff a data security professional in your data center.
Just the Beginning
By establishing these policies, you’ve just started down the path to protecting student data. As an extra measure, consider a policy that removes records from your database. After a fixed period (such as after the student graduates or leaves the school), delete non-essential student data. This will serve as a final method of keeping long-term records out of the wrong hands.
Regardless, your data security team must remain aware of the security and policy issues relevant to the larger conversation of student data privacy.
Like what you read?
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.
About The Author
Siobhan Climer, Science and Technology Writer for Mindsight, writes about technology trends in education, healthcare, and business. She writes extensively about cybersecurity, disaster recovery, cloud services, backups, data storage, network infrastructure, and the contact center. When she’s not writing tech, she’s reading and writing fantasy, gardening, and exploring the world with her twin daughters. Find her on twitter @techtalksio.