As we experience this time of increased remote teaching, paying attention to data privacy is more important than ever. Remotely accessing data creates additional opportunities for data theft or unauthorized access. It's always a good time to review the fundamentals of privacy and data management, as offered in this guest post from Rhonda Martinez. – KW
Student data privacy is a difficult topic, and it’s quite different from the data breaches that are often discussed in the media. Students don’t get hacked because someone wants to use their credentials to steal intellectual property. The issue of student data privacy is all about the protection of personally identifiable information (PII).
Personally identifiable information can be used by various online services to provide a personalized experience. It can also be used for marketing purposes. However, even when personal information is collected with good intentions, it still can be misused, which is a reason why students’ private data is always a subject of concern. The conversation about student privacy started back in 1974 because of the Family Educational Rights and Privacy Act (FERPA).
As a result of many changes made to FERPA, schools were enabled to share their students’ data with third parties without parental approval. The schools mostly share students’ data with the government and police, as well as with various organizations that create study programs or conduct research. Given that even parents are not always able to access such records, the policy is quite controversial.
The very first major controversy about student data privacy sparked in 2014 because of inBloom, a digital learning company. The Parent Coalition for Student Privacy noted that federal laws don’t protect students’ data. The weak laws made it possible for schools, districts, and states to disclose students’ personal data to any third party with no need to obtain permission from students or their parents. Neither students nor parents did know that the private data was shared with companies.
As a result of this controversy, many states introduced their own laws. 38 states presented 112 bills on student privacy in 2016. Today, many states consider privacy laws in California and Colorado the best examples of student data privacy laws. For instance, Colorado’s Student Data Transparency and Security Act requires all schools to destroy their students’ personal data if it wasn’t used for a certain period of time. Besides, schools must make sure that any organizations that have access to the students’ data adhere to these rules. California also banned the use of students’ data for commercial purposes.
Here are some tips on how schools can make sure that their students’ personal information is protected.
5 Student Data Privacy Tips
1. Minimize Data Collection
The simplest and most important thing schools can do to protect their students’ information is not to collect it at all or to reduce the amount of information collected as much as possible. Minimization is one of the best practices that has proven to be effective. The logic is simple — the less data you have, the less likely you will lose control of it. For instance, schools don’t really need to collect social security numbers. Many schools have already stopped collecting SSNs for identification purposes, but some schools still require students and parents to provide SSNs. According to the U.S. Department of Education parents are no longer required to provide SSNs because the risks associated with collecting such data are too dangerous.
2. Manage Data Carefully
You should know exactly what data can be accessed by each particular person or entity. If you manage data accurately, you’ll be able to make sure that it’s handled properly. For instance, textbook vendors don’t need to access students’ phone numbers and addresses. It’s extremely important to synchronize the exact types of data that are needed. Digital textbooks and the automated bi-directional sharing of data required by many modern learning management systems can help you gain granular control over the data you share.
3. Use Encryption
Even if schools minimize data collection, the chances are that they will still need to get some information on students and their parents. Therefore, it’s important to make sure that this data is protected, using both administrative and technical approaches. Encryption is a very effective method. We recommend that you encrypt data both when storing it and when sharing it on your network. It’s important to identify devices that store private data and to use encryption for both files and disks.
Mobile devices, such as laptops and smartphones create many opportunities for hackers because they often leave secure school networks. Besides, these devices can be stolen. We recommend that you not only encrypt files but also make sure that the internet connection is encrypted when you share files on the network. You should also make sure that you use a secure email service with HTTPS encryption.
4. Delete Unnecessary Student Records
If students’ information is no longer used for some reason, you should delete it as soon as possible. Schools must have standardized record retention policies that regulate data storage. They should also determine how long different types of records should be stored. For instance, schools might want to store course-level grades permanently for transcripts, while deleting student disciplinary records in seven years after students graduate. Retention periods might be longer or shorter, depending on the type of information. For example, many schools get certain types of documents from parents to prove their residency in a particular area. Once such documents have been approved by administrators, there’s no need to keep them.
5. Monitor User Activity
We’ve already mentioned that you should know who has access to different types of information. We also recommend that you monitor the activity of users who gain access to sensitive data. There’s no need to invest in expensive monitoring systems if you have a limited budget. For instance, Windows file servers create many opportunities for the audition. You can track and check log files with records of any attempts to access private information.
Although schools become victims of hackers less often than businesses, the issue of student data privacy is very important. Schools store a lot of information about their students and they must make sure that this information is used in the right way. We hope that our simple tips will help you develop an effective security strategy so that your students’ personal information won’t be used for commercial purposes and won’t be accessed by the wrong people.