3 Steps Schools Must Take To Protect Student Data

Taking these first three steps will put you in a better position to protect student data.

2. Do Your Research
There are numerous web-based products available to K-12 schools, and each and every product has various ways in which they collect and protect data. In order for schools to feel confident in the product they are purchasing, they must research the vendor and product and develop a strong understanding of how their students’ data will be protected.

“It is imperative that schools examine the product and determine how it collects and uses student data. This usually means reviewing the vendor’s privacy policy and reading it in detail,” said Mark Lachniet, manager of information security solutions for CDW, in an email response.

RELATED: 63,000 UCF Students’ Information Hacked, Stolen

Understanding a vendor’s privacy policy will provide schools with details as to where their students’ data is going, and allow schools to hold vendors accountable for protecting that data.

“The first step is really making sure that districts read and understand the privacy policy to lay out how the vendors are going to treat the data and what their processes are if the data were to be compromised, as well as what measures they have in place to keep it private,” says Hughes.

Hughes also adds that many vendors have signed the Student Privacy Pledge, a pledge introduced by The Future of Privacy Forum (FPF) and The Software & Information Industry Association (SIIA) that is intended to safeguard student privacy regarding the collection, maintenance, and use of student personal information.

The pledge states that vendors will protect student data by not selling student information or targeting ads to students. Furthermore, the pledge requires that signatories enforce strict limits on data retention and use data for authorized education purposes only.

With 209 different vendors having signed the pledge to date, it is important schools strongly consider choosing a vendor that has signed the Student Privacy Pledge, as their signature binds them to protecting student data.

In addition to understanding vendors’ privacy policies, schools must also ensure that any web-based tools they are looking to purchase or implement have been properly assessed before making a purchase.

“It is reasonable to ask the provider of a data-fueled learning tool whether it has performed a security assessment of the tool.  If the organization is poorly designed, it may be possible for attackers to access raw data from the system’s databases,” said Lachniet.

Understanding the processes by which vendors collect and protect student data is an important step schools must take before implementing web-based personalized learning tools.

3. Prevent Malware
In addition to becoming educated about online security and vendors’ privacy policies, schools need to have a strong network in place that will prevent students from visiting potentially harmful sites that could infect a school’s network with malware, especially in 1:1 and BYOD environments.

“Schools must ensure that students cannot modify their BYOD device to bypass content filters by using external proxy servers, virtual private network access or
remote controlling systems outside of the controlled network,” said Lachniet. “Schools also need to provide security to limit the potential for malware spreading from BYOD devices to the network.”

Lachniet adds that the use of wireless “guest” networks that provide minimal access to administrative systems along with internet restrictions on outgoing network traffic can help provide that necessary network security in BYOD environments. In addition to providing limited access to students, schools need to ensure they are using updated software to prevent viruses from infecting the network.

“Most malware that enters a network these days is due to outdated software on the workstations, particularly Adobe Acrobat, Flash and Java. If school IT cannot keep workstations updated, malware will happen,” said Lachniet.

Protecting student data is a responsibility all schools must be held accountable for.  Data-fueled learning tools will continue to improve education and help students learn in new and unique ways, but in order for students to truly benefit from these tools, schools must follow the best practices to protecting student data, and continue to stay educated.

“Schools and districts will be required to protect student data,” says Lydia Neher, director of product management at Gaggle. “They’re going to be held accountable to it. When you send your kids to school there’s an expectation at school that students are safe- physically, emotionally, and also from a data perspective. That’s not going to go away.”

Rachel Quetti is the editor of K-12 TechDecisions, a sister publication of Campus Safety Magazine.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety Conference promo