5 things every K-12 employee should do to protect student data
Executive director, organizational excellence, Illuminate Education, Inc.
Here are five easy steps everyone can take to safeguard student data
Student data privacy and security are top priorities for edtech leaders. When asked to rate the importance of these topics, 68 percent of respondents said they were more critical than the prior year, according to an annual survey of K-12 chief technology officers from the Consortium for School Networking.
While IT leaders in education have their hands full trying to protect the student information stored and accessed in the software and data systems used by their schools, the actions of other employees throughout the district can support—or undermine—these efforts.
Here are five practical steps that every school or district employee should take to keep student data from being compromised.
1. Check with your IT department before using apps or software.
If you want to use an application that collects any student data, make sure it has been approved by your school or district technology team. If they haven’t already, they will want to review the application’s data privacy policies before approving the app for use. If these data privacy policies don’t pass muster, your IT team might be able to suggest another application you can use to accomplish the same purpose.
2. Don’t keep or share student data any more than you have to.
You should only hold on to student data for as long as it takes to complete the task at hand; once you no longer need this information, you should delete it. (And make sure you empty your trash and delete the contents of your “Downloads” folder regularly, too.) Also, don’t leave any student information lying around where someone might have access to it, and don’t discuss student records with others unless they have a legitimate educational interest—meaning it’s information they need to do their job.
3. Don’t share personally identifiable information about students in email.
Email isn’t a secure method of transmitting sensitive information because you have no control over where the message might end up or who can access it. If you have to send personally identifiable information about a student to someone, use a secure file transfer site instead.
4. Don’t use actual student data for training purposes.
During training workshops, you might have to use student data, such as when you’re demonstrating how a certain program functions. In these cases, don’t use actual student data unless you have the permission of your district. And even then, you should only use real data if it’s essential to the training goal in question. Otherwise, use “dummy” data. When creating handouts or presentations, black out or blur any live data.
5. Keep your devices secure.
Make sure all laptops, smartphones, or tablets that you use to access student data are password-protected, and keep them locked or turned off when they’re not in use. When you’re done using an application that contains student information, always log out. Never keep passwords written down where somebody might see them. And consider using tracking technology, such as iCloud’s “Find My Mac” application, to locate and possibly retrieve any device that is lost or stolen.
For more information about safeguarding student data, here are some additional resources:
- Educator’s Guide to Student Data Privacy: Published by FERPA SHERPA, this guide is intended to help teachers use technology in the classroom while protecting student data.
- Protecting Student Privacy: This student data privacy resource was created by the U.S. Department of Education.
- Parent’s Guide to Student Data Privacy: Also put out by FERPA SHERPA, this guide helps parents understand various laws around student data privacy.
[Disclaimer: The information in this article is intended for general information purposes only and is based on the cited resources and field experience. The information presented is not legal advice, is not intended as such, and is subject to change without notice. Please consult with an attorney before making any determinations regarding compliance with local, state, and federal law.]