Home Tags Posts tagged with "student data"
Tag:

student data

Cybersecurity

Safeguarding Student Data in K–12 Education: A Practical Guide to FERPA and Beyond

by Dr. Brian Brown
written by Dr. Brian Brown

In today’s digital-first classrooms, protecting student data has become a cornerstone of responsible education. From online learning platforms to digital gradebooks, schools are collecting more information than ever before. With this increased data collection comes a heightened responsibility to ensure that student information is handled with care, confidentiality, and compliance.

At the heart of student data privacy in the United States is the Family Educational Rights and Privacy Act, better known as FERPA. Enacted in 1974, FERPA is a federal law designed to protect the privacy of student education records. It grants parents, and students once they turn 18, the right to access their records, request corrections, and control who else can see their information. FERPA applies not only to schools but also to any third-party vendors that handle student data on a school’s behalf.

Understanding what FERPA protects is essential. The law covers a wide range of information, including personally identifiable information (PII) such as names, addresses, and student ID numbers, as well as academic records like grades, transcripts, and disciplinary reports. Even metadata collected by educational apps can fall under FERPA if it can be linked to a specific student.

Despite its clear guidelines, FERPA violations still occur – often unintentionally. A teacher might accidentally email a student’s grades to the wrong parent, or a school might use a new app without verifying its data privacy practices. Sometimes, the issue is as simple as not having proper access controls in place, allowing staff who don’t need access to sensitive data to view it anyway. In many cases, the root cause is a lack of training or awareness.

So how can schools ensure they’re not only compliant with FERPA but also fostering a culture of data privacy?

One of the most effective strategies is to implement strong access controls. This means limiting who can view or edit student data based on their role within the school. Adding layers of security, such as two-factor authentication, can further reduce the risk of unauthorized access.

Equally important is staff training. FERPA compliance isn’t just the responsibility of the IT department, it’s a shared duty across the entire school community. Regular training sessions can help teachers, administrators, and support staff understand how to handle student data appropriately and what to do if they suspect a breach.

Technology also plays a vital role in protecting student information. Schools should use secure platforms that offer encryption for both data storage and transmission. Regular security audits and assessments can help identify vulnerabilities before they become problems. And when working with third-party vendors, schools must ensure those companies are also FERPA-compliant. This includes signing data privacy agreements and reviewing the vendor’s terms of service. In addition to data privacy agreements, our friends at Common Sense Media have created a clearinghouse of reviewed privacy policies

Another key aspect of FERPA compliance is transparency. Parents and students should be clearly informed of their rights, including how to access their records and request corrections. Schools should have a straightforward process in place for handling these requests.

Of course, even with the best precautions, data breaches can still happen. When they do, it’s critical to act quickly. Schools should have a response plan that includes identifying the scope of the breach, notifying affected parties, and taking steps to prevent future incidents. This might involve resetting passwords, patching software, or revisiting internal policies.

Final Thoughts

Ultimately, protecting student data is about more than just checking boxes – it’s about building trust. Parents entrust schools with their children’s most sensitive information, and it’s up to educators and administrators to honor that trust through thoughtful, proactive data stewardship. By understanding FERPA, investing in secure technologies, training staff, and engaging with families, schools can create a safe digital environment where students can learn and grow without compromising their privacy.

0 comments
0 FacebookTwitterPinterestLinkedinThreadsBlueskyEmail
Image of cell phone being held by person
AdvocacyBYODChromebooksCTO/CIOCybersecurityDigital CitizenshipLeadership

Top Five Questions About App Data Privacy

by Dr. Bruce Ellis
written by Dr. Bruce Ellis

In our society, few folks actually take the time to read the terms of service before installing apps on their devices. This is true for students and adults alike. If we find an app that looks like it will meet a need, we typically install it without considering what we might be giving up. Here are five questions to ask before installing apps, and then we’ll look at several helpful resources to expand your understanding of the critical nature of data privacy.

Q1:Does the app developer clearly state what data they collect and how they use that data on its website?
Q2:Does the app developer share what permissions are granted to use the app BEFORE installing the app?
Q3:Does the app identify a relatively recent date of its last update?
Q4:Does the app developer give information on their website if they handle data in accordance with the European General Data Protection Regulation (GDPR) or the Children Online Privacy Protection Act (COPPA)?
Q5:Does the app developer allow you to request that your personal data be removed?

Asking these five questions while searching for and researching apps will help you choose ones that are in alignment with your safety concerns for your students. If you don’t find the answer to any of these five questions on their app’s website, developer’s page, or privacy policy page, take the initiative to contact them and ask.

If you realize that these five questions reveal you need to brush up on data privacy concerns, here are some resources to help bring you up to speed. These resources make the biggest impact when you provide opportunities for discussion with peers, parents, and leaders in your school/district.

Data Quality Campaign

The Data Quality Campaign (DQC) is a national nonprofit policy and advocacy organization dedicated to ensuring that education data works for individuals, families, educators, communities, and policymakers. They provide many helpful resources that you might consider sharing with your peers, parents, and leaders in your district.

Image of people with lock symbol covering face

Encryption

Encryption is a common method often used to protect sensitive student information. Encryption is a common security practice, but privacy policies rarely mention it. Most commonly, encryption is mentioned in connection with billing information. Without examining its policy, there is no way to tell which data a service encrypts. De-identification is another important aspect of student data privacy on apps. Almost half of the privacy policies mention de-identification as a primary reason for collecting data. These policies are almost exclusively used for analyzing user behavior and reporting on student performance within districts.

If you are looking for more information or need help, go to Terms of Service; Didn’t Read. They may have reviewed the app already. If not, you can submit a request to help answer your question.

Image of sketches of people in a row

Parental Responsibility in Data Privacy

Parental responsibility for student privacy is a crucial responsibility. In addition to protecting their children’s privacy, parents must educate themselves about the technology their children are using. If parents allow their children to use technology without parental supervision, they could be agreeing to data tracking. In addition to educating themselves, parents should always check the privacy practices of the websites and apps they use. By ensuring these services are transparent about their data collection practices, parents can rest assured that their children’s privacy is protected.

Parents who want to learn more about taking a proactive role in protecting children’s privacy can go to one of these sites for relevant help.

  • Connect Safely – A nonprofit dedicated to educating users of connected technology about safety, privacy, and security. You can easily explore information sorted by topics and access quick guides, news, and podcasts on their website.
  • Parent Coalition for Student Privacy – This coalition focuses on being advocates with parents in helping keep their child’s data safe. Check out their website for an interactive state student privacy report card, an educator toolkit, and a parent toolkit.
  • The Education Cooperative – Helpful information to support parents in understanding legal issues such as COPPA, PPRA, CIPA, and FERPA and how it relates to the safety of their child.
Image of variety of avatars in a line

Teacher Responsibility

Teachers, too, need to educate themselves about the privacy practices of third-party developers. Connecticut has passed a law establishing a task force to study student data privacy on apps. The task force will explore whether local boards of education should adopt data contracting policies, and they will train employees on best practices. The law will also develop a list of websites and software approved by the state and approved by school districts. By providing more information about the privacy practices of third-party providers, parents will feel more comfortable with these platforms.

Each district is responsible for managing student data generated within the school environment and on school devices. The following points can help teachers know how they play a critical role in ensuring student safety. Ignorance of your responsibilities as an educator does not protect you. Seek out the information to be an informed and proactive educator and advocate for your students.

  • Contact your Technology Department and ask where they provide training for educators on digital citizenship, student online safety, and best practices in relation to using apps and digital devices in the classroom.
  • Contact your Professional Development Department (or HR) to find out what resources are available to help teachers better understand their role when using technology with students.
  • Contact your local educational service center (or state education association) for information on student data privacy they’ve already prepared and made available. Sometimes this is posted on their respective websites; sometimes, you will need to call and track down the person with the information.

While most students are comfortable sharing their social-emotional learning survey results, they may be less comfortable sharing their social-emotional learning results with a school or other third party, for example. Regardless of the level of privacy concerns, a student’s privacy is the most important thing parents, teachers, schools, and he or she can protect.

0 comments
0 FacebookTwitterPinterestLinkedinThreadsBlueskyEmail
robot
Google Tips and TricksMicrosoftTechnical Support

TCEA Responds: Google and Student Data

by Miguel Guhlin
written by Miguel Guhlin

Dear TCEA Responds:

I’m reaching out to you with a question on Google and student data.  In your opinion, how safe are we with sharing student names and assessment data on Google?  We have a strict policy of not sharing student PEIMS data, but are we safe to assume we can save student names and assessment info?

-Jill

Dear Jill:

As you may know, G Suite for Education employs a higher level of security than the consumer version of Google Suite. Google employs encryption to protect your data while it is stored on their cloud servers. On that count, it is unlikely that your data will be breached by G Suite EDU. However, should a user’s account be compromised (e.g. a successful phishing attack is one common approach), then access to any data stored in the cloud would be in danger.

Two-Step Verification

That is why ensuring you have two-factor authentication (a.k.a. two-step verification) in place is so important. Even in the face of a successful phishing attack, no one would be able to get access to the shared data. Without that in place, it is best to encrypt files or data stored in Google Drive. This, of course, would defeat the convenience G Suite EDU provides. So, I STRONGLY recommend putting two-factor authentication in place.

Encryption

If you have Word or Excel files that will need to be stored in encrypted form in Google Drive, but have no need for others to work on it, then you can use a free cross-platform solution like Cryptomator. If you intend to share a Google Sheet with student names and info, then you are far better off considering two-step verification to protect account login/password and then using G Suite EDU. A solution like SysCloud offers on-the-fly encryption.

Shared Drive Settings

Another key point to keep in mind is that G Suite EDU makes it easy for end users to SHARE data for collaboration purposes. Improper SHARING approaches (e.g. sharing a file/folder to anyone with the link and public on the web) can put sensitive data at risk without any nefarious intent from anyone.  Putting confidential data in a SHARED DRIVE (Team Drive) would make it viewable and accessible by all who have been granted rights to that shared drive.

A Response

To respond to your question, you own the data you store on Google and decide how to use it. So long as Google safeguards the data (which it does), then you own the responsibility for protecting it when the only access is via a user account. If you have taken sufficient precautions to protect user account logins/passwords and provided sufficient professional development to staff so they don’t make sharing errors, then there is no reason why you cannot store sensitive data on Google Drive’s encrypted cloud servers.

Did You Know?

TCEA is available to meet your professional development needs. We can provide friendly, education-specific professional learning on cybersecurity and cybersafety that enhances the work of faculty and staff. Reach out via phone at 800-282-8232 or via email to Lori Gracey (lgracey@tcea.org).

Google and Student Data

Protecting student data is even more important today given the many data breaches that have occurred. You must make every reasonable effort to secure student data while maintaining a balance. Fortunately, you need not work alone to accomplish this. Build capacity on your team. You may find the following resources to be of interest.
0 comments
0 FacebookTwitterPinterestLinkedinThreadsBlueskyEmail
student data privacy
Digital LiteracyGood TeachingLeadership

Protecting Student Data Privacy at School

by Susan Meyer
written by Susan Meyer

With all that has come to light about Facebook in recent weeks, it has many people considering the privacy of the data we share online. The information we share can reveal a lot about us. It can also be a tool to better advertise to us and even to shape the type of news we see.

As adults, we can read about privacy and make informed decisions on how much or how little we share. But what resources can we give our students to help them understand the power of their personal information? Equally important: how can we make sure our students’ data is safe when they use ed tech apps and tools at school?

Safeguarding Student Data

Technology can open up the classroom walls and provide incredible, expansive opportunities for students. However, opening the classroom walls shouldn’t mean eliminating safeguards for students. Protecting students’ data is extremely important for both ethical and legal reasons. Apps, websites, and tools that students use every day may collect information about their users. It is important to vet the tools you use and their privacy policies to make sure they adhere to school policies and federal and state laws.

Understanding the Law

The Children’s Online Privacy Protection Act (COPPA) limits what information companies can collect from children under the age of 13. It requires companies to provide clear privacy notices and to obtain parental consent before collecting information. School officials can provide this consent in lieu of a parent if the product is used purely for educational purposes. The company can then collect information only for educational, not for commercial, reasons.

Learn more about COPPA and how it can affect students and educators.

Modeling Good Privacy Practices

In addition to vetting products your school uses, you can also help guard student privacy both in and outside of school by encouraging them to be canny digital citizens. For example, if a student recommends an app or program or uses one for a project, ask them to tell you about what data they have shared. Here are some questions to have them consider:

  • What data did you have to provide when you created an account?
  • Did you read the privacy policy for the product?
  • Do you know if your information is shared with a third party?

Encouraging students to be curious and to seek out new tech tools is important, but so too is making them think carefully about what they choose to share about themselves and with whom. Empower your students to vet the tools they find and to make good choices for themselves about who can access their information.

Resources to Help Develop a Student Data Privacy Policy

You can also read more about student data privacy on the TechNotes blog here.

We live in an age of information. Short of going off the grid, it’s impossible not to have at least some of our data online somewhere. But by staying vigilant and being knowledgeable, we can make sure our students’ privacy is protected.

 

0 comments
1 FacebookTwitterPinterestLinkedinThreadsBlueskyEmail