Educators have relied on data to make informed decisions for as long as it’s been available (the foundations of standardized testing got its start in the 19th century).
For much of that time, the main worry was whether or not that data was being accurately interpreted. Technology, of course, has radically improved how we collect and analyze data, but has thrown a new wrench into its use — mainly regarding ethics, privacy, and safety.
Chief among these concerns are breaches into school systems and accidental data leaks, according to a new report on data privacy from the Southern Regional Education Board, a collective that works with K-12 and higher ed policy leaders in 16 southern states. The report, titled Data Privacy and Security, mentions a number of pressing concerns regarding education data and makes several recommendations for how states and education agencies can stay safe and transparent as they collect, govern, and share student data.
In recent years, both districts and colleges and universities have been caught off guard by cyber attacks that have put personal information at serious risk. The University of Connecticut, for example, was hit with malware. A district in South Carolina was the victim of a ransomware attack when hackers demanded $10,000 in exchange for the safe release of personal information. At another university, a third-party vendor accidentally exposed more than 100,000 student records.
In response, 34 states (including 14 SREB member states) enacted new legislation designed to protect student information that spell out everything from who can collect and view student data to what information schools can share with vendors to the creation of a state controller to manage student data security.
The report also expresses concern for data governance and transparency “about how, when and where data are collected, used and made available,” and recommending safeguards — such as redactions and large sample sizes with few identifying details — to minimize the impact of data breaches should they occur.
Here are 4 additional recommendations from the report.
Transparency: States should clarify data governance policies for their ed data and make it easy for the public, particularly parents, to find.
Monitoring/notification: In order to guard against potential breaches, states should set aside enough funding to beef up security programs, and put policies into place for alerting the public when breaches do occur.
Training: Proper training can help minimize risks, but all too often school data is being handled by those without formal training, which should include comprehensive overviews of FERPA, state data laws, and local data policies and practices.
Technical support: Strong IT departments are necessary to guard against breaches — both malicious and accidental, and states should ensure that insitutions have appropriate access to funding and training in this regard.
The report, with additional suggestions, is available in full online.