3. Form collaborative partnerships
“Westwood (MA) Public Schools is a member of The Education Cooperative (TEC), an educational collaborative that serves 16 districts in Massachusetts. In the spring of 2017, the TEC member districts identified student data privacy as a need that could be best supported by the collective resources of the cooperative. As a result, the TEC Student Data Privacy Alliance (TEC SDPA) was formed. The main benefits of this alliance include:
- Engagement of a lawyer to create a standard vendor contract, customized for the needs of all member districts.
- Support of an experienced administrative specialist serving as a main point of contact to research, review, and acquire privacy contracts with vendors.
- Access to expert legal counsel to provide us with guidance and support when needed.
“The latest version of the TEC privacy contract is constructed such that when a service provider signs an agreement, all member TEC districts will be able to sign on to the same contract as well. This eliminates the need to have separate contracts between the service providers and individual districts. Early indications suggest that this model is much more favorably received by the service providers.
“The TEC SDPA is essentially a local branch of the Massachusetts Student Privacy Alliance (MSPA), an alliance that started in Cambridge, Mass., and has gained national recognition for its pioneering work in student data privacy. Among other things, this partnership gives TEC access to MSPA’s website, tools, and expertise.”—Steve Ouellette, director of technology, learning, and innovation, Westwood (MA) Public Schools
4. Educate your entire staff
“In Green Bay Area (WI) Public Schools, we have built a process for teachers to request media resources to use in the classroom. First, we verify with Teaching & Learning that the content is relevant and supplemental to the work done in the classroom. Our technology resource coordination team reviews the technical specifications and analyzes how our students interact with the resource. Is PII (personally identifiable information) being disclosed? If so, our department of technology contacts the media resource creator and requests that they sign our FERPA non-disclosure agreement, assuring us that they will follow our model terms of student data privacy and security.
“Depending on the outcome of our interaction with the solution provider, the resource is added to our Green List (teachers may use with students), Yellow List (use with caution by perhaps anonymizing students), or Red List (we recommend that teachers not use the resource in the classroom). You can find our Green List here.
“If Teaching & Learning wants to purchase a district-wide resource that involves technology, we send out a pre-screen document that explores which types of data are exchanged with the system and how it’s exchanged way before the resource gets into the hands of educators to test/review it. If the resource does not pass data privacy/security muster, it does not move forward in the review process.
“Our procurement process includes student data privacy language in the RFP (request for proposal). We make sure data privacy/security agreements are signed by our solution providers before we make the purchase. We belong to the Student Data Privacy Consortium and are active in monthly planning and execution calls.
“Each week, we send a memo to our entire staff called the Friday Fast Five. At least one point of the five includes a student data privacy message or reminder. We have branded it with this logo.
“I work directly with the solution providers to assist them in understanding the importance of their responsibilities in serving as a ‘school official’ and why we need assurances on how they will keep our data safe. Nobody wants to be that vendor or that school district whose data gets breached. As partners, districts and solution providers need to stick together. It’s the expectation of our communities.”—Diane W. Doersch, chief technology & information officer, Green Bay Area (WI) Public Schools
5. Work closely with vendors
“Two years ago, Milford (MA) Public Schools had no network to speak of and even fewer computers available to students. Today, we have a gigabit wireless network deployed at our elementary, middle, and high schools, and this fall we deployed 3,000 Chromebooks to our students and 450 Dell laptops to our teachers and administrators. Given today’s realities, going digital was the clear choice. With that came the need for increased data safety.
“We started by having frank conversations with vendors of our student information system, special education products, and other data vendors housing information.
“We discussed the following:
- Who will own and possess our student data? Also, how will subcontractors handle the data?
- How and where will the data be stored?
- Will the vendor use the student data for comparisons or marketing?
- Is the data de-identified?
- What measures are taken so the data will be secure?
- What will happen to the data if a student leaves our institution or we cease using the vendor?
“Once we launched our digital learning initiative, we installed a new firewall and building switches and virus checker on the network. We created a network loop and connected all fiber thought one district firewall. We ensured that all vendors we work with are encrypting any personal information held electronically. We also disabled any ‘auto-complete’ settings.”—Matthew Joseph, director of IT, digital learning and innovation, Milford (MA) Public Schools