Cyberattacks and data breaches are infiltrating K-12 communities. To proactively thwart these attempts to steal student data, states such as New York are passing legislation that requires school districts to adhere to stipulated student data privacy compliance regulations.
With so much on their plates already, creating, implementing, and monitoring an effective data privacy compliance strategy is a time-consuming and stress-filled task for most school district leaders.
As the Director of Instructional Technology at a New York school district, I have been leading our data compliance efforts, and I very much understand the significant challenges schools are facing. To help other districts navigate this unpredictable landscape, I have put together the following recommendations:
1. Continuously monitor what your students and teachers are using on their school devices.
With so many free apps and web-based learning tools available, it is extremely difficult for school leaders to track what their students are using if they do not have direct visibility into their students’ and staff’s application usage data. In some instances, teachers are providing their students’ names and dates of birth to access these free resources without realizing the ramifications sharing that information could have on their students’ data privacy.
At my own district, Fayetteville-Manlius School District, we have a rule in place that teachers are not supposed to begin any new software program until they vet it with a member of our instructional technology staff. Despite this policy, I have discovered through CatchOn, a data analytics and data privacy monitoring solution we use, that some educators are continuing to introduce new online tools without notifying our instructional technology team. Even though my team reminds our staff of this policy during our yearly trainings, and the teachers agree to abide by it, I can see through CatchOn that there are products being used that have not been approved and/or vetted.