4 ways to improve your district’s data privacy

With K-12 school districts using cloud collaboration platforms more than ever before, the approach to data privacy in schools is looking a lot different than what administrators are used to.

Google Workspace and Microsoft 365 are keeping students and staff connected. These apps have forever impacted the way education is delivered in school.

School districts suffer from data leaks—when a student or staff member shares data outside of the school district’s domain. At the same time, school districts have become one of the most targeted organizations for cyberattacks. Regardless of whether these incidents are malicious or inadvertent, they should not be happening in the first place.…Read More

3 ways to strengthen your student data privacy compliance strategy

Cyberattacks and data breaches are infiltrating K-12 communities. To proactively thwart these attempts to steal student data, states such as New York are passing legislation that requires school districts to adhere to stipulated student data privacy compliance regulations.

With so much on their plates already, creating, implementing, and monitoring an effective data privacy compliance strategy is a time-consuming and stress-filled task for most school district leaders.

As the Director of Instructional Technology at a New York school district, I have been leading our data compliance efforts, and I very much understand the significant challenges schools are facing. To help other districts navigate this unpredictable landscape, I have put together the following recommendations:…Read More

Promethean Announces iKeepSafe Student Data Privacy Certification in the U.S. for ClassFlow Software

 Promethean®, a leading global education technology company, today at TCEA 2021 announced its ClassFlow platform had received iKeepSafe certification renewal. The certifications for FERPA, COPPA, and California (Student Privacy – CSPC) mean that ClassFlow has been assessed by iKeepSafe and meets iKeepSafe’s rigorous standards. iKeepSafe assesses and certifies for compliance with U.S. federal and state privacy laws, helping to eliminate privacy concerns during remote, hybrid, or in-person teaching.

Promethean’s ClassFlow enhances remote learning as a cloud-based lesson delivery service with advanced collaboration tools for student engagement. ClassFlow keeps remote, hybrid, and in-person students interested in interactive lessons, activities, quizzes, and thousands of immersive resources, lessons, and activities from educators worldwide. It also helps teachers deliver dynamic lessons to students’ devices and brings interactive classroom displays to life for effective hybrid learning. As ClassFlow is cloud-based, it can be accessed anytime and anywhere.

iKeepSafe privacy certifications ensure that edtech products are compliant and demonstrate responsible privacy, safety, and security practices. ClassFlow received the following certifications:…Read More

Research Shows the Need for More Support to Protect Privacy and Advance Digital Equity

The Center for Democracy and Technology (CDT) today released a new report — with accompanying survey findings — that reflect the urgent need to provide improved student privacy support to teachers, parents, and students. Almost half of teachers report they have received no substantive training on data privacy, and only four in 10 parents say their schools discussed their data protection practices. Despite that, parents and teachers report favorable opinions of the continued use of education technology even after the pandemic ends.

The report, titled “Protecting Students’ Privacy and Advancing Digital Equity,” is based on significant data collection and outlines steps education leaders and policymakers should take. These include prioritizing privacy-focused teacher training and proactively communicating with parents about how schools are protecting their children’s data. Additionally, leaders can reduce inequity through closing the digital divide while protecting privacy, and scale up the good practices of special educators, a standout from their peers, to protect all students. The recommendations were shaped by surveys and focus groups commissioned by CDT. View the findings here.

“It can be easy to overlook hard-to-see issues like digital safety and student privacy during a time of crisis like COVID-19,” said CDT CEO Alexandra Givens. “But as our research shows, safety and privacy are vital concerns, and the vast majority of teachers and parents support more online learning even after the pandemic. It’s critical that policymakers, schools, teachers, and parents work together to protect students.”…Read More

Encrypt Email and Attachments

Today, and in the coming days, data privacy will become even more important as the need to collaborate and share data securely increases. For many, data protection is not a choice, it is a legal and operational requirement.

To better support organizations hit especially hard by the effects of the COVID-19 pandemic, Virtru is offering the following through June 30, 2020:

  • K-12 Education institutions and organizations supporting the defense and intelligence mission may receive unlimited complimentary licenses.
  • Any Healthcare, State and Local Government, or Nonprofit organization may take advantage of up to five complimentary licenses.

For more information visit https://www.virtru.com/covid-19/…Read More

Understanding cyber liability insurance

[Editor’s Note: This article was first published on the TCEA TechNotes blog.]

Have you read the latest newsflash? School district data breaches are on the rise, and your school district’s student information system (SIS) data could be a prime target for hackers. The SIS contains records of minors, representing an unexploited, potential victim. Identity thieves are sharpening their digital knives for the feast. Let’s explore this topic from a cyber liability insurance perspective.

Framing the discussion

Keep these questions in mind as we step through this relevant topic.…Read More

Data access is easier than ever, but is that a good thing?

Tactical student data privacy questions like “What can I do right now?” should be asked by all CIOs, teachers, administrators, and policymakers in this changing landscape of data access, student privacy, and interoperability. In a recent edWebinar, Dr. Larry Fruth, executive director and CEO of the Access 4 Learning (A4L) Community, and Jena Draper, founder and general manager at CatchOn, discussed the challenges school districts face with data access and student privacy. Dr. Fruth suggests that school districts hit the ground running by adding privacy components and security before it becomes a “What should I do right now?” situation. Draper says that school districts need to look at data access from all angles, from the outer layer of the infrastructure to the rogue apps used in classrooms, to create sound data access and student data privacy plans.

The data balancing act

Open access to data has the potential to violate student data privacy regulations, but closed access to data has the potential to lock everything down. The “sweet spot” of data access is critical in the environment where data is no longer used in a silo but used in data conversations around graduation rates, college readiness, and career pathways.

The challenge, as highlighted by Fruth, is how much data should be accessible to the stakeholders. If they have access to too much data, it will feel overwhelming, and if they don’t have enough access, they don’t feel empowered to do what they need to do. For student interoperability frameworks, Fruth explains that the goal is to create a simple data exchange across all the different applications in a digital ecosystem. The reality of interoperability is that data exchange can seem to be simple but is complex. However, no matter how involved and complicated the data management issues are, it needs to be managed, moved, and secured as school districts go through daily operations.…Read More

IT leaders, admins still fear network attacks

Balancing access to educational resources with security needs remains a top challenge for school district IT leaders, according to new findings from the Speak Up Research Project for Digital Learning.

Seventy-one percent of district administrators and IT leaders are concerned about the security of their network against malicious attacks or misbehavior, as outlined in the data, which comes from a collaboration between the nonprofit Project Tomorrow and cloud security provider iboss.

The top concern with cloud applications among technology leaders is ensuring data privacy (58 percent).…Read More

5 different ways IT directors handle student data privacy

Student data privacy is a hot-button issue. In the last five years, according to Amelia Vance, director of education privacy & policy counsel at the Future of Privacy Forum (FPF), over 600 bills on the topic have been introduced and 125 new laws have passed in about 40 states. “Unfortunately, the vast majority of those laws came with no resources, funding, or support to implement them. I give a lot of credit to the leading district CIOs and CTOs who have stepped up and fulfilled the promise of the laws,” says Vance, who also runs FERPA|Sherpa, the Education Privacy Resource Center that has loads of resources online.

Vance encourages district leaders to start by training every person in your district who has access to information about the importance of privacy and protecting that information. “Most of the issues that arise are because of human error,” she says. “Email attachments that shouldn’t be sent out get sent; web pages go live that shouldn’t; people forget to lock their computer.” Recently, she heard about a district that posted its school safety plans online before the school board meeting; no one noticed they included the private medical information of students and teachers who would need assistance in a school safety emergency.

In 2019, a lot of general privacy laws may pass that will unintentionally apply to schools. Vance suggests keeping an eye on any privacy bills that come up in your state because they may accidentally cover you and give you additional responsibilities. She says you can keep updated by Googling your state + consumer privacy act. You can also bookmark the FPF and FERPA|Sherpa websites, as they’ll be keeping track of the news.…Read More

4 simple questions school leaders should ask about cybersecurity

In today’s world where hacking and other forms of cyber-attacks abound, it isn’t enough to simply expect that the IT staff has data security under control. According to the White House Council of Economic Advisors, in 2016, cyber threats costs the U.S. economy between $57 and $100 billion. The same document articulated that “cybersecurity is a common good.” Schools are not immune, and a recent review of a dark web marketplace by Flashpoint for access to compromised Remote Desktop Protocol servers proved that. Two-thirds of the server information available was from educational entities.

School district leaders needs to be proactive in asking the following questions to ensure that data security is being taken seriously. Are realistic safeguards in place to protect student and staff privacy? Can your district recover data in the case of an emergency or disaster?

Question 1: Are your password procedures up to speed?
Password and account security needs to be ramped up. Required password changes should be implemented at least each semester, if not every 90 days. IT staff are often hesitant to require such changes as staff grumble about this and take up a great amount of help desk time when changes are required. Leadership should try to insulate the IT staff from these types of complaints and at the same time ensure that strong password policies are in place. Passwords are moving toward a dozen characters and reQu1ring! the inclusion of capital letters, numbers, and special characters. Make sure no one shares their passwords with anyone—not even their trusted assistant.…Read More