Compliance is NO LONGER Cut-and-Dry! Compliance has fundamentally shifted to focus on student data privacy–who has access to student data in your school or district, and what companies are exposed to your student data. The focus also seeks to define a collective mindset within your school district’s culture on how to protect student data holistically from teachers to administrators. To this point, privacy and confidentiality of data is a paramount issue within the entire education hierarchy from State Departments of Education down to small rural schools. This also means that the collective understanding of student data must be maintained from the desk of the Superintendent’s office down to the educator’s classroom.

As a society, we have all become more knowledgeable about the perils of data when it is accessed by or put into the wrong hands. To this point, most every adult with a child in school has been exposed to malicious use of personal data. With the proliferation of social media, parents are more knowledgeable about data use and data breach. When Facebook changed their terms of service, allowing third-party applications to use their profile images in advertising campaigns, there was a huge uproar among parents. This was amplified when approximately 100 million Target customers were negatively impacted because their identity had been compromised. Our society has changed. Data is the key driver to analytics, and using machines throughout the learning process provide data that helps to facilitate better outcomes. However, the adoption and use of data which, if not implemented carefully, can also be used destructively, and worse, may adversely impact a school and its student population.

School districts are required to protect student data under the Family Educational Rights and Privacy Act (FERPA). This is an enormous task. Consider that most school district budgets are shrinking. Unlike information technology departments in the private sector, school districts are commonly understaffed and are constantly being asked to do more with less. Add to the mix that the majority of K-12 education information technology departments don’t have the luxury to have a dedicated IT security staffer let alone someone dedicated to manage the litany of legislative mandates that impact their school district. Turnover in K-12 education information technology departments continue to threaten schools because the challenges a school district’s information technology team must take on seem, at times, almost insurmountable.

Adding to the complexity, school district information technology teams must establish stringent rules to protect schools from educators sharing too much data. Teachers and their methodologies, by which new information technology tools are curated and utilized for classrooms, have become too autonomous. To be candid, one of the most critical concerns that a school district faces is the selection of technologies for student utilization. This one issue raises the largest concern for school districts because the opportunity for legislative violation is so easily achievable. Consider this: every district staff member, to some extent, is now an extension of the IT staff. Anyone–a teacher or an administrator–can sign up for free cloud-based Web software solution and potentially start sharing private student data in a matter of minutes. Sure, schools establish protocols to be followed as it relates to using third-party tools, but ask any school district’s information technology team, and they will tell you that it is very common for a teacher to bypass, or attempt to bypass, a school district information technology department or approval process.

The threat is real and so are the legislative violations. School Districts need new solutions!

At i-SAFE, we hear about these concerns all the time. For example, an educator (with the best intentions) who unknowingly creates accounts for his or her students on a cloud-based solution that does not comply with the Children’s Online Privacy Protection Rule (COPPA) may be found in violation of your school or district’s Internet Safety Policy. Even more common are conversations with school districts whereby an administrative staff person may mistakenly place a spreadsheet of FERPA protected student data into an online file-sharing service like DropBox, EverNote, or Google Drive. In some instances, unfortunately, this data has been accidentally shared with individuals who were not approved to access the documentation. Because of the pervasiveness of technology, the accessibility to share information among individuals, and a lack of understanding as it relates to student data, school district personnel are just a mouse click away from allowing virtually anyone to obtain access to private information. In a school environment, access to sensitive student data could turn into a legislative nightmare.