Student data privacy protection featured

3 Tactics for Effective Student Data Privacy Protection

The importance of student data privacy protection

After the widespread technology boom in education, district leaders and teachers are inundated with a seemingly infinite number of applications for digital learning. IT professionals are now casting all eyes to the safety and security of student data collected by the growing list of new resources, as district systems full of sensitive data become more vulnerable to cyberattacks and data breaches. Since 2018, the number of reported cyber incidents in schools has increased from 400 to over 1,300, according to a 2021 report by the Cybersecurity and Infrastructure Security Agency.

The urgency is evident as more states pass laws to protect districts and student data privacy, adding more requirements for district IT teams to manage. With the building pressure surrounding student data privacy, it’s crucial for IT professionals to have the resources and network to ensure data is protected.

In a recent discussion hosted by Lightspeed Systems®, leading voices in student data privacy—Kevin Lewis, Data Privacy Officer from 1EdTech Consortium, Jim Siegl, Senior Technologist at the Future of Privacy Forum and former Technology Architect for the Fairfax County Public School District in Virginia, and Jim Farmer, Chief Technology Officer at Fayette County Public Schools (FCPS) in Georgia—gathered to provide insights in effective protection of student data.

What are some action items you can take for effective student data privacy protection?

1. Make student data protection a district-wide priority and effort

District technology teams are often infiltrated with new applications on their networks and requests for even more applications to be vetted. With the large task of securing student data privacy on an abundance of applications, the panel discussed the power in a “district-wide awareness and action” approach to student data privacy protection.

In this approach, Jim Farmer explained how members of the FCPS district gathers as a “data governance council,” consisting of voices from across the district to raise awareness, education, and explanations on student data privacy protections within the organization.

“We had to raise the level of [awareness] of everyone at the table so they could go back and work with their departments and disseminate the information and awareness that we’re doing because we are tackling things like vetting of apps, password policies, security procedures, and data cataloging,” shares Farmer. “Just about anybody in your district is going to have access to information or student data. So, it can’t just be a technology initiative. It has to be done as a team and has to be taken on as one of the most important things.”

Diving in deeper, the panelists highlighted communications and education that enable district-wide personnel to be part of the app vetting process themselves. Jim Siegl, from the Future of Privacy Forum, shared a mnemonic of considerations when opening up conversations on the app vetting process for educators: ITPASSES – interoperability, training, privacy, accessibility, security, safety, effectiveness, and sustainability.

“These are all part of the conversations we would have as a district, and as educators, and technologists,” says Siegl. “It was a very inclusive way of bringing people into the conversation to talk about this. It’s more than just a privacy checklist or a privacy gateway. It was how are we bringing this particular education tool into the district to support student learning and make it sustainable, private, and secure.”

To support educators in his district, Farmer provides a rubric outline to enable them to be an active part of the vetting process. “When they go to a conference, they usually find all these wonderful apps they want to come back and use,” shares Farmer. “We’ve given them a rubric that they can pre-vet these apps and determine if this is something that’s going to fit and work, as opposed to coming back and downloading 5 to 10 new things they just saw over the last few days at a conference, and that has helped with awareness and education.”

Finally, the panel shared the need to work with edtech partners about safeguarding district data. “Make sure you work with the partners that you have, because there’s already a relationship there,” said Lewis. “Having these important discussions about privacy, about security, about your concerns as a district … because they’re the ones that can make it happen.”

2. Stay connected within the edtech network of organizations for continuous learning and leverage helpful resources

As the need for effective student data privacy protection grows, new regulations pass, and protocols change, the panel stressed the importance of leveraging the wealth of knowledge among the edtech network and resources available through them. Organizations like 1EdTech (formerly IMS Global), Consortium for School Networking (CoSN), and International Society for Technology in Education (ISTE) provide members with resources, networking, and support for IT professionals seeking assistance with student data privacy. Farmer highlighted the Annual Horizon Report by CoSN for education and awareness on key issues in edtech, like data privacy.

Kevin Lewis, from 1EdTech, shared the ways his organization is helping districts protect student data. In collaboration with K-12, higher education organizations, state departments of education, and other edtech providers, 1EdTech created a rubric for app vetting. “It was meant to give schools who want to vet their applications a quick snapshot into what that supplier’s doing and how transparent they are with their policies,” Lewis shares.

For example, Lightspeed Digital Insight clearly displays badges from the Student Data Privacy Consortium and 1EdTech’s TrustedEd Apps Seal of Data Privacy so that district admins can quickly identify which apps are Certified for Data Privacy. Similarly, IT professionals can look to the Future of Privacy Forum for a comprehensive list of vendors who underwent privacy policy reviews and committed to the security of student data as part of the Student Data Privacy Pledge.

For assistance at the state level, Farmer recommended Cybersecurity and Infrastructure Security Agency (CISA) and state departments of education. Through recent expansions, districts can utilize CISA’s contacts for guidance and assistance in student data privacy protection.

3. Have a system in place to track and monitor applications on the district network and their student data privacy policies

In today’s learning landscape, the volume of threats, an abundance of new applications, more devices in the hands of students, and increased parent awareness all contribute to the need for district IT leaders to take ownership, including having visibility at all times of technology active used on devices and network across the district. As a CTO, Farmer recalls running a snapshot of one week in his district and finding over 4,500 apps in use.

To streamline student data privacy management, districts are turning to trusted edtech partners with tools, like Lightspeed Digital Insight. Lightspeed Digital Insight was designed to provide privacy policy scanning to help schools meet regulations and save time while managing third-party policies. With Lightspeed Digital Insight, IT leaders gain a comprehensive overview of all applications used on their network and devices, across all OSes, and can identify apps that need to be reviewed, ensuring teachers can safely pilot apps and IT has visibility.

While keeping up with new and existing regulations around student data privacy can be a challenge, Lightspeed Digital Insight also integrates with top privacy policy standards, such as 1EdTech and Student Data Privacy Consortium badges, to ensure compliance with regulations like GDPR, FERPA, and COPPA.

To get a comprehensive view of resources used on network and visibility into third-party privacy policies, schedule a demo of Lightspeed Digital Insight today.