Welcome to the Learning Continuity Guidebook, this post is the fifth in a nine-part series. Click here to learn more about the guidebook and its contributors.
With digital learning and productivity tools at the heart of many learning continuity plans, districts are faced with keeping a colossal amount of student and staff data secure – both inside and outside of school walls.
As the FBI warned in 2018, these tools collect personal and identifiable information including employee social security numbers, medical information, students’ geolocation, IP addresses, and much more. If that data is compromised or exploited, there could be serious impacts on student and staff privacy and safety.
Assess your data privacy and security
Conducting a self-assessment is a first step to understanding the current state of data security in your district and identifying a road map for improvement. An assessment can act as a tool that:
- drives change
- identifies strengths, vulnerabilities, and opportunities for improvement
- energizes improvement initiatives
- increases the focus on district and organizational goals
- aligns resources with strategic objectives
You can find best practices for assessing and establishing a data security and privacy framework through the National Institute for Standards and Technology and CoSN’s Trusted Learning Environment (TLE) initiative (the nation’s only data privacy seal for school systems).
Using a framework to strengthen practices will show you where your district is and what you need to do to improve.
For many of the districts leading the way in data security, earning the Trusted Learning Environment (TLE) Seal is a significant part of their efforts. Through our own work and research, here are some key lessons around strengthening data security and privacy we’ve learned along the way.
Establish a data governance committee
Truth be told, many districts aren’t awarded the TLE Seal the first time they apply, largely because they don’t have a data governance committee – one group that oversees your full data security policy and procedures.
To rectify the problem, districts often take it one step further. To gain a detailed district-wide view on data security, they establish two teams, an advisory group – the boots on the ground who make recommendations around data security – and a governance committee to lead and own the data security plan and policies.
The advisory group consists of the people seeing the real data security issues in action; librarians, teachers, principals, and some staff at the director level.
The governance committee includes staff and community members at the highest levels including, the superintendent, assistant superintendent, assistant superintendent of HR, the police chief, curriculum leaders, and associate superintendent.
Put protections in place
Next, you need to identify processes and assets that need protection and put tools in place to protect your data.
For example, a robust Internet firewall and content filter will help you restrict access to inappropriate information by filtering and blocking websites based on categories such as:
- security risk
- potentially liable and/or harmful content
- adult/mature content
- general interest/personal
These tools also provide extensive monitoring and reporting so you can clearly see what's happening within the district. Reports at the global or individual level tell you about Internet browsing activity, bandwidth usage, or security threats.
Build and share policies
The Trusted Learning Environment Seal helps here by providing a formula districts can follow to build the policies and procedures needed to not just protect data but also provide transparency into the process. The TLE Data Governance Policies and Procedures Checklist is a helpful starting point.
As you build your policies be sure each is supported with a clear outline of the specific actions students, staff, and parents need to keep data private and secure.
- Perform audits of data privacy and security practices and publicly detail these measures
- Create leadership practices to manage and collaborate with stakeholders regarding the use and governance of student data to inform instruction.
- Establish business practices to vet acquisitions and secure contracts with data share agreements that address compliance laws.
Putting your data security policies and procedures in writing isn’t enough, you need to raise awareness and provide training among parents, teachers, and students.
This is a huge effort. But it’s important to reach everyone that deals with or shares data in your district; bus drivers, teachers, the basketball coach, the librarian, the school nurse, the accounting team, and the list goes on.
Steps you can take:
- Require school staff to conduct privacy and security professional development and offer the instruction to all stakeholders
- Implement classroom and educational procedures to ensure transparency while increasing academic performance
- Communicate using thorough analysis, proactive planning, and confidence
Leander Independent School District publishes public policies online and then communicates its existence to staff, students, parents, and the community through avenues like their website and newsletter. Other efforts to educate the district community about data privacy include providing employees with annual training, running phishing simulations, and engaging in social media campaigns to raise awareness.
Another tip is to follow Loudoun County Public Schools’ (LCSD) lead, educating parents, students, and staff about which data they gather and why. LCSD posts this information clearly on a data security FAQ page on their website.
Education is a make-or-break step in the realm of data privacy and security. Mistakes and breaches happen when data security isn’t top of mind and people don’t understand their role in the process – leaving everyone vulnerable.
Join us next week to learn how districts can ‘Develop Teacher & Student Capacity' to support their learning continuity plans. Follow us on social media to stay up-to-date with new entries in this series, or subscribe using the form below.
As we continue through the series, we’ll share resources and best practices from trailblazers and districts leading the way. Here are some that stand out for their vision, expertise, and usefulness.
Districts to follow
Leaders to learn from
- Linnette Attai, Project Director, CoSN Protecting Student Data Privacy Initiative and TLE Seal Program)
- Texas K-12 Chief Technology Officer (CTO) Council, a CoSN state chapter, leading Data Security and Privacy implementation focus group
Practical tools and news you can use