10 Privacy Steps Every District Can Take Today!
In my previous post I wrote about the privacy toolkit that CoSN (Consortium for School Networking) published in March to help districts navigate through FERPA (Family Education Rights & Privacy Act) and COPPA (Children’s Online Privacy Protection Act). See http://www.cosn.org/focus-areas/leadership-vision/protecting-student-privacy.
The more I think about this privacy issue the more it concerns me that because there is so much uncertainty about what districts can or should be doing, they will lose sight of some very concrete steps they can be taking today to better ensure privacy of student data. I detailed these in an analyst report I released in May, with the support of Intel, titled Making Sense of Student Data Privacy. You can download the 3 page report at http://www.k12blueprint.com/privacy.
Here are my recommendations:
10 Privacy Steps Every School District Should Take:
- Designate a Privacy Official - A senior district administrator needs to be designated as the person responsible for ensuring accountability for privacy laws and policies. This is a “divide and conquer” issue, but someone needs to be in-charge.
- Seek Legal Counsel – Make sure that the legal counsel your district has access to understand education privacy laws and how they are applied to technology services. Do not wait until there is a pressing issue that needs to be addressed.
- Know the Laws – Many organizations have and will be publishing privacy guidance for schools, such as the CoSN resource mentioned above. The US Department of Education’s Privacy Technical Assistance Center is a must-know resource at http://ptac.ed.gov/.
- Adopt School Community Norms & Policies – Beyond the privacy laws, what does the school community really expect when it comes to privacy? Seek consensus regarding collecting, using and sharing student data.
- Implement Workable Processes – There must processes for selecting instruction apps and online services. No one wants to slow innovation, but ensuring privacy requires some planning and adherence to processes. Once enacted, the processes should be reviewed regularly to ensure that they are workable and that they reflect current interpretations of privacy laws and policies.
- Leverage Procurement – Every bid or contract has standard language around a wide range of legal issues. By adopting standard language related to privacy and security you will make your task much easier. Unfortunately, many online services are offered via “click-wrap” agreements that are “take it or leave it.” You may have to look for alternatives solutions if the privacy provisions of those services do not align with your expectations.
- Provide Training – Staff need training so they will know what to do or why it is important. Annual training should be required of any school employee that is handling student data, adopting online education apps and contracting with service providers. Privacy laws represent legal requirements that need to be taken seriously.
- Inform Parents – Parents should be involved in the development of privacy norms and policies. Just as schools provide information about online safety and appropriate use, they need to put significant effort into making sure that parents understand the measures taken to protect student privacy.
- Make Security a Priority – Privacy starts with security. Secure the device, the network and the data center. Toughen password policies. Have regular security audits conducted by a third party expert.
- Review and Adjust – Interpretations of privacy laws are changing and new laws may be added. School policies and practices will need updating and adjusted so that they reflect legal requirements. Processes can become burdensome and when that happens, some people may want to skirt the process.
While there are no practical steps that can be taken that would guarantee privacy of student data, by tackling the steps outlined above, schools will be well on their way to taking control of this issue and better ensuring student privacy.
Without a doubt, there will be more to come on this issue!
Bob Moore has enjoyed a career of 26 years in education technology. His work has included more than two decades as a CIO in K12 schools and several years as lead strategist for a multi-billion dollar global ed-tech business, as well many years of active leadership in organizations such as CoSN. In 2012 Bob founded RJM Strategies LLC and works with schools and ed-tech business clients as a strategist, advisor and subject matter expert. His life’s work is grounded in his tenacious commitment to vision, innovation, integrity and practicality. Follow Bob on Twitter @BobMEdTech. See Bob's Profile and Connect on LinkedIn at https://www.linkedin.com/in/bob-moore-675ba4