The transition to online learning has reaffirmed that parents are essential partners in students' educational journeys, including in protecting their personal information. As such, parents and schools should be informed about their rights, what information the school collects about their child, and how it is used and protected.
This entails knowing how important it is to keep student data privacy secure throughout the educational journey. Parents and tutors must also actively participate with the school or district in the development, implementation, and review of student privacy and security policies and practices.
The Basics of Student Data Privacy
Students at every level these days have to give and receive a wide variety of data to participate in the modern education system. And this is for good reason; Having a database of student names and birthdays, addresses, parent/guardian names helps to keep track of who and a school should contact.
A database is a great way to store various records from grades to attendance to disciplinary actions, that can be viewed by both school and student at any time. And databases can also hold any special instructions pertaining to things like lunch requirements and special needs. All told, student data can paint a decent picture of a student and help educators to best understand them and appropriately teach.
In today’s digital world, students, educators, and administrators can access this data from just about anywhere. From personal and school computers to cell phones, there are numerous apps, websites, and online programs that assist with storing and accessing this data. Unfortunately, this also means that there are now more potential vulnerabilities for cyberattackers to attack and steal student data. From social engineering tactics like phishing emails to brute force attempts to sneak into servers, these hackers are often looking to make money through ransom or stealing financial account information. That’s why making sure school data is safe through routine maintenance and checks, in addition to educating everyone participating in the system, is more important than it’s ever been.
In addition to cyberattacks, there are a number of ways for student data to be spread throughout the internet often in legal ways, at least up until recently. Most websites and apps used by students are now implementing some form of tracking, learning personal details and behavior from the digital footprints left behind in metadata and cookies.
These companies and third parties will often keep and sell this data to other advertisers hoping to target a potential new consumer with specialized marketing tailored to their behavior and other identifiers such as location.
In order to combat this, a number of states have begun passing student data privacy laws to combat this predatory behavior on young people. Teachers now have the additional burden and ethical obligation to follow, teach, and train in good practices of digital citizenship. This means they are more responsible than ever for carefully choosing the digital products and processes that they incorporate into their lessons.
But they are not alone, as more and more laws that protect student data are being passed every year. These are some of the most important ones:
- Family Educational Rights and Privacy Act (FERPA)
- Children's Online Privacy Protection Rule (COPPA)
- Children's Internet Protection Act (CIPA)
How to Keep Student Data Privacy Safe
All of the above can sound very scary but don’t worry! There are numerous ways to improve and keep student data privacy safe. While some tips can be more involved than others, incorporating every measure will build a robust system for protecting student data privacy.
Review the Data Privacy Policies
Every app or third-party tool used by schools should come with a data privacy policy regarding how they treat their users’ data. Make sure this fine print is in line with your school’s ethical and safety guidelines, and that the external parties are keeping with their word.
Encrypt Sensitive Information
From emails to voice messages, any form of sensitive information should be given extra protection. There are numerous encryption services and tools to provide this extra layer of security available for use.
Delete Files Regularly
Grabbing files from the web or the cloud has never been easier or more convenient, but usually, these old files end up sitting in the download folder once they’ve been used. These unused files have the potential to contain malware or be used as a backdoor for hackers and should be regularly deleted.
Be Careful Sharing Records
Data breaches can occur from inside an organization, whether out of malice or as is more often the case, negligence. One way to minimize these internal risks is by disallowing access or public discussion of student records unless there is a legitimate educational need. The fewer people who have access, the smaller the chance there is for a slip-up.
Realistic Training
Conducting training sessions for educators, administrators, and students is a must, and these lessons can be made much more consequential by treating them like real test cases. It is important to use resources like a sample or mock data to demonstrate tools to attack and prevent data breaches.
Don’t Stay Logged In
On computers and other various learning platforms, if they are password-protected, every user should be logging or locking out while not directly interfacing. This ensures no one is able to freely access the information they should not be.
Educate
There is no limit to the world of online safety and data privacy. While educators and administrators often receive training before the school year, it is important for schools to ensure they are also teaching students safe practices. In addition, schools should be keeping up to date with any student data privacy acts being passed.
Educate Students on Privacy Issues
When educators understand the student data privacy problem, they can become that much more effective at helping to teach students ways to stay safe. The following tips should be taught to students to help safeguard their privacy. When used in tandem, they can be a powerful shield against potential threats.
- Keep mobile devices and apps up to date
- Do not click on random links or visit unknown websites
- Delete or report suspicious emails to avoid granting account access
- Update and protect all home devices connected to the internet
- Use strong passwords, multi-factor authentication, and confirm privacy settings
- Practice safe use of social media; be careful not to post personal/sensitive information
- Avoid public and/or free Wi-Fi networks to avoid compromising sensitive information
- Do not grant privileges when charging mobile devices in public spaces or charging stations
- Protect home Wi-Fi networks and digital devices by changing the factory password
- Optimize your operating system, browser, and security software by installing recommended updates
Questions for Parents to Ask
Parents and guardians of students should also be aware of the dangers facing school data privacy. All the steps listed above can be important tools for parents as well as students when it comes to protecting privacy, but parents can also make sure these schools are prepared and up to date with their privacy measures.
Informed parents will keep schools and organizations honest, and push them to consider privacy options they may not have before. Here are a number of questions parents and guardians can ask themselves and the schools:
- Does your child's school or district have a website that discusses student privacy and what educational technology tools are used in the classroom?
- What notices or forms did you receive at the beginning of the year?
- Who monitors student data in our school or district?
- What kind of security measures are in place to protect my child's data?
- What kind of training do educators receive about privacy?
- How can I see the data that has been collected about my child?
- How long does the school or district keep data about my child?
- How does the school or district hold outside service providers accountable for maintaining the confidentiality of student data they receive?
- Does the school or district have an evaluation and approval system before teachers adopt new applications or programs that collect personal information from students?
- How is student data used to inform learning?
- How does your child’s school review the products it is using, to ensure it supports and improves learning, and meets legal requirements and school policies?
Keep Student Data Privacy Safe
With so much at stake and so much to learn, schools and universities often turn to outside parties to help them manage their student data privacy. These solutions can help to make things easy and secure.
Prey offers privacy and security for school devices through the use of anti-theft monitoring and a loan managing tool that allows students and staff to take laptops off-site with minimal to no risk. By automating their device security measures, EDU teams can both deter theft and optimize work through security reactions when devices leave Control Zones and by scheduling timed actions such as device locks.
All of this is done with inventory programs that make it easy to visualize where all devices are with classes, tags, and statuses.
Prey adds an extra layer of FERPA compliance with data wipes and retrieval reactions, and through tracking and evidence gathering to boost end-user privacy. Comprehensive student data vulnerabilities require comprehensive solutions, and companies like Prey have made it easier than ever to provide robust student data privacy.
Norman Gutiérrez is our Security Researcher at Prey, one of the leading companies in the security and mobility industry, with more than 8 million users worldwide. In addition to this, Norm is Prey's Content and Communication Specialist, and our Infosec ambassador. Norm has worked for several tech media outlets such as FayerWayer and Publimetro, among others. In his free time, Norman enjoys videogames, cool gadgets, music, and fun board games.