Education Framework Blog

Focused on the Future of Education in America

EdPrivacy by Education Framework Named Winner of The Edtech Awards Cool Tool for Best Security/Privacy Solution

 

We are thrilled to announce that EdPrivacy by Education Framework has been named winner of the 2018 Edtech Awards Cool Tool for Best Security/Privacy Solution. 


The EdTech Awards 2018 were announced to a global online audience of millions of educators, technologists, students, parents, and policymakers interested in creating a better future for education.


Established to recognize, acknowledge, and celebrate the most exceptional innovators, leaders, and trendsetters in education technology, The EdTech Awards are the largest and most competitive recognition program in all of education technology, recognizing the biggest names in edtech – and those who soon will be.


“We celebrate who’s who and what’s next in edtech,” said Victor Rivero, who as Editor-in-Chief of EdTech Digest, oversees the awards program.


The EdTech Awards recognizes people in and around education for outstanding contributions in transforming education through technology to enrich the lives of learners everywhere.


"This award means the world to our team. We have worked very hard to create a solution to a problem that continues to plague administrators across the nation. Winning the Cool Tool Award for Security/Privacy confirms that we are not only on the right track, but we are doing the right things, for the right people, for the right reasons. I'd like to express our most sincere gratitude to EdTech Digest for the recognition and give a big shout out to all the educators that have supported us along the way and helped shape this service into the resourceful tool that it has become." - Jim Onstad, President & Co-Founder / Education Framework Inc.



FINALIST / WINNER LIST – https://edtechdigest.com/2018-finalists-winners/


EdPrivacy by Education Framework - Best Security / Privacy Solution




Full press release posted below...


https://i0.wp.com/edtechdigest.com/wp-content/uploads/2018/02/ED-TECH-Awards-Horizontal-RGB.png?resize=375%2C212&ssl=1



FOR IMMEDIATE RELEASE



FINALISTS REVEALED FOR THE EDTECH AWARDS 2018


Top leaders, innovators, and trendsetters announced to millions interested in creating a better future for learning with the help of technology.


The finalists for The EdTech Awards 2018 have been announced to a global online audience of millions of educators, technologists, students, parents, and policymakers interested in creating a better future for education.


Now in its 8th year, the US-based program is the largest and most competitive recognition program in all of education technology, recognizing the biggest names in edtech – and those who soon will be.



“We celebrate who’s who and what’s next in edtech,” said Victor Rivero, who as Editor-in-Chief of EdTech Digest, oversees the awards program.


The EdTech Awards recognizes people in and around education for outstanding contributions in transforming education through technology to enrich the lives of learners everywhere.


Featuring edtech’s best and brightest, the annual program shines a spotlight on cool tools, inspiring leaders and innovative trendsetters across the K-12, Higher Education, and Skills and Workforce sectors.


The EdTech Awards recognize people—and the products they produce and lives they shape— with three main honors:


  • The EdTech Cool Tool Awards

  • The EdTech Leadership Awards, and

  • The EdTech Trendsetter Awards.


This year’s finalists include:


FINALIST LIST – https://edtechdigest.com/2018-finalists-winners/



Finalists have been selected from thousands of entries.


The edtech ecosystem is now more than 15,000 companies strong, with hundreds of thousands of educators using technology to enhance, improve, and transform their everyday work.


The EdTech Awards were established in 2010 to recognize, acknowledge, and celebrate the most exceptional innovators, leaders, and trendsetters in education technology.


More than US$50 Billion has been invested worldwide across the global edtech landscape in just the last several years.


Past winners include Blackboard, ClassLink, Coursera, Discovery Education, DreamBox Learning, Edmodo, Edthena, Flipgrid, Freshgrade, Promethean, Scholastic, Schoology, SMART Technologies, Smithsonian Learning Lab, and zSpace, among others.


This year’s finalists and winners were narrowed from the larger field and judged based on various criteria, including: pedagogical workability, efficacy and results, support, clarity, value and potential.  


Victor Rivero, who as Editor-in-Chief of EdTech Digest, oversees The EdTech Awards, said:


“Congratulations to the finalists and winners of The EdTech Awards 2018 and may their resolve inspire others. The innovators, leaders, and trendsetters represented here are dauntless, dedicated, and determined in their work. In this age of rapidly accelerating technological growth, it might be easy to lose sight of what moves everything forward: the indomitable power of the human spirit. But in no other field is the human spirit more alive than education, where educators and supporting technologists are literally shaping our future. The work of the educator is often undervalued and overlooked, but educators and technologists supporting them play a leading role in our world. Thus, we very proudly recognize, acknowledge, honor, and celebrate the biggest names in edtech – and newer talents shaping the future of edtech.”


Further information about The EdTech Awards is available here:

https://edtechdigest.com/


For more, see #EdTechAwards and follow @edtechdigest here: https://twitter.com/edtechdigest


EdPrivacy by Education Framework selected as an Edtech Awards Cool Tool Finalist in Security/Privacy

We are proud to announce that EdPrivacy by Education Framework has been selected as a 2018 Edtech Awards Cool Tool Finalist in Security/Privacy.


The EdTech Awards recognizes people in and around education for outstanding contributions in transforming education through technology to enrich the lives of learners everywhere.


“We celebrate who’s who and what’s next in edtech,” said Victor Rivero, who as Editor-in-Chief of EdTech Digest, oversees the awards program.


Full press release posted below...




https://i0.wp.com/edtechdigest.com/wp-content/uploads/2018/02/ED-TECH-Awards-Horizontal-RGB.png?resize=375%2C212&ssl=1



FOR IMMEDIATE RELEASE



FINALISTS REVEALED FOR THE EDTECH AWARDS 2018


Top leaders, innovators, and trendsetters announced to millions interested in creating a better future for learning with the help of technology.


The finalists for The EdTech Awards 2018 have been announced today to a global online audience of millions of educators, technologists, students, parents, and policymakers interested in creating a better future for education.


Now in its 8th year, the US-based program is the largest and most competitive recognition program in all of education technology, recognizing the biggest names in edtech – and those who soon will be.


“We celebrate who’s who and what’s next in edtech,” said Victor Rivero, who as Editor-in-Chief of EdTech Digest, oversees the awards program.


The EdTech Awards recognizes people in and around education for outstanding contributions in transforming education through technology to enrich the lives of learners everywhere.


Featuring edtech’s best and brightest, the annual program shines a spotlight on cool tools, inspiring leaders and innovative trendsetters across the K-12, Higher Education, and Skills and Workforce sectors.


The EdTech Awards recognize people—and the products they produce and lives they shape— with three main honors:


  • The EdTech Cool Tool Awards

  • The EdTech Leadership Awards, and

  • The EdTech Trendsetter Awards.


This year’s finalists include:


FINALIST LIST – https://edtechdigest.com/2018-finalists-winners/



Finalists have been selected from thousands of entries.


The edtech ecosystem is now more than 15,000 companies strong, with hundreds of thousands of educators using technology to enhance, improve, and transform their everyday work.


The EdTech Awards were established in 2010 to recognize, acknowledge, and celebrate the most exceptional innovators, leaders, and trendsetters in education technology.


More than US$50 Billion has been invested worldwide across the global edtech landscape in just the last several years.


Past winners include Blackboard, ClassLink, Coursera, Discovery Education, DreamBox Learning, Edmodo, Edthena, Flipgrid, Freshgrade, Promethean, Scholastic, Schoology, SMART Technologies, Smithsonian Learning Lab, and zSpace, among others.


This year’s finalists and winners were narrowed from the larger field and judged based on various criteria, including: pedagogical workability, efficacy and results, support, clarity, value and potential.  


Victor Rivero, who as Editor-in-Chief of EdTech Digest, oversees The EdTech Awards, said:


“Congratulations to the finalists and winners of The EdTech Awards 2018 and may their resolve inspire others.


“The innovators, leaders, and trendsetters represented here are dauntless, dedicated, and determined in their work.


“In this age of rapidly accelerating technological growth, it might be easy to lose sight of what moves everything forward: the indomitable power of the human spirit.


“But in no other field is the human spirit more alive than education, where educators and supporting technologists are literally shaping our future.


“The work of the educator is often undervalued and overlooked, but educators and technologists supporting them play a leading role in our world.


“Thus, we very proudly recognize, acknowledge, honor, and celebrate the biggest names in edtech – and newer talents shaping the future of edtech.”



Further information about The EdTech Awards is available here:

https://edtechdigest.com/


For more, see #EdTechAwards and follow @edtechdigest here: https://twitter.com/edtechdigest


What Is Student Data Privacy?


School and district leaders know they need to protect student data, but effectively adopting and implementing a student privacy plan that includes parent, educator, administrator and policymaker input and approval, is a lot easier said than done. Efforts like this require dedicated time, commitment, clearly defined roles, a concrete understanding of what student data privacy actually is, and if you're lucky, tools to help you get the job done right.


While there are a myriad of checklists, to-dos and best practice recommendations available to help educators and administrators up their game, there is still much uncertainty surrounding this issue. But it's no surprise considering that there is, ironically, no set definition for student data privacy. And despite it being a relatively self-explanatory term, it is still complex and more-often-than-not, fraught with confusion. 


To put it simply, student data privacy is the idea of safely, securely and privately introducing online technologies into the classroom - in the form of apps, websites, surveys, assessments, etc. - without risk of compromising personally identifiable student information (PII). But it also so much more than that. 


Student data is protected under federal law (COPPA, FERPA, PPRA) and requires thorough knowledge and understanding of data collection, data use, data retention, data deletion and data integrity for all online technologies used in a school or district. It means reading endless privacy policies to know precisely who has access to student data, for what purposes and for how long. And it demands ongoing maintenance and monitoring to ensure there haven’t been any changes to the privacy policies that could compromise PII.   

Knowledge is Power

Protecting student data privacy starts with knowing precisely what technologies are being used in the classroom. Conducting a comprehensive audit of the technologies currently in use is a necessary first step towards establishing a baseline understanding and gaining a big picture view of the technology usage in a school or district.

Once there is an understanding of what technology is being used in the classroom, the next step is to conduct a thorough privacy assessment for each and every online technology to ensure student data privacy is indeed private and protected. 

For many, this step can be quite daunting, especially when considering the sheer volume of online technologies available to schools today. But with the right tools, this process can be relatively straight-forward, simple and streamlined.

Education Framework Inc. tackles student data privacy with the goal of protecting student PII while providing a great resource for industry leaders to connect with parents and their communities.

The Rise of Student Data Privacy 

Student data privacy has been a rapidly growing administrative pain point over the past few years. The massive push for 1:1 and other digital learning initiatives are major factors in this, but the equally explosive growth of new learning technologies created by third party vendors has changed the way we view student privacy. No longer can we assume that student privacy is safe, secure and protected, especially when it can be accessed by so many different entities, at different capacities, for different periods of time. Because of this, it is imperative that education leaders establish user controls that determine precisely who has access to what student data, for what purposes and for how long.


Besides the exponential growth of technology in schools, it's worth noting that there are a few contributing factors that have led to the rise of student data privacy as an immediate and necessary need, all of which are tied to the increased usage of digital media and online technologies:


1. Parents are technologically savvy. Parents are technology users themselves, so naturally they’re becoming better acquainted with security and privacy issues, especially when it comes to online technologies and services they use every day.

Many parents, especially those that are actively involved in their child’s online usage at home, want to know precisely what technologies they are using in school. More importantly, they need reassurance that they’re child’s privacy is being considered and respected.

Parents want a window into their child’s technology usage in school. Providing a way to communicate this information in a clear and concise manner helps connect the dots and bring parents into the loop, engaging them in the privacy conversation. This approach goes a long way towards building trust, as it conveys that their point-of-view is valued.

2. Technology forces transparency. One of the most unique ways the Internet has affected our society is the quick transmission of information. Education leaders have never been more powerful or in a better position to make informed decisions than they are today. 

With the right tools and approach, educators and administrators can discover safe learning technologies for students, measure growth, use actionable data to make classroom, school or district-wide improvements, and communicate with parents and communities in a way for all to understand. 

Student data privacy is about accurately and authentically conveying what technologies are being used so that stakeholders, community leaders, and parents can easily understand the health, safety and vitality of a school or districts' student privacy efforts. It is also about providing reassurance that students, schools and districts are safe from risk.

Transparency engages all interested parties and allows everyone to work together towards a greater good. Automated student privacy protection is one way for school and district leaders to adopt transparency measures and gain greater control of student privacy efforts, without heavily increasing the administrative workload. Utilizing tools that do much of the work for you - in an open and transparent way - are helpful in saving time and ensuring student privacy is, in fact, protected.

3. The right tools make things a whole lot easier. Knowledge is one of the most powerful benefits of the Internet age. Twenty-five years ago, when there was no Internet, student privacy was hardly a consideration. When technology usage started to go mainstream, particularly in schools across the country and around the globe, we simply couldn’t fathom where we’d be today. But with all this technological growth and opportunity has come an overwhelming need to increase privacy protections.

Educational development is no longer only about exploring and discovering the best learning solutions for students, but it’s also about finding technologies that are safe for use in the classroom. 

Automated solutions are the best way to capitalize on this theory, which is why Education Framework Inc. exists. We help position school and district leaders as experts in managing student data privacy by providing services that produce information at the ready. With over 1100 (and counting) online technologies assessed to date, we’re able to help educators, administrators and IT leaders make quick, yet safe and informed technology decisions for the classroom. All while minimizing the risk of exposing student information.

Food for Thought 

While there are plenty of factors that have led to student privacy’s rising value, these macro elements are the key reasons why protecting student data privacy is more relevant and important than ever before. 

Educators, administrators and IT leaders who establish themselves as pioneers in this space are positioning themselves to be helpful resources for their communities and models for other education leaders to follow. More importantly, those that take the necessary steps to ensure privacy is protected will be education leaders that parents will appreciate and trust.

Transparency and the Art of Protecting Student Privacy | SEEN Magazine

I have written a thought leadership piece for SEEN Magazine that discusses the importance of transparency in protecting student privacy. For sake of brevity, I have posted an edited version below that hits on the finer points.


School improvement efforts have driven data collection to new and alarming heights in recent years. Many argue that data is essential for improving students’ achievement in schools and preparing them for success in life, while others feel this holds true only if privacy, safety and security considerations are integrated from the start and implemented throughout.

Data, when collected and used correctly, brings value to schools and students; when amassed in a cloak of secrecy, without clear and discernible goals, screams trouble. Transparency plays an important role in protecting student privacy. For schools, focusing on areas of safety, security and trust are key to implementing effective student privacy initiatives.

Data Collection And Privacy

Schools today collect and use student data for various purposes. The general understanding is that data helps teachers and administrators make informed decisions based on empirical evidence. In a nutshell, data helps educators determine what is working and what is not.

Safeguarding student information starts with establishing clear lines of communication and employing transparency measures from the get-go. In order to eliminate confusion and foster greater support for the overall effort, it is vital that school and district leaders share what they are doing in a way that’s upfront, open and honest. Additionally, providing the proper services, support and training gives students, parents, and educators the tools, knowledge and skills they need to confidently handle this new responsibility.

Transparency And Accountability

Parental backlash is a real and pressing issue that educators are grappling with these days. Widespread concerns over the extensive amounts of data being collected in schools by private and public agencies have prompted many parents to speak out in opposition. While some are demanding to know what information is being collected from students, others are seeking a clearer understanding of the intent, its safety, and its security.

As parents press for greater transparency, and lawmakers push for greater accountability, school and district administrators, IT directors and school board members are finding themselves uncomfortably caught in the crosshairs. This is forcing education leaders across the nation to quickly and seriously reconsider their current approach to managing student privacy.

Safety and security

The conversation surrounding student privacy often comes down to safety. Parents need assurance that their children are safe while at school, both physically and virtually. They want a greater understanding of what is going on in the classroom, what digital tools are being used, what information is being collected from them, for what purposes and for how long.

Schools are no exception. Focus on physical protection of students has come to include digital security protection against cyber threats and intrusions. In response, schools and districts are reallocating resources to ensure adequate safety and security systems are in place.

Trust And Understanding

Trust plays a key role in managing student privacy because it is the proverbial glue that binds everyone and everything together. When supported by trust, successful privacy initiatives are engaging, empowering and effective.

Building trust starts with providing clearly defined goals and objectives that serve as a guide to understanding. In order to believe in the vision, participants need a comprehensive understanding of the big picture. Providing this offers a sense of ownership and some semblance of control.

Takeaways

Protecting student data is an ongoing and continual effort that demands attention, communication, collaboration, cooperation and understanding on broad and comprehensive levels. Taking precautionary steps in advance, openly communicating privacy plans and employing transparency and accountability measures from the start will help ensure privacy is protected and students are safe.



Is Your School or District Really Protecting Student Data Privacy? Here’s How to Tell.


For all the talk about student privacy – what it is, how to protect it, why it matters – there’s one question that receives precious little attention: How do you quantify student privacy? How do you measure it? How do you know that you’re actually protecting student data, and you’re doing it “right”?

 

There are various answers to that question, some obviously more quantitative than others. But what it comes down to is being knowledgeable about the online technologies your students are using in the classroom, understanding how third party vendors are utilizing the data they have access to, and having the ability to communicate this information in a clear and concise manner - to parents, teachers, administrators, board members and policy makers, alike.

 

This process starts with understanding what online technologies your students are using and whether or not they are safely protecting student data privacy.

 

Keep Tabs on Technology Usage in Schools

 

Today’s students use hundreds of different apps, websites and programs in school, and while the potential for growth and development is tremendous, keeping track of all this information can be a mountainous load of work.

 

Understanding whether an app or website is safe for students first involves knowing what the third party vendor does with the data they collect, how they store it, whether or not they share it, and ultimately how they plan to dispose of it.

 

This type of review needs to happen for each and every online technology (app, website, program…) suggested for use in the classroom before it is ever approved for use by students. And once it has been determined that it is safe for use in the classroom, continual monitoring is necessary so you know if and when privacy policies change - which they can, and often do.

 

Yet despite this being the cornerstone to protecting student privacy, it’s often viewed as a burdensome task that nobody wants to do. But the fact remains that in order to properly protect student data, somebody has to commit to proactively protecting it, in an ongoing, full-time, administrative capacity.  

 

Understanding that and focusing on a few key factors can help any school or district get ahead.

 

Know Where You Stand

 

Properly assessing online technologies, continuously vetting third party vendors, and giving educators the tools they need to make informed technology decisions are all efforts that minimize the risk of inadvertently exposing student data to misuse or abuse.

 

And while conducting a comprehensive audit of technology usage is a solid first step towards understanding the health and vitality of your privacy initiatives, creating an ongoing list of the apps and websites used in the classroom, keeping track of the online technologies used by students, and regularly monitoring them for changes are all proactive efforts to will help to better protect student data privacy.

 

The next step is to conduct a thorough privacy assessment for each online learning technology to establish a general understanding of the individual safety, security and privacy of the apps and websites currently in use. Those apps and websites that meet the necessary requirements can be approved for usage in the classroom, while those that fail to meet state, federal or district privacy requirements should either be removed or further assessed before they are allowed to be used by students. But it's worth noting that in certain instances, technologies that fall short of certain mandates may still be used in the classroom, they just need to have signed parental consent in order to do so legally. 


Considering the importance of parental approval, it’s wise for schools and districts to have defined method in place to distribute, collect, store and retrieve information in an orderly and timely manner. Knowing precisely what data is being used, by whom and for what purpose enables you see the big picture, to take charge of your privacy initiatives, and to establish control when and where it is most needed.

 

Regularly Monitor Online Technology Usage

 

Keeping up with the demands of student privacy can be a lot for schools to take on. Understanding the safety and privacy of online technologies is often a full-time job, in and of itself. So it’s important to remember that protecting student data privacy is an ongoing effort that requires regular checks and balances. Because companies often alter their contracts after the fact - leaving student data exposed for misuse or abuse - remembering to regularly monitor policies for changes is an important part of properly protecting student data.

 

One option is to implement solutions that utilize automation to do much of the work for you. By automating the privacy process, schools and districts can observe, monitor and adjust accordingly, making improvements based on real-time actionable data. Through the use of student privacy analytic tools, educators are better positioned to understand the safety and security of their student privacy efforts and can quickly and easily plan for change based on the information available.


A bit less formally, but no less importantly, there are some key qualities that define a truly proactive student privacy initiative —and if you want to know what kind of progress you’re making when it comes to protecting student privacy, looking for these qualities can be a good beginning.


Here are some ways you can tell that your organization has achieved a healthy measure of privacy protection:


1. You have a clearly defined, year-round strategy in place. 


Start by asking yourself this question: Is student privacy something you push hard for a week or two a year, but keep on the back burner for the rest of the time? Or do you have a full-time privacy plan in place that helps direct your privacy initiatives and drive successful outcomes?


How regularly do you review third party vendor contracts to ensure they haven’t changed their terms of service agreements? Is it something you address every so often, once or twice a year, or possibly not at all? Or do you have a system in place that monitors third party vendor contracts for changes on a regular on-going basis, enabling you to know immediately if and when a change occurs?


Answering questions like these, establishing plans and procedures, and communicating what is going to parents reveals much about a school or districts’ intentions, priorities, and potential protection level.


2. You engage parents in the privacy conversation.


Is parental engagement part of your plan? Do you have a way to communicate what apps and websites are being used by their children in the classroom? Do you have a way to obtain parental consent, particularly for those schools and districts with students 13 and under? And do you have a method in place to quickly and easily retrieve information at a moment’s notice when requested by a parent?


Providing a method to engage parents in the privacy conversation helps keep them current with what is happening in the classroom and informed about their child’s technology usage while at school.


Transparency and accountability measures, such as these, go a long way towards eliminating unnecessary worries and building trust with parents and schools.


3. You have formal structures in place to check for privacy. 


Remember the student privacy analytic tools I mentioned above? Well, having a program in place that keeps track of all the apps and websites used by students is a sound way to better understand the technology usage in the classroom.


Knowing the privacy of online learning technologies used by students in schools offers an added level of safety and security, and provides an extraordinary level of insight into the effectiveness of your technology initiatives.  


4. You have a formal method to obtain parental consent. 


In addition to having access to a library of apps and websites safe for use, educators often need a way to obtain parental consent when using certain technologies in the classroom. Of course this, along with all the other items listed above can be done manually, but for those education leaders that really want to get ahead, deploying a paperless, digital solution is really the most efficient and effective way to go.


By eliminating the paper pushing processes of the past, schools and districts now have a safe and sustainable method to obtain, store and retrieve parental consent with the click of a button. While utilizing paper forms is an acceptable method, online, paperless options are far less wasteful and easier keep track of. 


5. You know why student privacy matters. 


A final consideration: Do you know why protecting student privacy is so important? Do you have a clearly defined plan in place to protect your students and your school that breaks down exactly what you’re trying to achieve?


Having a clear sense of goals and expectations is critical to achieving successful privacy outcomes. Understanding what you want to do, how you plan to do it, and who is going to help you along the way are all hallmarks of a solid student privacy plan.


Bottom Line


Whether you working towards improving your current system, or are just looking for ways to affect change, start by answering these kinds of questions to ensure you are on the right track.


Establish a plan, be knowledgeable about the online technologies your students are using in the classroom, understand how third party vendors are utilizing the data they have access to, and have a way to quickly and easily communicate this information to parents in a clear and concise manner. Following these steps will help your school or district get ahead when it comes to protecting student privacy.


Does your student privacy initiative have the hallmarks of success? As a student data privacy advocate, I know that this is a topic many education leaders are wrestling with. I hope you find this quick checklist to be helpful!


Do You Think Student Data is Protected? Think Again!

As student data privacy continues its moment in the spotlight, a darker reality often exists behind the scenes: one where school districts treat information security, privacy and compliance as a reactionary afterthought; where data governance programs are not properly established or implemented; where security controls are lacking; and where third party vendors are not appropriately vetted for privacy assurances.

Despite this sounding like the making of a bad after school special, this is happening in schools and districts all across the nation. Too little is being done to protect student information, exposing our students and schools to unnecessary risk.

Case in point…

The Missouri State Auditor recently conducted a comprehensive analysis of a local school district to better understand their position when it comes to protecting student information. What they discovered was failure across the board.  

The Boonville R-1 School District Student Data Governance Audit was completed as part of the Cyber Aware School Audits Initiative and designed to assess the effectiveness of privacy and security controls, with a focus on identifying practices that improve the security of information school districts have on students and their families.  

The thorough audit was conducted in response to increasing concern for protecting the security and privacy of information schools maintain on students, coupled with the continued emergence of cyber threats.

Based on six core criteria, the audit was intended to evaluate 1.) The effectiveness of privacy plans and controls for safeguarding personally identifiable information (PII); 2.) The effectiveness of information security controls for protecting the confidentiality, integrity, and availability of systems; and 3.) The effectiveness of compliance.

Listed below are the findings from the audit, the associated risk for non-compliance, and recommendations for improvement provided by the Missouri State Auditor’s office:  


1.  DATA GOVERNANCE

 

ASSESSMENT: The district has not established a comprehensive data governance program, therefore being unable to ensure PII is adequately protected and safe from unauthorized access, misuse, or inadvertent disclosure.

 

RISK: Without a formal program, the district cannot ensure that PII is adequately protected and safe from unauthorized access, misuse, or inadvertent disclosure.

 

RECOMMENDATION: The district should establish and implement a formal data governance program encompassing the full life cycle of data, from acquisition to use to disposal.

 

2.  SECURITY CONTROLS

 

ASSESSMENT: The district has not implemented necessary security controls, leaving technology assets, including PII at risk of inappropriate access, use and disclosure.

 

RISK: Without documented and approved policies and procedures, management lacks assurance that security controls are appropriate and properly applied.

 

RECOMMENDATION: The district should formally appoint a security administrator, ensure passwords are periodically changed, establish access control policies and procedures, formally document responsibility for physical protection of technology resources, and fully document and periodically review security policies and procedures.

 

3.  USER ACCOUNTS

 

ASSESSMENT: The district has not fully established controls for creating and maintaining user accounts for accessing system resources.

 

RISK: Without appropriate account access policies and procedures, users may be granted inappropriate or unauthorized access, which can provide opportunities for misuse or inappropriate disclosure of sensitive data.

 

RECOMMENDATION: The district should establish and document formal policies and procedures, periodically monitor user accounts and user access to data to ensure rights remain appropriate.

 

4.  INCIDENT RESPONSE & CONTINUITY PLANNING

 

ASSESSMENT: The district has not taken all the necessary measures to protect data in the event of a breach or other disruptive incident. It does not have a complete incident response plan, has not adopted a formal data breach response policy, and has not fully documented and tested a continuity plan.

 

RISK: Without comprehensive incident response and breach-related policies, management may not be able to respond quickly and effectively. And without a tested and functional continuity plan, management has limited assurance the organization’s business functions and computer processing can be sustained.

 

RECOMMENDATION: The district should establish and document an incident response plan, formally document and adopt a comprehensive data breach response policy, to promote an appropriate response in the event of a breach, develop a continuity plan, formally assign responsibilities, and run periodically tests of the plan.

 

5.  SECURITY AWARENESS PROGRAM

 

ASSESSMENT: The district has not established a formal security and privacy awareness training program.

 

RISK: Without adequate training, users may not understand system security risks and their role in implementing related policies and controls to mitigate those risks.

 

RECOMMENDATION: The district should establish a formal security and privacy awareness training program, because those with proper security and privacy awareness training and clear communication of data and device use policies, can become the first line of defense against cybersecurity incidents.

 

6.   VENDOR MONITORING

 

ASSESSMENT: The district has not established a process for ensuring software acquired or outsourced from information technology vendors complies with data security principles. Additionally, the district is unable to locate a written contract with the vendor of one of its key systems.

 

RISK: Without an effective process for monitoring and managing risk and software acquisition or outsourcing, the district has less assurance in a vendor’s ability to deliver services effectively, securely and reliably, and to ensure that services meet current and future data privacy and security needs.

 

RECOMMENDATION: The district should develop procedures to formally monitor information technology vendors have access to, to ensure the district’s data is properly protected and the vendor acts in accordance with contract terms and conditions.


CONCLUSION 

While this audit casts a negative light on a single district, it illuminates the reality of what is really going on in schools and districts across the nation, and it shows the unfortunate truth of how student information is regularly exposed.

By establishing and implementing the proper plans and procedures, schools and districts that proactively protect student privacy are better poised for success. In contrast, assuming it will take care of itself is a recipe for disaster.

As technology usage advances in schools, increased risk of PII being compromised and exposed is a real and ever-present danger. The need to protect information against cyber threats and misuse is increasingly important, and school districts need to do more to ensure student information is safe, private, secure and protected.

Note: After failing on all six counts, the Boonville R-1 School District has addressed their areas of weakness and have issued an action response to remedy their shortcomings. Read the full audit here >>  

Privacy & Security of Student Data: An Increasing Concern for IT Leaders

A recent article by eSchool News highlights latest COSN survey, stating: 

IT leaders list student data privacy as one of their primary concerns.


According the the fourth annual K-12 IT Leadership Survey Reportbroadband and network capacity top the list of priorities for school technology leaders. But the survey also indicated that they're spending more time and devoting more resources to student data privacy and security than in previous years. 

Major IT findings emerged from the survey and are outlined in the report:

1. Broadband and network capacity is the top priority for IT leaders
2. Privacy and security of student data is an increasing concern for IT leaders
3. Districts are turning to digital learning materials.
4. Ninety-nine percent expect to incorporate digital Open Educational Resources .
5. Nearly 80 percent of IT leaders use online productivity tools 
6. District bans on student devices are shrinking. 
7. The path to IT leadership differs for women and men
8. Racial diversity in IT leadership is lacking
9. IT leaders have advanced education.
10. Demographics are changing

The article indicates that respondents major challenges include budget constraints and lack of resources; the existence of silos that hamper collaboration; and lack of vision and support from senior district leadership.