Student Data Security is in the News
Recently, the Buffalo, New York school district was hit with a cyberattack. They were forced to close schools for the day, but the ramifications of the attack are much more serious. And, Buffalo is only the latest in a string of incidents impacting schools across the nation and around the globe.
The Threat to Schools Is Growing
Just last December, the Cybersecurity and Infrastructure Security Agency (CISA) warned against a heightened risk of attacks against K-12 schools. More than half of all attacks against government entities have been against schools, CISA reported. Several districts across the country have been hit, from Maryland to Nevada.
There are three federal acts with which schools must comply:
- Family Educational Rights and Privacy Act (FERPA)
- Protection of Pupil Rights Amendment (PPRA)
- Children’s Online Privacy Protection Act (COPPA)
Each of these legislations addresses ways in which student data must be protected and how schools must inform parents of their privacy rights. In addition, there are several local and state laws that also protect student data privacy. Many of these laws do not fully protect students.
Data Privacy Laws Are Outdated
Most data privacy laws are outdated and do not take into account the shift many districts have had to make to online learning. But even the most strenuous data privacy law on the books – FERPA – is not always being adhered to. FERPA allows students and parents to deny schools the ability to publicly disclose directory information, which can include everything from birthdate to height and weight to a photo of the student. According to the World Privacy Forum, more than 60% of the schools surveyed don’t have a FERPA opt-out form online and only a little more than half of schools posted an annual FERPA notice online.
Managing Student Data Must Be a Priority
Regardless of compliance, schools should be handling student data with care. Even without the pandemic in full swing, it’s likely that online learning will continue to ameliorate education. But, every app or EdTech solution that the school ads to their curriculum requires information about the student. Most schools use, on average, 20-25 different solutions from 20-25 different vendors. Each vendor requires access to specific information about the student. Sometimes it is just roster data, sometimes it’s even more. Managing multiple EdTech solutions can be costly and time-consuming, but more than that, it puts the school and the student’s data at risk.
Schools Need GG4L’s School Passport to Manage Access to Student Data
The digital transformation is going to continue even as students return full-time to the classroom. Schools must be transparent with families about their rights, but they also must ensure that parents and students know that their data is safe. To do that, schools must make sure that student data is handled cautiously when shared with EdTech vendors, that the vendors they use are vetted and treat student data carefully and have policies in place that prevent educators from going rogue and using apps or sharing student data without going through a centralized solution.
School Passport is the first of its kind school-centric trusted digital engagement hub that empowers schools to centrally:
- Govern the exchange of student, staff, and parent PII data with SaaS vendors.
- Approve and publish apps to a district or school branded on-demand AppStore.
- Delegate to school staff and teachers the ability to activate apps within their managed groups on-demand.
The School Passport 2.0 API enables ubiquitous access to all apps from within any LMS, SIS, or any pre-existing enterprise portal, while leveraging GG4L ID as anonymized, secure and federated access credentials for all end-users. These features of School Passport are free to any school. Learn more.