Facebook founder and CEO Mark Zuckerberg’s recent 2-day hearing before congressional committees serves as a reminder to school administrators that students’ privacy also needs assurances of protection. School privacy issues need your attention as data about them, you, me – everyone – is within reach to more people than we may know.
Privacy and security risks take many forms in a school. District-wide data systems; school web pages and social media accounts; teacher class websites – schools are vulnerable to privacy breaches, and some are easier to prevent than others.
School administrators would do well to protect themselves and their students by identifying some of the common soft spots in their defense against privacy and security breaches. The lesson that Zuckerberg, Facebook and other digital platforms, publishers – and schools – should learn from his 10 hours of grilling is that consent and permission should not be overlooked.
Schools: gatekeepers of student information
Schools are caretakers of student information, and that data needs to be protected. Take your student information systems (SIS), for example. Your school or district has access to all kinds of family data including emails, social media contact info, social security numbers, birthdates, phone numbers and more.
The Family Educational Rights and Privacy Act (FERPA), in fact, is one safeguard enacted to protect such information. Under FERPA, schools are allowed to divulge certain basic ‘directory’ information such as contact info, date and place of birth, etc. without a parent’s consent. Schools can share this kind of info with third parties if school administrators deem that it serves an educational purpose.
Schools must, however, give parents and eligible students the chance to “opt out” of this sharing. How you notify your parents is up to you, but many include it as part of the annual enrollment registration process.
Data security and privacy threats
While services such as Clever present perhaps your best safeguard, system-wide breaches in data security nonetheless occur at a pretty alarming rate. Cyber attacks and incidents are tracked, and according to Doug Levin of EdTech Strategies, schools would do well to exercise caution in everything from vendor selection to managing their own Facebook sites.
As Eric Fulkert of Campus Suite points out in his series of articles on data security for schools, The best solution is to prepare before the attack happens. A vigilant and well-prepared IT team in a school district, says Fulkert, can employ DDoS protection tools and protocols that can monitor and protect data systems, including school and district websites, email and social media.
Dian Schaffhauser reports in The Journal that some education researchers are even warning schools to beware of Facebook and other digital marketers that have little oversight or accountability and are using student personal data in what’s deemed a surveillance economy.
Three school privacy musts:
I’ve put together a short list of things you can do right away to get a hedge against school privacy issues:
1. Have clear privacy policies
Make your school’s privacy story perfectly clear. Assure parents of the security of personal student information on everything from FERPA notification and opt-out forms, to photo release to opt-out forms (many districts have an opt-out checkbox during annual enrollment registration). The Saratoga Springs (NY) City School District, for example, does an excellent job of by publishing its Parents’ Bill of Rights for Data Privacy and Security right on its website.
2. Partner with secure vendors
Check with your critical data-sensitive vendors like SIS, LMS and content management systems (CMS), and put their security assurances through their paces. Clever Single Sign-On, for example, takes the software applications a school or district uses and connects them to the school’s SIS, simplifying data access for schools, app developers, students and parents who all benefit from a centralized access to any software associated with the school.
3. Publish student photos with care
Schools are telling their stories more frequently and vividly than ever via their websites and social media, and photographs and videos are a big part of that storytelling. Don’t let a preoccupation with privacy stand in the way of promoting your school effectively in pictures and videos. It can be done safely and legally if you follow some photo consent form basics.
It’s not likely you’ll be knowingly sharing student data to sway presidential elections, but there are marketers and political causes out there who just might pay dearly to use your student data to influence their purchases and beliefs.
Facebook’s data privacy congressional hearing and the recent March for our Lives demonstration serve as prime examples of how access to students’ social media accounts – be it through ‘legitimate’ viral methods or other nefarious ways – can be used to quickly and widely sway opinion and spark action.
Some schools are keeping a close eye on students’ social media accounts, as depicted in this NBC news report on schools social media monitoring, in the name of school safety and bullying prevention. Other schools are implementing common sense, FERPA-compliant social media policies, complete with parent consent opt-out forms to protect student privacy on social media.
While there is evidence to suggest that many young people are indifferent about their own digital privacy, schools must not be so complacent.
Links to use: