In the past few years, we have seen the explosion of “big data,” “data analytics,” “data aggregation,” “predictive modeling,” and “data breaches.”
None of these terms existed when I graduated from law school. We have seen companies implement amazing technology that has the ability to follow our every step for fitness, locate us through location based servicesw, aggregate everything we buy and use our credit cards, and even know where we buy our gas for our car. Let alone follow us with our EZ-Pass.
Adults have the ability to make (hopefully) educated decisions on who they allow access to their information. But kids don’t have the luxury of making those decisions for themselves, and their information has been digital for a longer period of time, and has been and will be aggregated, used and sold for a much longer period of time into the future than any other generation.
Many people have commented to me that they are concerned about their child’s privacy in reference to the child’s school. Not only are they concerned about a data breach, but they are particularly concerned because many schools require students to access an online portal, which may not be secure, or download information onto a USB drive (and you know what I think of USB drives and in particular, unfamiliar USB drives which can be infected with malware and ransomware). Often parents and students don’t have the ability to push back against school policies that may be putting students’ data at risk.
Although 34 states have enacted legislation designed to protect students’ privacy, the risks are growing, and the data is getting bigger, and now the next generation’s data is online more and longer than ever before.
I was pleased when the Southern Regional Education Board issued a report entitled “Data Privacy and Security”which addresses a number of concerns relating to student data and makes recommendations to states and education agencies to safely collect, govern and share student data.
Recommendations in the report include evaluating data governance, being transparent about how data is collected, used and disclosed, and safeguards to guard against a data breach. The recommendations include transparency of their data governance policies, monitoring data security programs and implementing policies for alerting the public when data breaches occur, training employees on state laws and FERPA, and having a strong information technology department in place to protect the data.
These are pretty standard recommendations, but ones that public and private schools don’t often follow. Educators and administrators would do well to read the recommendations and implement them, and parents might wish to provide a copy of the recommendations to their child’s school, and start a dialogue on how the school is focused on protecting student data.