Data Protection in the Cloud
A study by the Fordham University Law School's Center on Law and Information Policy found deficits in school districts' protection of the privacy of student data. To improve the security and privacy of student data stored in the "cloud" by an outside company, the center recommends:• Districts should incorporate language protecting the privacy of student information in contracts with companies providing cloud-storage services. They should require companies to disclose in the contracts how student data might be sold, transferred, or mined and give districts control over who accesses that information.
• Contracts with cloud-service providers should address the types of security used to protect student data, how districts are to be notified of a security breach, and how a breach will be handled.
• Districts should establish policies and guidelines for the use of cloud services by teachers and other staff members. The guidelines could require districts to vet cloud services proposed for use by teachers, or could bar employees from using cloud services not approved by the district.
• States and larger school districts should create the position of "chief privacy officer" to address privacy issues related to student data and its cloud storage. Smaller districts could consult with state privacy officers for help.
• A national research center and clearinghouse should be established to help schools, districts, states, and cloud-service providers with issues related to the privacy of student data. Such a center would provide model policies or model legislation, guidance, and research.
• Districts should incorporate language protecting the privacy of student information in contracts with companies providing cloud-storage services. They should require companies to disclose in the contracts how student data might be sold, transferred, or mined and give districts control over who accesses that information.
• Contracts with cloud-service providers should address the types of security used to protect student data, how districts are to be notified of a security breach, and how a breach will be handled.
• Districts should establish policies and guidelines for the use of cloud services by teachers and other staff members. The guidelines could require districts to vet cloud services proposed for use by teachers, or could bar employees from using cloud services not approved by the district.
• States and larger school districts should create the position of "chief privacy officer" to address privacy issues related to student data and its cloud storage. Smaller districts could consult with state privacy officers for help.
• A national research center and clearinghouse should be established to help schools, districts, states, and cloud-service providers with issues related to the privacy of student data. Such a center would provide model policies or model legislation, guidance, and research.
No comments:
Post a Comment