10 Steps That Protect the Privacy of Student Data
As the interpretation of privacy laws evolves along with privacy laws themselves and the technology services they seek to govern, the CoSN Protecting Privacy in Connected Learning Toolkit will evolve as well, with information forthcoming on compliance with other federal student privacy protection laws.Beyond Compliance to Aspirational Practice
If mere compliance is insufficient, what should responsible school systems be doing when it comes to privacy? In a new report underwritten by Intel, Bob Moore, director of CoSN’s Privacy Project and founder of RJM Strategies, suggests 10 steps that every school district should take to better ensure the privacy of student data:
1) Designate a privacy official. Decide who in the district is responsible for privacy. A senior administrator should be designated as the person responsible for coordinating efforts to ensure compliance with privacy laws and policies.
2) Seek legal counsel. All schools have access to the services of legal counsel. Regardless of how your school receives those services, make sure your counsel understands the privacy laws and how they are applied to technology services.
3) Know the laws. This is not easy, but it is essential. In addition to the CoSN Toolkit and resources from the U.S. Department of Education, many other organizations have developed or will be developing privacy-related materials. Don’t forget about state laws or proposed state laws.
4) Adopt school community norms and policies. FERPA and COPPA are the bare minimum when it comes to protecting privacy. There must be consensus among your stakeholders regarding collecting, using and sharing student data. Without consensus, it’s impossible to adopt enforceable policies.
5) Implement workable processes. If your school is going to be serious about privacy, there must be processes with checks and balances for accountability. No one wants to create roadblocks to innovation, but ensuring privacy requires proactive planning and disciplined action on the part of school staff. Compliance with privacy laws suggests some specific processes for schools, and they should be reviewed regularly to ensure that they are workable and reflect current interpretations.
6) Leverage procurement. Every school RFP, bid and contract (or service agreement) has standard language dealing with a wide range of legal issues such as indemnity, liability, payment and severability. By adopting standard language related to privacy and security, you will make your task much easier. Many online services are offered via click-wrap agreements that are “take it or leave it.” It may be necessary to ask staff to look for alternative solutions if the privacy provisions do not align with your expectations.
7) Provide training. Unless you train your staff, they will not know what to do or why it is important. Annual privacy training should be required for any school employee who is handling student data, adopting online education apps or procuring and contracting with service providers. Privacy laws represent legal requirements that need to be taken seriously.
8) Inform parents. Parents should be involved in the development of privacy norms and should provide policy input. Just as schools provide significant information about online safety and appropriate use, they should put significant effort into making sure that parents understand the measures that educators are taking to protect student privacy.
9) Make security a priority. The importance of security to ensuring privacy cannot be overstated. Secure the device, the network and the data center. Toughen password policies. Have regular security audits conducted by a third-party expert. Make sure that RFPs, bids and contracts have clear and enforceable security provisions for your online service providers.
10) Review and adjust. Interpretations of privacy laws are changing, and new laws may be added. School policies and practices will need updating and adjustment so that they reflect legal requirements. Processes can become burdensome and when that happens, some people may want to skirt the process. Seek input from those involved to ensure that the processes are not hindering teaching and learning.
Most importantly, get started now before the privacy questions create a firestorm in your community. Be a privacy leader.
Read more at http://thejournal.com/Articles/2014/07/23/10-Steps-That-Protect-the-Privacy-of-Student-Data.aspx?Page=2#SxJG9w8eD3Y3fp3m.99
No comments:
Post a Comment