by Annalisa Keuler
(crossposted from chooseprivacyweek.org)
Our job as educators is to facilitate student learning, and each year more of this learning is happening in an online environment. We ask students to log in to websites, download apps, and research online. These apps and websites may be used with the best of intentions, but many of them that require students to log in employ an information acquisition technique known as “data mining” and will sell this information to a third party. We must ask ourselves if we are doing everything in our power to secure the information that is transmitted and received. How do we protect students’ data and make sure that this data is confidential and secure?
As a part of data governance policy, we are required to participate in yearly training for data privacy. In this training our district technology director, Donna Williamson, shared with us the strategies that have been implemented or are in progress regarding data privacy and data security. For data privacy, these include: providing a website with data policies, providing guidelines for all contracts and Memorandums of Agreement that involve data, getting to know the laws, listing reviewed educational apps, and incorporating a secure means for accessing, sharing and storing data. For data security, strategies our school district has implemented include: enforcing mandatory password changes, updating and monitoring a firewall, maintaining virus protection and Internet filtering, backing up key data, securing the wiring closet, and updating and maintaining a disaster recovery plan. A very important part of this plan includes communication with students and parents. It is imperative that parents and students know how their information is used and when the policy changes.
As a librarian, my role in this process is to keep student library records and other student information I have access to private and secure. I am also a facilitator for our online learning platform so access to student records and other confidential information must be kept secure. When we spend much of our day online and logged in to a school network, it is important to do the following: keep all login information and access to data private and protected, do not share devices when email is turned on, never take student personally identifiable information off campus or discuss in a public place, use school website to deliver information and require a login if personally identifiable information is used, use school supported sites that require a secure password whenever possible, and never discuss students on social media. It is also important to educate students whenever possible to secure their information by teaching them to log out of public use computers and to never share passwords. Students must also know about and understand the data governance policy. Remember, communication is key.