Data governance is important in any organization, but organizations that protect the information of minors have a more critical role. Educational institutions have a responsibility to build out effective data governance frameworks, and to report to parents on how student data is being protected and used. Not only is this important for the privacy of the minors in question, but also because identity theft for children is both difficult to spot and difficult to overcome.
A recent survey revealed that 87% of parents feel concern that their child’s electronic education records are at risk. With this perceived risk, many parents are asking school administrators how student data is being collected, stored and used. Julie Smith recently explored the need for greater transparency over student data governance in an article on EdTech. In order to secure student data, and create transparency, Julie lays out several key points, referencing the Data Governance Checklist published by the US Department of Education for more detailed guidance. Key points include:
- Create a written data governance plan at the District level
- Assign appropriate levels of authority and responsibility to ensure data governance
- Make clear what information, if any, will be given to online vendors or others, even if partially scrubbed of identifiable information
- Fully audit current collected data, so know you what data you currently have
- Create a list of the data schools / the district routinely collects and what that data is used for
- Lay out information on how data is protected
- Have a plan to mitigate the risks of intentional and inadvertent data breaches
- Have a plan for monitoring compliance with established policies and procedures
Of course, data governance is not just about social responsibility, but also about complying with federal regulations such as the Family Educational Rights and Privacy Act (FERPA), which protects the privacy of student education records. The data governance plan outlined by the Department of Education is suggestive of the needed for strong policies, procedures and technologies to protect student data, but is vague on specific actions.
The security of data at schools requires a holistic approach integrating both the physical security of devices, used by educators and school personnel as well as students, as well as policies and technologies that support data security. Technologies that can create automatic alerts of suspicious activity, based on security policies such as irregularities to hardware, software or user behaviour, with remote response tools, can help districts prove compliance in an audit situation.
Absolute Data & Device Security (DDS) for Education is a security program that combines our persistent and adaptive endpoint security solution with support from Absolute on how to protect devices, deter thefts and recover devices if they are stolen. Working with Absolute, your school district can demonstrate to parents that you have taken tangible steps to support a safer and more secure school environment.