Laurel Chiesa, the Director of Instructional Technology at New York’s Fayetteville-Manlius School District, outlines three ways school districts can more effectively safeguard their students’ data.
Cyberattacks and data breaches are infiltrating K-12 communities. To proactively thwart these attempts to steal student data, states such as New York are passing legislation that requires school districts to adhere to stipulated student data privacy compliance regulations.
With so much on their plates already, creating, implementing, and monitoring an effective data privacy compliance strategy is a time-consuming and stress-filled task for most school district leaders. As the Director of Instructional Technology at a New York school district, Laurel Chiesa has been leading her district’s data compliance efforts and understands the significant challenges schools face. To help other districts navigate this unpredictable landscape, she has shared the following three recommendations:
1) Continuously monitor what your students and teachers are using on their school devices.
With so many free apps and web-based learning tools available, it is extremely difficult for school leaders to track what their students are using if they do not have direct visibility into their students’ and staff’s application usage data. In some instances, teachers are providing their students’ names and dates of birth in order to access these free resources without realizing the ramifications sharing that information could have on their students’ data privacy.
At Fayetteville-Manlius School District, the district has a rule in place that teachers are not supposed to begin any new software program until they vet it with a member of the district’s instructional technology staff. Despite this policy, Chiesa has discovered through CatchOn, a data analytics and data privacy monitoring solution, that some educators are continuing to introduce new online tools without notifying the district’s instructional technology team. “I regularly check my CatchOn dashboard to monitor the trending apps being used in the district,” said Chiesa.
“Unsurprisingly, there are products being used by teachers and students that are not approved and/or haven’t been vetted, even though our staff has said they would let us know when they wanted to use something and get permission.”
“It’s just so critical for district leaders to keep an eye on what apps and online tools are being used by students and teachers,” said Chiesa. “And not through word of mouth or a survey. You need to actually see what is being used. Some of my colleagues have mentioned that they get this information through their filter, but a filter has so many other functions that it is difficult to track down what apps are being used by whom. If a program experiences a breach, I can quickly use CatchOn to sort which students have been using that app, see when they used it, and identify how often they used it.
Additionally, CatchOn’s new data privacy badges add an additional level of assurance and validity regarding the digital tools being used, which is especially valuable for our parent community.”
2) Create an organized system for posting and updating approved applications and vendor contracts.
With so many applications being used in their classrooms, it is essential for districts to create an effective tracking system for their EdTech tools. At Fayetteville-Manlius School District, Chiesa is using CatchOn to house and track all this critical information. “I like having all of our approved applications in one place,” said Chisea. “Every new software purchase is entered into CatchOn―how much we paid for it, when we purchased it, the renewal date, and the contract. I like being able to quickly see how much we paid for a tool or if we have the contract yet.”
Regularly updating the list of approved apps students can use and communicating that list to teachers, students, stakeholders, and parents is also very important. “We generate our approved apps in CatchOn and have them posted in multiple places, including on our district website and within our learning management system, which parents have access to.”
“School districts need to find an effective method of organizing, posting, and updating their approved applications and vendor contracts,” said Chisea. “And they need to put a system in place to make sure the information does not become stagnant and is regularly updated.”
3) Be proactive in your compliance efforts.
Although many states have yet to pass student data privacy legislation, Chiesa advises school districts to be proactive with their compliance efforts and ask questions. “Ed Law 2-d was a challenge for everybody, but I’ve really learned a lot through this process,” said Chiesa. “I’m very concerned about how long some vendors are keeping their customers’ data, even years after their contract has ended. Also, we are now asking our vendors what security training they provide to their employees who manage their servers.”
Chiesa also recommends districts attain a keen understanding of what software is being used by their students in the event of a breach on the vendor’s side. “There was a product that was not approved by our district, and that company had a breach,” said Chiesa. “I reached out to my teachers to confirm it was not being used. I then checked CatchOn, and I could see that there were some individuals using it. Having that visibility is so important because there are always going to be breaches and there are always going to be individuals who may not remember the software they are using.”
“We need to be proactive and diligent about protecting our students,” said Chiesa. “All districts need to be prepared for an education security breach. They need to know how long companies are holding their data, especially after the district has ended its contract. I don’t see vendors putting that information in their terms of service, so districts need to ask those questions.”
With cybersecurity threats and data breaches on the rise, districts need to evaluate their current compliance practices to help safeguard their students’ data. Using a data privacy monitoring tool like CatchOn quickly gives district leaders the visibility, security reviews, and insights needed to strengthen and streamline their data privacy strategies.