In Depth View

Six steps to Ensure Digital Education Products are Treats, not Tricks

As educators realize the benefits of data-powered services, conversation about the securing student data is also of paramount importance. There is no better time to discuss data security matters than now: October is National Cyber Security Awareness Month. Safeguard student data in your school or school district by taking these six proactive steps.

Instructional technology unlocks tremendous advantages for administrators, teachers, students and parents. Educational software, mobile applications and web-based programs have demonstrated, through numerous case studies, the ability to engage student participation, accelerate student progress, augment the learning experience, and enable personalized instruction through adaptive technologies and online assessment reporting. Web-based computer programs and apps allow students to learn at home, providing teachers with valuable metadata to track and measure progress, and to tailor instruction to meet student needs. Moreover, online services provide district administrators with the ability to aggregate performance data by school or by classroom.

Healthcare systems, retail corporations and government agencies have been breached, subjecting large databases of information to identity theft and fraud. These systems are not the only targets of criminal intent. K-12 school and district computer servers are data gold mines. Beth Givens, Executive Director of the Privacy Rights Clearinghouse, notes that a data security breach can happen at any time. It’s not a matter of if, but when . Since 2005, hundreds of K-12 institutions have been subject to security breach.

The obligation to protect student data is both the responsibility of educators as well as the online service providers. Companies that do not provide strong security for sensitive data can be at legal risk for violating contractual agreements and federal and state laws, especially when making a public commitment the pledge to protect student privacy , yet a number of educational programs adopted by schools have security weaknesses.

Educational leaders need to be aware of the potential tricks that may accompany the digital “treats” of using modern technology for teaching and learning.

The Consortium for School Networking and the Data Quality Campaign collaborated with numerous educational organizations in the fall of 2014 to develop 10 principles to protect student data (2015).Educational institutions and contracted service providers build trust with stakeholders when the necessary steps are taken to ensure that student data is secure in online systems.

Without a policy and procedure for evaluating and approving proposed apps and web-based programs, the school risks adopting software that could open the door for intruders and exploitation of student data.

Six Proactive Measures to Protect Student Data

Rather than amassing a number of digital tools and services and sorting them out after issues arise, follow these six steps to bolster data security in your school or school district.

  1. Create an action plan. Start at the top. Form an administrative team that includes IT and legal experts. Prepare for a security breach by forming an action plan. In the case of a security breach, keep stakeholders informed. Provide all of those affected with identity protection service.
  2. Form contractual agreements with online service providers. Work with legal experts in child privacy laws. Form contractual agreements with online service providers that give schools direct control over student data. Be informed of the level of security that the service provides before making a purchase. CoSN provides a list of questions to ask an online service provider regarding data.
  3. Set the standard. Establish a set of standards, policies and procedures for all sites, apps and software used in the school or district. Teachers are also accountable for ensuring the security of student data and school networks by putting these procedures into practice. Require all instructional sites, educational apps and assessment tools to undergo evaluation and approval prior to implementing tools in the classroom. Respect parents’ rights to child privacy. Be sure to obtain Verified Parental Consent (VPC) prior to utilizing directory information in online services.
  4. Take inventory. Take inventory of all sources of student data in the school or school district. Work with IT to ensure that personal information is encrypted on sites and services. Many schools are operating on outdated software and infrastructure. Update old software to eliminate vulnerabilities and boost security. Audit existing sites and services, and throw out sites and apps that do not use security measures.
  5. Communicate with stakeholders. Be transparent about the programs that the school is using, the types of data collected by these sites and services, how the data is being protected, and how the data will be used. Establish a community of trust through transparency. Communicate with parents, teachers and students should any security challenges that arise, and keep them informed on the incident including “next steps” to safeguard their identifying information.
  6. Ensure compliance with Child Privacy Regulations. The regulatory environment is complex. Thus, compliance to COPPA, CIPA, FERPA, PPRA and HIPPA can be challenging to implement. Remove paper-based processes, which are outmoded and unverified, and replace with a simplified compliance solution to obtain best practice in student privacy protection.

Get in the Twitter conversation @iSAFEVentures: What’s your idea of a secure online environment, and what steps does your school take to keep important student information secure?

Learn more about i-SAFE Ventures identity management and compliance solutions at

Givens, Beth. (2014). Data Breach Readiness and Follow-up: Being Prepared for the Inevitable
Privacy Rights Clearinghouse Chronology of Data Breaches.
Student Privacy Pledge
Section 5 of the Federal Trade Commission Act bans deceptive trade practices and is enforced by the FTC.