Watch the Recording Listen to the Podcast

This edLeader Panel is presented by CoSN and AASA.
Sponsored by ClassLink

Data privacy is a consistently high priority in any school district setting, and its implications span school operations. Navigating the ever-changing world of data privacy requires effective processes in school governance, communications, and other school functions.

Superintendents participating in the edLeader Panel “Data Privacy: A Critical Multi-Stakeholder School District Priority” shared their effective strategies, centered on five guidelines that inform their actions to ensure data privacy.

The Five Guidelines in Motion

The guidelines frame approaches leaders can take to control systems, ensure data security, and provide access to information.

1. Stay current and compliant with federal and state laws

Knowing, adhering to, and staying current with frequently changing laws safeguarding data privacy—such as the Family Educational Rights and Privacy Act (FERPA), the Protection of Pupil Rights Amendment (PPRA), and Children’s Online Privacy Protection Rule (COPPA)—are crucial to protecting student data.

Remaining compliant is a multi-stakeholder concern. A district governance body comprised of people involved with student data, such as legal counsel, instructional teams, school principals, and technology specialists, can guide compliance. A governance team coordinates compliance across district units and with internal and external staff and vendors. Data privacy mandates are established and begin at the school system’s executive level.

Districts plugged into the legislative process can protect and advocate for schools by informing legislators and state agencies about compliance challenges and issues, particularly when state directives conflict with student data privacy laws.

2. Address community and stakeholder expectations early on

School and community members must know about and support actions to protect student data in alignment with privacy laws. Generating awareness requires consistent internal and external communication in multiple formats.

It’s essential to provide stakeholders with a clear review of data privacy and compliance practices and a rationale for each data privacy law and related prevention measures. Parents’ questions should be answered clearly about what information is shared and how it is shared.

Districts and schools should understand COPPA’s purpose in protecting student data and the systems that guarantee privacy. Moreover, they should alert stakeholders to privacy breaches, such as phishing attempts, to ensure people are not unintentionally sharing data.

Teachers must recognize that some tech tools they want to bring into the classroom do not comply with student data privacy laws. If tools can significantly benefit teaching and learning, parents should know about what those tools mean for student data and give their consent to use them.

3. Keep instructional impacts in the picture

Balancing instructional needs and opportunities with the need for privacy is complex. Data-driven decision making is critical to student success, so ensuring the “right” people access the data is essential. The governance team should identify those individuals at the district level to ensure data are accessed only for instructional purposes.

District tech procurement practices and rules must focus on student data issues on edtech platforms. Vendors must comply with data-protection laws and not receive contracts that do not ensure privacy. Tech procurement must be closely monitored to ensure instructional alignment and compatibility with platforms and networks. Most importantly, there must be a privacy agreement with tech providers.

4. Manage compliance to mitigate risk

Responsible and responsive privacy administration requires continuous management to ensure adherence to rules and procedures. Often, an individual or a group, such as an IT data security team, will do this work, examining security issues and shutting down access to information when necessary. Outsourcing this role is also possible if there is no designated internal staff.

Risk mitigation approaches depend on the data level and involve daily or annual audits. The security team should know the range of audits based on the data sources, and mitigation should be ongoing.

Data-protection best practices should be at play in districts and schools—staff using multi-factor authentication for accounts or air gapping backups and students accessing systems with security keys. Standard operating procedures inform those managing privacy protection about best practices, like what to do when student data are accidentally shared. Bringing on a cybersecurity expert to invest in overall digital safety is another beneficial investment in safety procedures.

5. Training, training, training

Anyone who collects or has access to student information benefits from training and resources to learn how to use data securely, effectively, legally, and ethically. And, ongoing incremental training throughout the year is ideal because technology changes constantly.

Learn more about this edWeb broadcast, Data Privacy: A Critical Multi-Stakeholder School District Priority, presented by CoSN and AASA, and sponsored by ClassLink.

Watch the Recording Listen to the Podcast

Join the Community

Super-Connected is a free professional learning community for school superintendents, district leadership, and aspiring district leaders.

AASA is the premier association for school system leaders and serves as the national voice for public education and district leadership on Capitol Hill.

CoSN (the Consortium for School Networking) is the premier professional association for school system technology leaders. CoSN provides thought leadership resources, community, best practices and advocacy tools to help leaders succeed in the digital transformation. CoSN represents over 13 million students in school districts nationwide and continues to grow as a powerful and influential voice in K-12 education.

ClassLink is a global education provider of identity and analytics products that create more time for learning and help schools better understand digital engagement. As leading advocates for open data standards, we offer instant access to apps and files with single sign-on, streamline class rostering, automate account provisioning, and provide actionable analytics. ClassLink empowers 19 million students and staff in over 2,500 school systems. Visit classlink.com to learn more.

Article by Michele Israel, based on this edLeader Panel