Ensuring comprehensive data security for schools and students is a delicate balance during the best of times, and life during this pandemic is most certainly not the best of times. Students returning to classrooms this fall will likely do so within a hybrid model of in-class and at home learning, staggered schedules, and limited resource availability. It is important to help students continue to learn, but it is critical to keep them safe.
Every academic institution is different, and they all have slightly different security needs. But each one must also find the proper balance between allowing access to data and applications and keeping students’ data and personal information secure and protected. Security protocols are inherently designed to keep people out; and education is based on providing access to all sorts of data.
“How do you make sure data is safe and secure? And at the same time in your efforts to stop hackers and bad players, you have to make sure you don’t block data access,” says Debra Ruh, CEO of Ruh Global. “There’s that fine balance—stay safe, but do not compromise [individuals’] ability to access their data.”
And it’s not just preventing data breaches or keeping student files safe and secure. It’s also a legal imperative with regards to students’ personal data. The Family Educational Rights and Privacy Act (FERPA) prohibits sharing that data with third parties without the expressed written permission from parents.
There are also several state laws governing student data. In 2017 alone, 36 states introduced 95 bills and approved 31 new laws regulating student data protection.
And ensuring student data security is certainly no “fire and forget” situation. Maintaining continued data security is an ongoing process in which all must be involved. IT leaders can look to technology vendors and partners for support in developing strategy and simplifying deployment. From the academic perspective, students, teachers, administrators, and parents must all play a role in ensuring both the security and access to student data. And security policies must be developed and enforced with privacy and accessibility intertwined.
“Schools have to look at this like everyone else—they have to create policies that include the three prongs: security, privacy, and accessibility,” says Ruh. “And they need to be constantly testing and looking at them. They also need to use all the resources, often available right in front of them.”
Security, privacy, and accessibility are also not the responsibility of a single individual or team. “It impacts every part of the organization. To say, ‘This is IT’s job,’ is naïve. It’s everybody’s job,” she says. “The entire organization has to be aware and has to be involved in creating policy. Then they have to go back and revise those policies to ensure they still work and they have to include security, privacy, and accessibility.”
Now more than ever, student data security will continue to evolve—driven by where and how students are learning; the state of threat landscape; and the changing requirements of schools, students, and teachers.