Is Your School District at Risk for a Data Breach? November 6, 2019By Katie Onstad Compliance Best Practices school data breach Cybercrime continues to increase across all industries, and education is no exception. Criminals are hacking into school district databases and stealing student and faculty personal information. District data can be accessed directly from the district, but it can also be captured through third-party software. That exact situation made news headlines in late summer of this year. A major education data breach was announced in July by Pearson through their AIMSweb monitoring and assessment program. More than 13,000 schools were affected and the private data of thousands of students was compromised. Although Pearson did not share many of the details, the things we know provide a cautionary tale for districts. Pearson did not even realize that the hack had taken place in November 2018. They were informed by the FBI in March, 2019—four months later. This means that Pearson did not have systems in place to secure the data or even to be able to detect a data breach themselves. After Pearson was informed of the breach, they took another four months to notify the affected schools. The data was from students using AIMSweb between 2011 and 2016. The data that was stolen included students’ first and last names, date of birth, student identification numbers and, of course, school name and district. Even though social security numbers were not included, it is information valuable enough to be sold, even though there is no evidence of that as yet. It does raise the question of how long it is appropriate for an education vendor to keep student data when active use of the vendor software has ended. It’s important to know how the vendor handles and ensures the security of student data throughout its life cycle: How do they store it and when, and how do they plan to dispose of it? How do they keep track of the data, and how are they notified if there is a breach? Do they have the ability to remove the data on request? How are they protecting the data from unauthorized users? Read more about how to keep student data private and about best practices that help districts manage the safety of their data with vendors. One important takeaway is that because of the amount of private information that is at risk, it is not just the responsibility of the IT team to manage student data, it is everyone’s responsibility – including teachers, administrators, and parents. Education Framework provides student data privacy peace of mind for district administrators, teachers, and parents through EdPrivacy, its expert K-12 data privacy management solution. EdPrivacy offers an intuitive platform that consistently vets the safety and security of online applications based on compliance with FERPA, COPPA, and state privacy requirements. Sign up for a free trial Related Posts Student Data Privacy Policy for Schools—How to Ensure Your Data Stays Private Keeping students’ PII can be complicated - learn how to create a student data protection policy for your school today. Managing Student Data Privacy: How One District is Doing it Right Learn how a school district in Georgia is effectively supporting their student data privacy policy with EdPrivacy, a comprehensive privacy management tool that vets vendor privacy policies, monitors policies for changes, and protects sensitive student information. District Challenges in Executing a Student Data Privacy Policy Districts must develop a comprehensive K-12 student data privacy policy. Get our top 5 policy best practices today. Helping School Districts Address FERPA Compliance Meeting FERPA regulations and ensuring FERPA compliance is no easy task. Learn the solutions that schools use to manage student privacy. How Technology in the Classroom Impacts Student Data Privacy Until a parent voiced a concern, teachers in an Illinois school district had been able to use any application or online resource they chose in their classrooms. That parent inquiry sent the superintendent and director of technology on a quest that led to major changes in how the district investigates and vets applications and websites for use. Learn how River Forest School District 90 stepped up their privacy game with help from EdPrivacy by Education Framework. What is PII? What Districts and Families Need to Know Personally identifiable information, or PII, is any data point that can be used to identify a specific individual. Understanding how to protect student PII begins with knowing what data is being collected. Learn more about the federal and state data privacy laws that govern the protection of student information, and how EdPrivacy helps districts proactively protect PII.