Blog: Student Data Privacy Articles

Practical tips, best practices, and useful student data privacy resources.

School Data Breach

Is Your School District at Risk for a Data Breach?

Cybercrime continues to increase across all industries, and education is no exception. Criminals are hacking into school district databases and stealing student and faculty personal information. District data can be accessed directly from the district, but it can also be captured through third-party software. That exact situation made news headlines in late summer of this year. 

A major education data breach was announced in July by Pearson through their AIMSweb monitoring and assessment program. More than 13,000 schools were affected and the private data of thousands of students was compromised. Although Pearson did not share many of the details, the things we know provide a cautionary tale for districts. 

Pearson did not even realize that the hack had taken place in November 2018. They were informed by the FBI in March, 2019—four months later. This means that Pearson did not have systems in place to secure the data or even to be able to detect a data breach themselves. After Pearson was informed of the breach, they took another four months to notify the affected schools.

The data was from students using AIMSweb between 2011 and 2016. The data that was stolen included students’ first and last names, date of birth, student identification numbers and, of course, school name and district. Even though social security numbers were not included, it is information valuable enough to be sold, even though there is no evidence of that as yet. It does raise the question of how long it is appropriate for an education vendor to keep student data when active use of the vendor software has ended.  

It’s important to know how the vendor handles and ensures the security of student data throughout its life cycle:

  • How do they store it and when, and how do they plan to dispose of it?
  • How do they keep track of the data, and how are they notified if there is a breach?
  • Do they have the ability to remove the data on request?
  • How are they protecting the data from unauthorized users?

Read more about how to keep student data private and about best practices that help districts manage the safety of their data with vendors. One important takeaway is that because of the amount of private information that is at risk, it is not just the responsibility of the IT team to manage student data, it is everyone’s responsibility – including teachers, administrators, and parents. 

Education Framework provides student data privacy peace of mind for district administrators, teachers, and parents through EdPrivacy, its expert K-12 data privacy management solution. EdPrivacy offers an intuitive platform that consistently vets the safety and security of online applications based on compliance with FERPA, COPPA, and state privacy requirements.

Sign up for a free trial