Student Data Privacy Policy for Schools—How to Ensure Your Data Stays Private June 25, 2019By Katie Onstad Compliance Best Practices policies Keeping students’ personally identifiable information (PII) private is a complicated initiative for most school districts. And one that, up until now, has been the responsibility of IT departments. However, the expanding volume of technology being used by schools and the increasing risk of security disruptions have put data protection policy for schools front and center for everyone. Data protection guidance for schools requires districts to: establish clearly defined roles make thoughtful plans that incorporate transparency and accountability establish data protection training for schools Teachers, administrators, and staff need training, tools, and support to be successful at protecting student privacy. 5 Best Practices for Creating a School Data Privacy Policy The following best practices can provide a road map for data protection guidance for schools. Understand the privacy landscape and your legal obligations. New state regulations are regularly enacted across the country. It is critical for schools and districts to be current on these legal requirements in addition to federal laws such as FERPA and COPPA. Conduct a comprehensive technology audit. Establish a baseline of all technology being used in classrooms and school and district offices. Once there is an understanding of what technology is in use throughout the district, the next step is to conduct a privacy evaluation for each online technology to ensure student data is private and protected. Establish a data governance plan and data protection training for schools. Make a plan that addresses the full life cycle of data, from acquisition to disposal. Use written contracts to outline security and data collection, data deletion, data use, data retention, data disclosure and data destruction. Determine who has authority to review and purchase and define the scope and limitations of that authority. Districts need to conduct a security awareness program that provides data protection training for schools’ faculty and staff. Communicate your plan and engage parents in the privacy conversation. Post information about your student data policies, practices, and usage on a public web page. Be explicit about the information you collect about your students and what the information is used for. Explain what, if any, PII is shared with third party service providers and how that information is safeguarded. Be sure to let parents know how they can get additional information. Monitor privacy policies for changes and repeat this five-step process. Once all privacy policies are reviewed, ongoing monitoring is required to ensure the effectiveness of security controls and compliance. Without data protection training, schools and users may not fully understand their roles in implementing security protections. 5 Keys to a Comprehensive School Policy For those districts concerned that their data protection policy for schools is comprehensive enough, here are some key questions to ask: Data privacy: do you have the ability to keep track of data and understand what happens to it during its lifespan? Data deletion: do you have the ability to remove the data upon request? Data security: can you protect the data from unwanted or unauthorized users? Data integrity: do you have the ability to maintain the accuracy and consistency of data over its entire life cycle? Data retention: do you understand that the data is to be used only for its intended educational purposes and should be disposed when no longer needed? Education Framework provides student data privacy peace of mind for district administrators, teachers, and parents through EdPrivacy, its expert K-12 data privacy management solution. EdPrivacy offers an intuitive platform that consistently vets the safety and security of online applications based on compliance with FERPA, COPPA, and state privacy requirements. Sign up for a free trial Related Posts District Challenges in Executing a Student Data Privacy Policy Districts must develop a comprehensive K-12 student data privacy policy. Get our top 5 policy best practices today. The California Consumer Privacy Act Bolstering Student Data Privacy Goes into Effect Beginning January 1, 2020, The California Consumer Privacy Act of 2018 (CCPA) is in effect. This comprehensive law protects the personal information of all California residents collected by any company doing business in the state of California. Edtech companies that collect PII from California students are bound by this new law. Read more about CCPA and learn how EdPrivacy helps school district leaders navigate the requirements of multiple laws and ensure student data is properly protected. How Technology in the Classroom Impacts Student Data Privacy Until a parent voiced a concern, teachers in an Illinois school district had been able to use any application or online resource they chose in their classrooms. That parent inquiry sent the superintendent and director of technology on a quest that led to major changes in how the district investigates and vets applications and websites for use. Learn how River Forest School District 90 stepped up their privacy game with help from EdPrivacy by Education Framework. Optimize Student Data Protection with this EdPrivacy Checklist Take full advantage of the student data privacy and security benefits that EdPrivacy provides. Follow this simple checklist to enhance your data protection program and get the year off to a smart start. EdPrivacy by Education Framework: Student Data Privacy Peace of Mind [Video] Protecting student privacy is a big challenge for U.S. school districts. Learn how EdPrivacy helps simplify and streamline the privacy management process, protecting student data and providing privacy peace of mind. Managing Student Data Privacy: How One District is Doing it Right Learn how a school district in Georgia is effectively supporting their student data privacy policy with EdPrivacy, a comprehensive privacy management tool that vets vendor privacy policies, monitors policies for changes, and protects sensitive student information.