Data Security Measures Successfully Safeguard Student and Staff Information
In Greeneville, Tennessee, Beverly Miller, the Assistant Director of Schools for Administration and Chief Technology Officer, has been leading a remarkable initiative to ensure data privacy and security in schools. Her approach, which has earned her a Tech & Learning Innovative Leader Award for Best Implementation of Data Privacy, has the potential to be replicated across school districts of varying sizes.
Miller's journey began about 15 years ago when she started to question the vast amounts of student and adult information being collected by schools. Recognising the importance of data security and privacy, Miller and a team of district leaders took proactive steps to address these concerns before they became a significant industry focus.
One of their initial actions was conducting a paper data records inventory in the school district. This was followed by the implementation of multiple security measures to protect student and district data. A significant step was the elimination of student social security numbers, making the district one of the first to take this step. The district partnered with Scribbles Software to convert paper records into a secure cloud-based system, reducing the likelihood of sensitive information falling into the wrong hands.
Thousands of students attend hundreds of schools every year, each one collecting data in some way. Miller believes that having less information to give would be more helpful in reducing the risk of ransomware attacks. Limiting data collection is critical because it minimizes the volume of sensitive student information at risk if breaches occur, reduces potential harm to students, and simplifies data management.
The best practices for data privacy in schools include adopting clear policies, limiting data collection, ensuring transparency, and implementing robust security measures such as encryption and access controls. Key best practices entail using district-approved tools only, implementing clear privacy notices and obtaining parental consent, developing and enforcing policies like Acceptable Use Policies, building technical controls into edtech tools, training all staff on cybersecurity awareness, following data protection laws and frameworks, and maintaining transparent accountability.
Miller's two-pronged approach to data security and privacy—limiting data collection and bolstering security—forms the foundation of effective data privacy practices in schools. This approach enhances student trust, meets legal obligations, and mitigates the risks inherent in today's increasingly digital learning environments. By implementing these practices, schools can help students learn in peace without fearing their data will fall into the wrong hands.
