On October 8, 2021, President Biden signed the K-12 Cybersecurity Act of 2021 into law. The legislation acknowledges that maintaining the security of student data is mission-critical and, therefore, a study will be conducted to determine the best guidance to offer districts.
While this seems to be a great attempt at protecting our student data, it also represents the federal government slowly crossing the state and local authority line using legislation, policies, and letters to companies to emphasize concerns related to technology in schools, specifically cybersecurity and privacy. However, more than 45 states and Puerto Rico have introduced legislation related to cybersecurity during 2021, according to the National Conference of State Legislators (opens in new tab). So, it begs the question: what is the purpose behind the federal legislation?
The increased use of technology in schools will no doubt increase the risk of attacks on student data. Since 2016, there have been at least 1,062 reported attacks on school districts across the U.S., with 53 school districts being attacked in 2020 and costing more than $7.5 billion, according to a recent report from Amtrust Financial (opens in new tab). Since July, at least 16 school districts have already been victims of ransomware attacks.
In spite of these numbers, technology is no longer an option for districts. Schools must include technology in their daily practice of operating a school and delivering instruction. They must also use technology to protect student data as well as protect students themselves while they are online.
An estimated 500,000 online (opens in new tab) predators are seeking out children while they are accessing the internet. The F.B.I. reports that children aged 12-15 represent more than 50% of the victims of online sexual exploitation.
In addition to adult predators, students are also attacked by cyberbullies. Cyberbullying (opens in new tab) through digital devices occurs through social media, text, emails, instant messaging, and gaming. Research (opens in new tab) suggests 21% of children aged 10-18 experience cyberbullying, which can lead to additional mental health issues. And, children living in lower-income households (opens in new tab) are more likely to be bullied online.
Striking a Balance
Data privacy isn’t the only challenge with our students online. We must protect their safety as well, and some companies aid districts in monitoring student safety online. However, during the first week of October 2021, these companies received letters of concern from three U.S. Senators related to violating students’ privacy.
Where is the balance between protecting student data and protecting students online? Students -- and the data that come with them -- are the most fragile piece of the education system and the entire reason the system exists. No school or district administrator wakes up thinking of putting their students at risk. Districts and the schools they support must be armed with resources to protect their most significant responsibility, the safety of the students they serve. These resources come in the form of funding, technologies to monitor student activity online, technologies to protect student data, and legislation to back it when a predator or hacker is doing harm.
Although the federal government may have good intentions, it remains the responsibility of the states and local school boards to govern and direct school operations.
Cybersecurity and student data privacy are certainly huge issues for districts today and support is definitely needed to fend off hackers and attackers, but does the support need to come in the form of guidance or restricting what products and services districts can use? States have already passed legislation on handling student data, and organizations such as SEDTA (opens in new tab) and CoSN (opens in new tab) determine effective practices for managing student data and protecting students while online, and standards (opens in new tab) have been set to manage this.
The federal government’s role should be supporting states through funding and legislation that protects constitutional and civil rights when states fail to do so. States and local school boards must do diligence to defend the needs of their schools when it comes to protecting student data and online safety.
Interested in learning more about cybersecurity in K-12, check out these articles:
- Best Cybersecurity Lessons and Activities for K-12 Education (opens in new tab)
- How to Implement a Systemic Approach to Student Data Security and Privacy (opens in new tab)
- 5 Ways to Boost School Cybersecurity (opens in new tab)
- How to Integrate Student Data Privacy Protection into District Data Governance Plans (opens in new tab)
Want to be more informed about protecting students online? Look over these resources:
- Keeping Students Safe While Learning Online (opens in new tab)
- A Starting Point for Ensuring Student Online Privacy (opens in new tab)
- 10 Back-to-School Tips for Online Tips and Resources for Parents (opens in new tab)
Longing to learn more about the role of school boards, states, and federal government in overseeing education? Read over this interesting history of our educational system in these resources:
- History and Evolution of Public Education in the U.S. (opens in new tab)
- A Relevant History of Public Education in the U.S. (opens in new tab)
Our districts are under so much pressure today, let’s stand united to support their best efforts and intentions, and let’s make sure each entity responsible -- federal, state, and local school boards -- educates our amazing students and does the right thing for the good of the whole.