Balancing Responsibility for Student Data and Online Safety

student data
(Image credit: Unsplash: Thomas Park)

On October 8, 2021, President Biden signed the K-12 Cybersecurity Act of 2021 into law. The legislation acknowledges that maintaining the security of student data is mission-critical and, therefore, a study will be conducted to determine the best guidance to offer districts. 

While this seems to be a great attempt at protecting our student data, it also represents the federal government slowly crossing the state and local authority line using legislation, policies, and letters to companies to emphasize concerns related to technology in schools, specifically cybersecurity and privacy. However, more than 45 states and Puerto Rico have introduced legislation related to cybersecurity during 2021, according to the National Conference of State Legislators. So, it begs the question: what is the purpose behind the federal legislation?  

The increased use of technology in schools will no doubt increase the risk of attacks on student data. Since 2016, there have been at least 1,062 reported attacks on school districts across the U.S., with 53 school districts being attacked in 2020 and costing more than $7.5 billion, according to a recent report from Amtrust Financial. Since July, at least 16 school districts have already been victims of ransomware attacks.

In spite of these numbers, technology is no longer an option for districts. Schools must include technology in their daily practice of operating a school and delivering instruction. They must also use technology to protect student data as well as protect students themselves while they are online. 

An estimated 500,000 online predators are seeking out children while they are accessing the internet. The F.B.I. reports that children aged 12-15 represent more than 50% of the victims of online sexual exploitation. 

In addition to adult predators, students are also attacked by cyberbullies. Cyberbullying through digital devices occurs through social media, text, emails, instant messaging, and gaming. Research suggests 21% of children aged 10-18 experience cyberbullying, which can lead to additional mental health issues. And, children living in lower-income households are more likely to be bullied online.  

Striking a Balance

Data privacy isn’t the only challenge with our students online. We must protect their safety as well, and some companies aid districts in monitoring student safety online. However, during the first week of October 2021, these companies received letters of concern from three U.S. Senators related to violating students’ privacy. 

Where is the balance between protecting student data and protecting students online? Students -- and the data that come with them -- are the most fragile piece of the education system and the entire reason the system exists. No school or district administrator wakes up thinking of putting their students at risk. Districts and the schools they support must be armed with resources to protect their most significant responsibility, the safety of the students they serve. These resources come in the form of funding, technologies to monitor student activity online, technologies to protect student data, and legislation to back it when a predator or hacker is doing harm. 

Although the federal government may have good intentions, it remains the responsibility of the states and local school boards to govern and direct school operations. 

Cybersecurity and student data privacy are certainly huge issues for districts today and support is definitely needed to fend off hackers and attackers, but does the support need to come in the form of guidance or restricting what products and services districts can use? States have already passed legislation on handling student data, and organizations such as SEDTA and CoSN determine effective practices for managing student data and protecting students while online, and standards have been set to manage this. 

The federal government’s role should be supporting states through funding and legislation that protects constitutional and civil rights when states fail to do so. States and local school boards must do diligence to defend the needs of their schools when it comes to protecting student data and online safety. 

Interested in learning more about cybersecurity in K-12, check out these articles:

Want to be more informed about protecting students online? Look over these resources: 

Longing to learn more about the role of school boards, states, and federal government in overseeing education? Read over this interesting history of our educational system in these resources: 

Our districts are under so much pressure today, let’s stand united to support their best efforts and intentions, and let’s make sure each entity responsible -- federal, state, and local school boards -- educates our amazing students and does the right thing for the good of the whole. 

Dr. Kecia Ray

Dr. Ray's career includes designing technology within the Frist Center for the Visual Arts and directing technology research through Vanderbilt University School of Medicine Science Outreach programs. As a district administrator for Metropolitan Nashville Public Schools, she led the award-winning design, implementation, and evaluation of instructional technology programs, including instructional design for online and blended learning environments, redesigning physical learning environments, redefining school libraries, and establishing the first virtual high school to award the diploma. She leads K20Connect and other passion projects supporting K20 education around the world.