The Consortium for School Networking (CoSN) today released a new EdTechNext Report, titled “Security and Privacy of Cloud Computing.” The new report examines the privacy, security and regulatory compliance impacts of “Software-as-a-Service” (SaaS) cloud computing, and provides district leaders with information on strengthening their networks and protecting against constant threats. CoSN’s EdTechNext Reports are a series of mini-reports developed to keep educators updated on the latest technology trends and their educational value.
The report outlines common security and privacy risks that schools face with SaaS – information stored on the Internet and managed by others – including data breach, data loss (or leakage), password reuse, and the collection and aggregation of personally identifiable data. Understanding these risks and realities make it imperative that schools evaluate their cloud security, privacy and compliance, giving particular consideration to service level agreements (SLAs) with specialized cloud vendors. Specifically, when considering a SLA, the report advises school leaders to assess the following vendor services:
- Availability (e.g., Does the provider offer a guaranteed service level?);
- Security (e.g., Does the provider use SSL encryption on all pages?);
- Legal and regulatory (e.g., Where is the data hosted and is there a contract?);
- Privacy (e.g., Carefully analyzing the collection, use, protection and sharing of policies).
In addition, the report provides an overview of the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA) and urges district leaders to understand these policies to help minimize the real and potential risks of cloud computing.
The report coincides with Data Privacy Day, which is held every year on January 28. Through advocacy efforts from across the education technology sector, the day seeks to empower people to protect their privacy and control their digital footprint. To learn more, visit: www.staysafeonline.org/data-privacy-day/about.
