Here are five best practices for districts trying to maintain a balance between adhering to privacy regulations and meeting demands for transparency as they gather, share, and protect K–12 information.
1 Review FERPA compliance.
Public school districts are obligated to notify students and parents annually of their rights under FERPA, so a basic review of compliance—including whether your district meets the requirements of the accompanying Protection of Pupil Rights Amendment—can help maintain good data management habits. You can sign up for updates on both Web sites.
2 Prioritize data.
Critical information, including personnel and payroll records, student medical histories, and data that contain information such as Social Security numbers, must be carefully stored and securely protected. General information such as school lunch menus, graduation rates, and calendar information does not need to be protected.
3 Use sophisticated passwords.
A surprising number of breaches of school data have occurred because of imperfect passwords. This is a simple but often overlooked fix for protecting critical information. All personnel and vendors need to be trained in the importance of using sophisticated passwords.
4 Ensure secure storage.
Because districts increasingly store student and personnel information on servers or in the cloud, it’s crucial to find the safest data storage solution to meet your district’s needs.
5 Schedule an audit.
When should you have your district’s cybersecurity audited? Surprisingly, it’s when you think you’ve done everything that needed doing. An audit can help determine if your efforts have paid off and find any weaknesses before a breach occurs.
SOURCE: FIVE CYBERSECURITY SAFEGUARDS FOR SCHOOL DISTRICTS FROM SUNGARD K–12.