Principal Leadership - April 2015 - (Page 54)

digital leader Privacy, Please The principal's role in protecting the privacy of student data Dana Greenspan I f you ask chief technology officers or IT directors what keeps them awake at night, the response-ahead of Common Core State Standards support and online assessment-is likely data security and privacy issues. The school principal can be a local education agency's (LEA) key resource when partnering with IT staff in order to deter privacy breaches by ensuring that students, families, and staff are aware of-and avoid-potential risks by practicing safe online behaviors. Protecting data has long been on the radar of the IT staff and security experts, but it's taken breaches at Target, Home Depot, and Sony for most of us to become aware of how vulnerable we are. In any given year, I attend numerous workshops given by excellent teachers demonstrating how they effectively integrate technology into their curricula via a smorgasbord of engaging, educational applications; but rarely have I heard them talk about privacy issues. This needs to change. One can't fault the teachers, principals, or LEA staff because protecting student (and family and teacher) data has only recently become a hot topic. We're beginning to hear more conversations about student privacy and data protection among state and federal legislators, at educational conferences, and within LEAs. Training educators to think about data privacy when choosing digital programs and applications can-and should-become a routine part of the selection process. Principals, with assistance from other site administrators, will play a large role in making certain 54 Principal Leadership | April 2015 these conversations transform into routine practices. According to the Privacy Rights Clearinghouse, there have been 299 educational breaches since 2010 (Privacy, 2015). These represent 10.7 percent of the total tracked breaches, for various reasons. Aside from hacking or malware, insiders with legitimate access, such as an employee or contractor, can make intentional or unintentional breaches. Other data breaches can result from physical loss or theft of a device or even of paper containing sensitive information. What's disconcerting is that theft of student data, particularly that of young students, is now of prime interest to organized cyber criminals. Although it varies from state to state, many entering students are required to provide a Social Security number, which is entered into the student information system along with other personal information. Because children have essentially perfect credit scores, they are ripe to become victims of identity theft that may continue undetected for years. As adults, especially if we suspect we are victims of a data breach, we know to monitor our credit reports. But how many parents monitor their children's credit reports-how many would even think it's necessary? We must help our stakeholders be savvy consumers by educating parents about the need to monitor credit reports for the entire family, regardless of age, annually. Cloud computing has led to greater vulnerability as well. Secure servers physically housed at LEAs are under the control of IT staff who work diligently to ensure safe practices and monitor networks for potential security breaches. Now many LEAs are turning to fully web- or cloud-based solutions where the data is housed by the program/application developer or even a designated third party. In that instance, do you know which data is collected or how that data is shared? Do you know what happens to the data when the program or application is no longer in use? Which staff can access the data, and do they need to have access? These are questions we need to be asking before choosing and using a program or application, especially when individual student data is required as a condition for use. Content creators are becoming more accustomed to being asked for specific contractual language to appear in purchase agreements, but, depending on local legislation, this varies from state to state. We are all responsible for looking at a company's privacy policy. Rather than automatically clicking "I agree" when a pop-up window appears for a downloaded or updated application, we need to get in the habit of checking applications and websites, as well as actually reading the privacy policy in full. Federal laws protecting the privacy of student data have existed since 1974, and some have been updated to reflect digital technologies. The Family Educational Rights and Privacy Act (FERPA), which sets rules for how LEAs can use and disclose student records, was updated in 2012 to include digital data

Table of Contents for the Digital Edition of Principal Leadership - April 2015

Solution Tree
From the Editor
Bulletin Board
Cases in Point
Pepperdine University
Healthy Schools, Healthy Students
Advocates for Acceptance
Creating a Socially Inclusive School
Out of the Darkness: Making Student Mental Health a Priority
Combating Cyberbullying
How Do You Evaluate Leadership?
The Common Core and School Improvement
Salsbury Industries
Discussion Guide: The Common Core and School Improvement
Leading in Turbulent Times
Need a Little TLC?
The Principal Story by Nomadic Pictures
Growing Your STEMs
Digital Leader
Instructional Leader
Breaking Ranks in Practice

Principal Leadership - April 2015