Protecting Student Data – 7 Things You Should Be Doing

Let’s be honest, data privacy and protecting student data is a big deal, we all know that. But when it comes to actually putting measures in place to safeguard your students against potential privacy violations, it can feel like a can of worms. 

Where do you even start? Is this not a job for the IT crowd?

The excitement of finding an EdTech tool that will engage your students while automating some of those tedious administrative tasks can sometimes cloud the less glamorous side of EdTech – data privacy. 

Most EdTech platforms are cloud-based which means that a vast amount of data is flowing back and forth between yourself and your students, so it’s imperative educators take all the necessary steps to prevent a situation where students’ data is compromised.

What Sort Of Student Data Are We Protecting Anyway?

The majority of student data that’s collected by EdTech tools can usually be categorised into four main areas:

1. Educational Records: These can include information about the pupils academic performance, disciplinary records and general correspondence with teachers.

2. Demographic: This kind of data includes the students name, address, medical requirements and general contact information

3. De-identified: This is data that is not attributed to any personal identification ie. The data cannot be traced to a single student.

4. Aggregated: This includes de-identified data that is collected from groups of students rather than from individuals. 

Okay, so now that we know the types of student data we should be protecting, here are 7 things you should be doing to ensure you’re protecting students data.

1. Find The Privacy Policy

This is a super simple way to filter out and qualify potential EdTech vendors.

As basic as this sounds, you need to make sure that the EdTech vendor has a privacy policy. Believe it or not, there are vendors out there who don’t have one. 

They should have it publicly available on their website (usually in the website’s footer next to terms and conditions). If they don’t – ask them for it.

2. Protecting Student Data Means Asking Tough Questions!

You should never feel guilty about quizzing a potential EdTech vendor by asking a tonne of tough questions. 

The risk of compromising your students’ data should be non-negotiable and any decent, well-informed vendor will understand this too and will be more than willing to undergo your well-intentioned interrogation.

Ask the vendor about their privacy policy and ensure what they’re telling you is congruent with what they have written down in their privacy policy. 

Here are some questions to get you started…

• Where is the students’ data stored?

• Is the data safe wherever it’s held?

• Are they complying with GDPR?

• What are their GDPR practices?

• Who is the data controller, is it me? Is it the supplier? Is it the school? If it’s the supplier then why is that? Is it because they want to advertise?

Only by asking these sorts of questions can you really expect to fully ascertain if this EdTech tool, and the vendor, are going to meet your expectations and provide you with confidence that both parties will be best placed in protecting student data.

If you’re concerned about GDPR and how it affects your school then check out NetSupport DNA, they provide a fantastic solution to help with safeguarding students data and assisting with GDPR compliance.

3. Are you Visiting Secure Websites?

It may seem an impossible task to identify a secure website. I mean, surely if the website looks professional then there’s a good chance the site will be secure? Not at all.
Look up at the address bar of the website you are visiting and make sure it has an ‘S’ after the http bit.

HTTPS stands for Hypertext Transfer Protocol Secure and means that the integrity and confidentiality of data between the user’s computer and the website is protected and encrypted.

Data sent using an HTTPS website offers three fundamental layers of protection.

1. Encryption: This essentially means that when a student is browsing a website, their activities cannot be tracked and their personal information cannot be stolen.

2. Data Integrity: Data that is being transferred between the student and the server cannot be modified or corrupted without being detected.

3. Authentication: Proves that your users communicate with the intended website and protects against man-in-the-middle cyberattacks.

4. Be Super Vigilant, It’s An On-Going Responsibility

Just because the vendor has told you what they will do in terms of protecting your students’ data, you should never just assume that they will continue this over the duration of you and your students using their tool.

Carry out a regular audit and review, to ensure that your suppliers are sticking to the privacy practices they told you they would do. 

Not only will you mitigate the potential risk of things slipping through the net, but it will help put your mind at ease. 

Furthermore, if the vendor knows you are carrying out these regular audits, it will more than likely keep them – and rightfully so – on their toes.

5. Inspecting Your School’s Equipment

Make sure you take a look at the equipment you are using – is it old, is it new? And If so, how new? Older equipment will pose more of a risk to your students’ data. Making sure your equipment is up to date will ensure that they are in the best possible position to fortify your students’ data and keep it from getting into the wrong hands.

Here’s a brief checklist to ensure your equipment is best placed in protecting student data:

• Anti-malware protection

• Make sure to backup your data

• Install the latest operating system updates

• Ensure software regularly updated

• Switch off device at the end of each day

• Use a firewall

Muster up the courage and go strike up a conversation with your school’s IT department, who will be able to inform you of whether the equipment your students are using is capable of safeguarding student data.

6. Lay All Your Cards On The Table

It’s a good idea to ensure you’re completely transparent with your students and their parents to ensure they are all kept in the loop with your carefully selected EdTech tools. 

Students and parents have a right to know what you are using, and you don’t want to be fumbling around if they ask. So make sure to keep a document readily available which outlines the digital tools being used and their corresponding privacy policies and T&Cs.

7. Plan For The Worst-Case Scenario

Sometimes in life, despite our best efforts to mitigate risk, the proverbial hits the fan. 

Whether it’s the fault of the 3rd party supplier or yours truly, having a plan you can resort to in the unfortunate situation of data misuse will make all the difference.

Develop a breakdown of how parents will be informed of such a situation, will they be contacted by you, or by the IT department? Get a plan in place so the matter can be dealt with in the smoothest way possible.

So there you have it, our ultimate list of 7 things you should be doing to ensure you’re protecting student data. Make sure you take your time to absorb all the information we’ve shared, or bookmark this page so you can find it quickly when you need it!