As we send our children to school, we provide them with varying levels of data that, if left unchecked, could cause unnecessary problems for students late on in life. Plenty of ways are available to try and protect information, but should schools be collecting and holding onto that much data in the first place?
Beverly Miller, Assistant Director of Schools for Administration/Chief Technology Officer for Greeneville City Schools in Greeneville, Tennessee, and recent winner of a Tech & Learning Innovative Leader Award for Best Implementation of Data Privacy, discusses how much student information schools should keep and the questions we should be asking about collection policies.
‘Why Are We Collecting So Much Data?’
Thousands of students attend hundreds of schools every year, and each one has data collected in some way in the process. Miller saw this practice as a disservice to students and wondered whether schools should be collecting all of the data that they do.
“As a forty-year technologist, about 15 years ago, I really started to become concerned about the massive amounts of information that we had on both students and the adults who work in a school district,” says Miller. “Long before the real focus on data security and data privacy became such an industry focus, we started working in my little school district in the Appalachian mountains of Tennessee. I started assembling a team of district leaders and district employees. We started by conducting a paper data records inventory. What I became immediately concerned with is the records we had.”
Gathering information on students and teachers isn’t out of the ordinary for a school or an educational system, but Miller took issue with what kinds of data schools were collecting and how long they were holding onto it.
“Along the way, what I started to realize was that we had social security numbers on people all throughout our community because so many had graduated from the Greenville City school system (including our existing students),” she says. “So I really started digging at that time saying ‘Why in the world do we even collect student’s social security numbers?’”
A Two-Pronged Approach to Data Security
Collecting data for a school might not be alarming, but keeping it forever might pose a significant risk to anyone who has attended or is attending that school. The same goes for former and current employees.
To protect both former and current students and staff, Miller led a district-wide initiative to limit access to critical data and bolster security.
“[Our school] became one of the very first schools to completely eliminate student social security numbers,” Miller says. “We went so far as to delete them electronically. We no longer ask parents for that information. But then we went back through all of those historical paper records and shredded all instances of the social security numbers coming up. It just put the district and the individuals at such risk. We made sure that if we were ever breached that the data would include only the absolute minimal data that we needed on people.”
The district also partnered with Scribbles Software to convert roughly 50 years of paper records into a digital system, only accessible in a secure cloud. This streamlined the records management process and made it easier for designated staff to find what they were looking for quickly, and significantly improved security by eliminating the concerns that come with paper-based records systems, such as data being accessed by unauthorized personnel.
The multiple security measures embedded into the cloud-based system also reduces the likelihood of sensitive information falling into the wrong hands. Both of the initiatives above are examples of how Miller’s proactive approach is ensuring student and district data remains private and secure.
Using Data Mitigation to Reduce Risk
As technology continues to evolve, our information becomes more susceptible to breaches everyday. Yet no matter where your school is, controlling the data you keep can be an attainable goal.
“Even though we’re a small rural community school district in eastern Tennessee, I think we have built a model that could very well be replicated and scaled up or down based on school district size,” Miller says, noting her two-pronged approach. “From this point forward, we will have this process in place. It’s just a matter of how dedicated people would be in order to take care of the data. I think of things from a corporate standpoint. People always have a need or use for [information], so they’re always going to find a way to dig information out of you. But from a school standpoint, where things like ransomware attacks are so rampant, having less information to give would actually be more helpful.”
Personal information needs to be protected no matter what. With a template like this in place, students can learn in peace without fearing their data will fall into the wrong hands.
