A number of trends in education are leading to tremendous growth in the volume and range of data collected on students. As an FBI public service announcement warns, this could pose a serious risk to students if educators fail to adequately secure their data systems.
Recent legislation like the Every Student Succeeds Act has forced states to perform broader, more rigorous reporting on students’ academic performance. At the same time, digital technologies ranging from learning management systems to Chromebooks are playing an increasingly central role in classrooms across the country. The convergence of these two trends has generated previously unthinkable volumes of student data.
This data is being used in a variety of beneficial ways, including to help distribute resources among districts more equitably, intervene with students at risk of failing or dropping out, and facilitate more personalized learning. However, as a public service announcement released by the FBI at the beginning of the school year made clear, it’s also exposing students to some concerning security threats.
Though the FBI PSA made no mention of these companies, it’s clear that the hacks suffered by edtech businesses Edmodo and Schoolzilla were the impetus for the agency’s announcement. In 2017, Edmodo suffered a hack that compromised the data of 77 million user accounts, all of which was put up for sale on the dark web for a grand total of $1,000. Similarly, an April 2017 audit revealed that Schoolzilla had made a major cybersecurity blunder by backing up data for over a million students on a public server.
But it’s not just the private sector that needs to be more vigilant about protecting students’ personal information. Activists have pointed out that federal student data law is poorly equipped to regulate today’s highly digitized learning environments and desperately needs to be updated. “What we need is a comprehensive approach at the federal level to address these outdated federal laws,” argues co-founder and co-chair of the Parent Coalition for Student Privacy Rachel Strickland.
Closing Security Gaps
While 40 states have passed a collective 120 pieces of legislation designed to supplement insufficient federal student data protections, the onus for educational data security is still largely being placed on individual students and educators.
Indeed, the FBI’s release outlined a number of steps parents and families can take to better protect student privacy, including working with districts to understand and influence how edtech is used and leveraging credit monitoring technology to ensure children’s information isn’t being exploited by outside parties.
Of course, school districts themselves must also do their utmost to protect their students’ data, whether by hiring a third-party cybersecurity partner or, more likely, beefing up their existing district IT staff. From protecting sensitive student data with device authentication and two-step verification procedures to securing wireless data transfers with TLS and 256-bit AES encryption, a district’s IT professionals must be equipped to manage a wide variety of tasks in today’s increasingly complex digital landscape. Unfortunately, as I’ve written about before, building an in-house IT team with the requisite skills and experience is anything but cheap.
That’s why it’s so important for every school district in America to do everything in its power to secure as much funding as possible. Fortunately, by adopting a tool like Vinson’s CheckPoint EMIS Platform, Superintendents and District Treasurers can rest easy knowing their student enrollment and attendance records are always up-to-date and accurate — a sine qua non of maximizing a district’s formula funding.
The FBI’s announcement reminded us that some educational stakeholders have failed to prioritize data security, but at Vinson, we’re committed to helping schools access the resources they need to keep students’ private information private.