When we send our children to school, we provide them with varying levels of data that, if left unchecked, could cause unnecessary problems for them later in life. There are many ways to protect information, but should schools be collecting and retaining that amount of data in the first place?
Beverly Miller, Assistant Principal of Schools for Administration/Director of technology at Greeneville City Schools in Greeneville, Tennessee, and recent winner of a tech & Learning Award Innovative Leader Award To best implement data privacy, consider how much student information schools should retain and what questions we should ask about collection policies.
Why do we collect so much data?
Thousands of students attend hundreds of schools each year, and each one collects data in some way in the process. Miller felt this practice was a disservice to students and questioned whether schools should be collecting all the data they collect.
“About 15 years ago, as a technologist with forty years of experience, I became concerned about the sheer amount of information we had on students and adults working in a school district,” Miller says. “Long before data security and privacy became such a big issue in the industry, we started working in my small school district in the Appalachian Mountains of Tennessee. I began assembling a team of district leaders and employees. We started by taking an inventory of paper data records. What immediately concerned me was the records we had.”
Collecting information on students and teachers is not out of the ordinary for a school or education system, but Miller questioned what kind of data schools were collecting and how long they kept it.
“Along the way, I realized that we had social security numbers for people from all over our community because many had graduated from the Greenville City School System (including our current students),” she says. “So at that point I started doing some research and asked myself, ‘Why in the world are we collecting students’ social security numbers?’”
A two-pronged approach to data security
Collecting data for a school may not be alarming, but keeping it forever can pose a significant risk to anyone who has attended or will attend that school. The same applies to current and former employees.
To protect current and former students and staff, Miller led a district-wide initiative to limit access to critical data and strengthen security.
“(Our school) became one of the first schools completely eliminate students' social security numbers,Miller says, “We went so far as to delete it electronically. We no longer ask parents for that information. But then we went through all those historical paper records and destroyed every instance where social security numbers appeared. It just put the district and the people at great risk. We made sure that if we ever had a security breach, the data would include only the minimum data that we needed about the people.”
The district also partnered with Scribbles Software to convert approximately 50 years of paper records into a digital system, which can only be accessed in a secure cloud. This streamlined the records management process and made it easier for designated staff to find what they were looking for quickly, and significantly improved security by eliminating concerns that arise with paper records systems, such as data access by unauthorized personnel.
The multiple security measures built into the cloud-based system also reduce the likelihood of sensitive information falling into the wrong hands. Both of the initiatives mentioned above are examples of how Miller’s proactive approach ensures that student and district data remain private and secure.
Using data mitigation to reduce risk
As technology continues to evolve, our information becomes more vulnerable to being breached every day. However, no matter where your school is located, controlling the data you hold can be an attainable goal.
“Even though we’re a small, rural community school district in East Tennessee, I think we’ve created a model that could be replicated and scaled up or down based on the size of the school district,” Miller says, noting their two-pronged approach. “From now on, we’ll have this process in place. It’s just a matter of how dedicated people are to taking care of the data. I think about things from a corporate standpoint. People always have a need or a use for (information), so they’ll always find a way to extract information from you. But from a school standpoint, where ransomware attacks are so prevalent, having less information to give would actually be more helpful.”
Personal information should be protected under all circumstances. With a template like this, students can learn with peace of mind without fear of their data falling into the wrong hands.
