Go to Source
Wed, 04/10/2019 – 10:01
Schools handle a wide variety of sensitive information concerning students and their families. Laws, regulations and ethical obligations require administrators to take active measures to protect that information from unauthorized disclosure.
That warrants a combination of technical and process controls designed to facilitate legitimate use of student records while safeguarding them against intruders. Let’s take a look at five ways that schools can better protect their student records.
1. Minimize Data Collection of Student Information
The single most important step schools can take to lower the risk of unintentional or malicious disclosure of sensitive student information is to reduce the amount of information collected in the first place.
That’s a tried-and-true practice known in the privacy field as minimization. When schools don’t collect sensitive data elements, there is no risk they will lose control of that information if a data breach occurs.
Social security numbers are low-hanging fruit for minimization efforts. Many schools began a practice years ago of collecting student and/or parent SSNs for identification purposes. While almost every school has moved beyond the use of SSNs as a student identifier, many still ask for student and parent SSNs on registration forms. There is no good reason to do that.
Guidance from the U.S. Department of Education clearly states that parents are not required to disclose SSNs to schools. The risks associated with storing such sensitive information are too great, and there is no clear benefit. Schools should review all of their data collection practices and remove any fields not required for a specific, legitimate business purpose.
2. Purge Unnecessary Student Records
In addition to minimizing the information collected, schools should also take actions to purge sensitive information when it’s no longer used for its original purpose. Purging old records serves a similar purpose as minimizing data collection: lowering the impact of a potential breach.
Schools should set standardized record retention policies that specify the length of time different categories of records should be preserved. For example, a school might decide to retain course-level grades permanently to generate transcripts, but purge student disciplinary records seven years after graduation. Exceptions might be made for students who were expelled from school or other specific circumstances.
Some retention periods might be quite short. For example, public schools often collect documentation from parents to prove their residency in a particular school district.
Once those records are validated and approved by an administrator, is there any valid reason to maintain copies of the records themselves? It may suffice to maintain a record created by the administrator documenting the evidence was received, reviewed and validated.
3. Encrypt Data at Rest and in Transit
After completing minimization and purging efforts, chances are schools will still need to retain some sensitive information about students and their parents. Those records should be secured carefully, using a mix of technical and administrative controls.
The most important technical control schools may apply to information is the use of strong encryption technology to protect information that is either at rest; stored on a server or device; or in transit, being sent over a network. Schools should identify devices that store sensitive information and apply encryption at both the file and disk level.