Every sector in our economy is transitioning to digital operations. That means as personal information is collected electronically, new institutional policies, practices, and security processes to govern the safe and responsible management of these data are required. K–12 education is relatively new to this transition in comparison to other sectors like financial services, and privacy and security infrastructure continues to develop and advance across the sector. As schools and districts develop internal systems to safeguard student data, are there established practices in other sectors they can learn from?
A new paper published by experts at EducationCounsel distills promising data privacy and security policies and practices used in financial services, healthcare, and digital application software development into a useful check list of recommended activities for educational institutions.
The authors explain that while education has unique considerations, state, district, and school leaders do not have to start from scratch when they are building out these policies and practices. Many of the challenges the education sector faces are common to other industries. The financial services, healthcare, and digital application software development sectors have already built an infrastructure for safeguarding data, and there are many similarities between their approaches. Based on their analysis of these similarities, the authors recommend three key areas of focus for districts and schools when working on addressing privacy and security:
- Establish internal ground rules: Schools and districts should review and improve internal processes for managing data, starting with assessing data collection practices and identifying security objectives.
- Manage third party vendor relationships: Schools and districts should adopt a vendor approval and governance framework and establish a set of criteria to properly evaluate the risk of providing a vendor with access to student data, for example.
- Commit to continuous improvement and transparency: Schools and districts should continuously make updates to improve data security policies and procedures, and maintain a commitment to transparency and communication with parents, students, and teachers.
Read the full paper with detailed recommendations here.