Page 74 - Security Today, May/June 2021
P. 74
Protecting Digital Data
School administration make encrypting personal student digital data more important than ever
Distance Learning
Wright Studio/Shutterstock.com
While the debate regarding the opening of many schools continues, it looks as if distance learning and school administration will continue to some degree. So, as we plow through the one-year anniversary of schools closing across the country on account of the COVID-19 pandemic, it is a good spot for a reminder of the necessity of keeping student Personally Identifiable Information (PII), secure.
PII is data that could directly identify an individual. Be it by name, address, social security number or identifying number or code, tele- phone number, or email address. Any information that can lead to the identity of a specific person falls under PII. A simple spreadsheet of student information and grades could fall under the wide umbrel- la of PII regulations.
The purpose of securing such data is twofold: 1. to fall in line with the plethora of federal and state laws and regulations mandating it, and 2. as a safeguard for the off-site use of and lack of oversight of personal PCs and laptops in teaching and administrative duties dur- ing the pandemic.
Whether it is stored or being transported, data protection is essen- tial. The costs in money and reputation on account of data breaches, hacking and lost or stolen laptops/PCs are astronomical.
So, how do you make sure all your digital personal student data is secure and meeting regulations? One way is to encrypt all your digital files, whether they are on a USB drive or an SSD.
Before discussing those, let's take a brief look at a few of the prom- inent laws and regulations dictating personal student digital-data security, which would be enforced whether there was a pandemic going on or not.
The Future of Privacy Forum (FPF), a Washington, DC-based think tank that seeks to advance responsible data practices, says fed- eral and state security requirements oblige schools and companies to use “reasonable” steps or methods to provide security regardless of the technology in use.
Three of the requirements affecting school and school systems,
according to FPF, are:
FERPA. Family Educational Rights and Privacy Act (FERPA), a
federal law, applies to any school that receives funds from the Depart- ment of Education and protects the privacy of a students’ school records. “Education records” include those that contain the informa- tion related to a student. Since its requirements are mandatory for schools receiving Department of Education funds, it applies to most K-12 schools and post-secondary institutions, both public and pri- vate. Enacted in 1974, FERPA is still the main federal law governing student privacy at educational institutions. While technology has made a sea change in the way student records are kept since then, Congress has made very few changes to the act.
COPPA. Children's Online Privacy Protection Act (COPPA) is another federal law that covers information that can be obtained from children under the age of 13, by companies on websites, games and mobile applications. This applies to any online product that is targeted at consumers under 13, and where the companies have “actual knowledge” that the user is under the age of 12. COPPA has a special provision allowing school officials and educators the ability to provide consent on behalf of parents for their students to be able to use online platforms in an educational setting at their school. However, this consent is limited to the collection of a student’s personal information for a school’s educational purpose, not any commercial use.
HIPAA. The Health Insurance Portability and Accountability Act (HIPAA) creates standards for electronic healthcare activities and pro- tects the privacy and security of personally identifiable health informa- tion—including students. HIPAA is not applicable in most cases for student records. However, it and FERPA do overlap to some degree. A school is a “healthcare provider” as defined by HIPAA when it operates a health clinic offering medical care to students in the normal course of business. Also, a school must comply with HIPAA if it conducts any electronic transactions that fall under the standard.
22 campuslifesecurity.com | MAY/JUNE 2021
Now on to the products that can help keep your digital data safe.