Yesterday, the Federal Bureau of Investigation issued a public service announcement (PSA) to “encourage public awareness of cyber threat concerns related to K-12 students.” The PSA noted that “US school systems’ rapid growth of education technologies and widespread collection of student data could have privacy and safety implications if compromised or exploited.”
The FBI urged parents and families to:
- Research existing student and child privacy protections of the Family Educational Rights and Privacy Act (FERPA), the Protection of Pupil Rights Amendment (PPRA), the Children’s Online Privacy Protection Act (COPPA) and state laws as they apply to education technologies.
- Ask their local districts what and how education technologies and programs are being used in their schools.
- Conduct research on parent coalition and information-sharing organizations that are available online for those looking for support and additional resources.
- Research school-related cyber breaches that can further inform families of student data vulnerabilities.
- Consider using credit or identity theft monitoring to check for any fraudulent use of their children’s identity.
- Conduct regular internet searches of children’s information to help identify the exposure and spread of their information on the internet.
According to Ohio School Plan, cyber-crime has quickly grown into one of the largest contributors of overall crime statistics in terms of number of people affected and sums of money lost. Data theft is normally the result of a virus or some other programming adaptation aimed at locating and removing large amounts of personal information.
Ohio School Plan works with districts across the state on this issue and encourages districts to proactively look for opportunities to manage and reduce the detrimental effects of these risks. System firewalls, anti-virus software and operating systems were all developed to prevent data theft. These preventative measures are only successful if their programming is aware of the type of attack being used and prepared to recognize it. Thieves work diligently to create programs to disguise their preferred method of attack from current firewall, anti-virus and operating system configurations. Manufacturers of protective software constantly create updates or “patches” for their programs trying to stay ahead of the thieves.
The PSA noted that there are many districts across the United States that are working hard to address cybersecurity matters in their schools to protect students and their data. For districts seeking additional assistance, there are numerous online resources, consortiums, and organizations available that can provide support on data protection matters and cybersecurity best practices. OSBA offers the following links to relevant resources for districts:
- NSBA Cyber Secure Schools initiative – provides information and webinars featuring real-world best practices to help board members protect the personal information of students and employees.
- CoSN CyberSecurity for the Digital District – offers tools and resources that provide suggestions for reducing risk while allowing technology leaders to contribute to their schools’ goals of teaching and learning.
- NSBA Data Security for Schools – A Policy and Legal Guide – discusses the importance of data security in districts and its intersection with data privacy and data governance. Also describes the legal requirements and best practices for districts in the event of a data security breach.
- PTAC Data Security: K-12 and Higher Education – portal to recent guidance and best practice resources issued by the U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) to enhance the security of district information systems.