What Do You Need To Know About Managing Student Data?

Posted by Josh Young on 15 December 2016 |

what do you need to know about managing student dataModern technology has given us more options on how campuses and students interact. Teachers can assign tasks or share ideas with students over social media. Online education reduces the need to ever step foot in a classroom. And students can more easily connect and collaborate on projects.

With so many day-to-day interactions occurring virtually, the amount of student data -- including private, confidential data -- has only increased. And while these interactions offer the ability to gain greater insight into students and their unique educational needs, it also creates new challenges on how to properly manage all of this information.

There are numerous state and federal requirements that dictate how these various classes of data should be managed, and your school is responsible for meeting these standards.

What Guidelines Should You Be Aware Of?

FERPA

The Family Educational Rights and Privacy Act (FERPA) establishes student data privacy guidelines for any educational institution that receives Department of Education (DOE) funding. Among other requirements, the act restricts access to various types of student data, such as class rosters, grades, schedules, and student identification numbers. The law also gives students the option to further restrict their information, making even their name a piece of confidential data.

Given the broad nature of some of these categories, FERPA has had a great deal of impact on communication with students. And these lines of communication only become more tenuous with the introduction of social media.

For example, one reporter was able to circumvent FERPA restrictions and gain access to medical records, disciplinary information, grades and special needs plans for dozens of students of a local middle school simply by accessing a third-party web-hosting platform frequented by educators.

HIPAA

Depending on the types of student medical data managed by your campus, your school may or may not need to worry about complying with the privacy guidelines of the Health Insurance Portability and Accountability Act (HIPAA). If you track only basic information, more than likely these records will fall under the requirements outlined by FERPA. However, if your campus maintains a student health facility or hospital, then much further diligence will need to be placed into properly handling your students' medical information.

PCI

The Payment Card Industry (PCI) data security standards are industry guidelines that outline the proper processing of payment and credit card transactions. Among its security requirements, these guidelines require that organizations properly protect the confidentiality of transaction data and conduct routine PCI awareness training.

State regulations

Beyond federal guidelines, you also need to comply with state regulations. Since 2013, 36 states have established 73 regulations that cover the privacy of student data. And in 2016 alone, 34 states proposed 112 new bills.

Many of these regulations expand privacy status to all student data, while others place increased scrutiny on online education.

While your state may be one of the few yet to enact any regional policies, the trend suggests that it's just a matter of time.

What Can You Do to Protect Student Data?

Establish technical guidelines

Coordinate with your IT support team and privacy experts to outline how student data should be stored and accessed. Consider encrypting private information, particularly if the records are stored on removable media (e.g., USB drive, CD). A misplaced USB drive with private student information is just as much a violation of FERPA as publicly posting student grades.

Build a list of authorized third-party services (e.g., educational tools, cloud storage, collaboration programs) that can or cannot be used by staff.

Draft faculty policy

Clearly define how teachers and administrators can communicate with students and what types of information can be shared in these discussions. For example, a teacher can have a private, one-on-one conversation with a student about their slipping grades; however, conducting that conversation on Twitter or Facebook might not be the wisest idea.

Create a mechanism for teachers to request access to new online tools or services. Then your IT team can verify that the service meets minimum privacy requirements or suggest an alternative platform that does.

Educate the educators

A comprehensive training policy is a must. Anyone that touches student data -- teachers, teaching assistants, IT staff, administrators -- needs to be made aware of the responsibility to protect student privacy.

Conclusion

Protecting the privacy of your students is a complicated endeavor, but one that you must stay committed to. By prioritizing the confidentiality of your students, you can avoid potential penalties, the loss of funding, and undermining your reputation in the community.

To learn more about how you can encourage the proper management of student data at your campus, check out our campus data privacy and security training.

comments powered by Disqus