Daniel A. Domenech
Executive Director, The School Superintendents Association
There is nothing more important to parents than the safety of their children. In this digital age, the threat to children has expanded to more and more online predators and risks. Schools are focused on teaching children how to understand, manage, and protect their digital footprint, but the sheer volume of online threats can be overwhelming.
Since 2000, federal laws such as the Children’s Online Privacy Protection Act have mandated actions necessary to protect children’s safety online, yet serious challenges remain in keeping students and their personal information safe.
Amelia Vance at the Future of Privacy Forum agrees that superintendents are overwhelmed by constant changes in the student privacy legal landscape. She reports that since just 2014, 41 states have passed 126 new student privacy laws, many of which place substantial compliance burdens on districts without providing resources to implement them. Often, districts are not consulted when safety bills are considered or notified when they pass. One state passed six student privacy laws in four years.
Superintendents are also dealing with numerous cyber threats. If major companies such as Target and Capital One can be hacked, school district student and staff data are also at risk. School districts are constantly subject to hacks and phishing attempts to get access to employee bank accounts or install ransomware. In 2017, the IRS warned that schemes to target tax information had spread beyond the corporate world to schools.
Barriers to security
The primary challenge to privacy and security is human. Few districts have technical expertise or can afford to hire new personnel to increase cybersecurity protection. Therefore, educating staff and parents about how to protect student data becomes essential. The School Superintendents Association (AASA) has partnered with the Consortium for School Networking to develop resources that help superintendents and their teams understand the complexities of cybersecurity risk. AASA, with 39 other national education organizations, co-signed the Student Data Principles to define why we collect student data and to encourage policymakers to consider cybersecurity a national threat.
Given the push for data sharing to reduce paperwork and redundancy, fully funding student privacy laws is important. Utah has made student privacy and protection a priority, and fully funded its student privacy law at the state level to provide ongoing model policies, training, and other resources to help districts employ best practices. There are no simple answers to making our schools safe in a digital world. We must start with educating people and providing resources for intervention.