As school districts increasingly move to cloud computing instead of on-site data storage, the National School Boards Association (NSBA) and its Council of School Attorneys (COSA) have released a guide for school boards introducing the legal issues associated with protecting student data and suggesting best practices.
The guide, “Data in the Cloud,” seeks to raise awareness of student data privacy concerns, and to provide a framework for comprehensive student data privacy approaches in school districts.
The guide notes that cloud computing applications offer ease of use and accessibility, but come with the potential for loss of privacy and increased liability, as personal information is transferred to the application.
“School boards should consider starting a discussion with school district staff and their communities about building a comprehensive student privacy protection program,” said NSBA Executive Director Thomas J. Gentzel. “This guide is a helpful tool for school boards as they review and potentially rethink policies related to data and student privacy.”
The guide uses a question-and-answer format to explain the relevant terminology, recent academic research, the breadth of software offerings, important legal requirements, and additional resources available to school board members and school lawyers.
“The legal requirements that could potentially govern student data privacy are still evolving,” said Greg Guercio, COSA Chair. “The school law requirements section of this guide is a key asset for school districts and their attorneys. Current laws still leave plenty of room for interpretation on student privacy, making it is essential for district leaders to ask the right questions and understand potential problems.”
Recommendations for school boards include:
• Identify an individual district-wide Chief Privacy Officer (CPO), or a group of individuals with district-wide responsibility for privacy;
• Conduct a district-wide privacy assessment and online services audit;
• Establish a safety committee or data governance team that includes the school or district’s Chief Privacy Officer to work with the school community, recommend policies and best practices, and serves as the liaison between the school district and the community on privacy issues;
• Regularly review and update relevant district policies and incident response plans;
• Consistently, clearly, and regularly communicate with students, parents, and the community about privacy rights and district policies and practices with respect to student data privacy;
• Adopt consistent and clear contracting practices that appropriately address student data; and
• Train staff to ensure consistent implementation of school district’s policies and procedures.