Washington, D.C., and the MLB All-Star game were the backdrop for the inaugural CoSN Student Data Privacy Workshop. 35 CTOs, CIOs, and Superintendents from as far away as Texas gathered to collaborate on this important topic. The framework of this event was the CoSN Trusted Learning Environment (TLE) Seal Program. This seal program is the “nation’s only data privacy seal for school systems” that recognizes school districts’ commitment to high standards around student data privacy. The workshop was presided over by Linnette Attai, CoSN Project Director, President of Playwell, LLC, and author of Student Data Privacy: Building a School Compliance Program focused on four of the five TLE core practice areas: Leadership, Data Security, Business Practices, and Professional Development and Classroom.
Keynote
The workshop began with a very informative keynote address by Michael Hawes, the Student Privacy Policy and Assistance Division (SSPAD) Director for the U.S. Dept of Education. He stated that the SSPAD’s core mission is to promote best practices, raise awareness, and seek adoption of student data privacy policies “above and beyond” FERPA. He highlighted the challenges that school districts face when dealing with third-party service providers and student personally identifiable information (PII). He emphasized that edtech is here to stay. Until data privacy policies and procedures are in place, districts, students, teachers, and parents are vulnerable to phishing and identity theft. He ended his keynote with words of encouragement for the group by saying that it doesn’t have to happen at once… set reasonable goals, involve leadership, and utilize the many available resources such as SSPAD resource site and the CoSN Protecting Privacy in Connected Learning Toolkit.
Leadership
Champions was the term most used during this session. During both the leadership failfest and the discussion panel by four TLE seal leaders, it was emphasized that it is critical to have leadership champions. By getting district and building leadership involved, decisions around student data policies will be value-driven, not fear-driven.
Data Security
The tabletop exercises around data security were educational for many at this workshop. Linnette energized us into action when attendees were walked thru a comprehensive incident response plan model that included response team identification, detection and analysis of the situation, containment, remediation, communication, and post-mortem.https://2b33be029767acfd1fea615174589119.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html.
Business Practices
This third core element ignited much discussion around the building and implementation of third-party vetting processes. The group’s consensus was that it is important to look at what other schools are doing, get into a dialog with third-party vendors around a district data privacy agreement, and recognize the risk management around vetting possible third-party applications program adoptions in your district.
Professional Development
This share session focused on creative ways to approach professional development within our districts. It was a lively discussion ranging from posters around the school to phishing tests to weekly tips for faculty in creative locations. We all agreed that student data privacy is a mindset and cultural change that will take time. If we can make connections for parents and teachers about how this could impact their personal lives, we can make those critical changes that will protect our students. Educating teachers then helps inform their classroom practices and then educate students and parents on these important issues.
Action Planning
This CoSN workshop modeled engaging in the process by having all participants complete a CoSN TLE Practice Self-Evaluation. This self-evaluation had the group taking a hard look at strengths and areas of concern around data privacy policies in our own districts. The workshop ended with a reflection activity that resulted in a data privacy action that participants could build upon in our own districts.
Data privacy is not an IT problem; it is a people problem. As Keith Krueger, CoSN CEO, stated in his welcome letter, we need “to reframe the conversation around privacy of student data, and the key is to move from privacy to trust with our parents, community and policymakers.”
Source: Tech&Learning
Be First to Comment