We must be proactive in managing access, ownership and usage of student data. We also cannot sacrifice the opportunities to change a student’s academic outlook simply because limiting access is easier than training staff
When I speak with my colleagues, it becomes evident that student data privacy and overall data security is of utmost importance to us all. We spend money on the latest tools to keep the data safe. We pay security auditors to ensure that our systems do not have any gaping holes that might allow hackers inside. We attend trainings. We stay up-to-speed on the latest literature. We talk to each other.
But, is it enough?
The last thing data managers want to do is spend time and effort policing access to student data. We want to feel comfortable that checks and balances are in place to ensure the proper people have access to the proper data. We want to assume that those with access to the data know what data they have access to, when accessing data is appropriate, andwith whom (if anyone) the data can be shared. Unfortunately, too many staff members do not fully understand all these limitations. As the managers of this data, we cannot assume that all users understand the rules. In an education setting, organizations that capture and manage student data need to be held to a higher standard of data security.
So, how do we address the issue?Should we restrict access to the bare minimum? Should we require special certification to access the data? Should all data requests go through a “data czar”? Although all these ideas may be useful on a small scale, implementing restrictions that are too stringent will limit the ability of teachers and staff to properly serve their students.
The data stored on our students has an amazing story to tell. We can see stories of growth and regression. We can see tales of achievement and struggle. But, without providing access to the data to those who can use it, all these stories, and the predictive power that they hold,is locked away in a vault collecting dust. Unutilized data is a wasted opportunity to serve students.
So, how do we find the balance?
We must, first and foremost, protect student data. The first line of defense is preventing unauthorized external users from accessing the data. Basically, we must keep the hackers out. Use the software.Use the consultants.Use all the safeguards you can to prevent compromising data. At the end of the day, if you have secured your data as best you can from external predators, you should feel good about yourself, right? Maybe not.
Every day, you allow hundreds, perhaps thousands of amateur data scientists to access vast amounts of student data. These are your teachers, your principals, your counselors and your clerical staff. They create data. They view data. They design presentations and spreadsheets using the data. But, do they understand the rules related to displaying, sharing or disseminating this data?
Let’s be honest. Do YOU fully understand the rules?
Over the past number of years, states around the nation have implemented a variety or laws revolving around student data privacy. Sometimes the language is confusing and vague. Sometimes it is difficult for someone without a law degree to fully digest them. These laws pile on top of federal regulations like FERPA (Family Educational Rights and Privacy Act) and COPPA (Children’s Online Privacy Protection Act), which also have a vagueness that can drive you mad. I recently attended a FERPA training, and the presenter told us that the answer to every question about FERPA is “It depends.”
So, how do I keep the data safe if there are not explicit rules to follow?
Most data managers understand the basics of federal and state laws that apply to them. Honestly, most of the core restrictions arefairly straightforward. But, are we teaching our staff members the rules of navigating through the data? We can implement the most secure technological systems on the planet to secure our students’ data, but if we fail to train those who access the data on how to keep it secure, we are failing our students.
At the same time, we must utilize the millions of data points we collect to properly serve our students. We must provide teachers access to data thatindicates the academic standards where students are struggling. We must provide data to counselors that allows them to identify students at risk of dropping out. We must provide principals data that helps them develop programs that improve grades, attendance and community involvement. We cannot hoard the data when so much can be gained from it. We must protect the data, but we must also serve the students.
Student data managers cannot wait for problems to arise. We must be proactive in managing access, ownership and usage of student data. We also cannot sacrifice the opportunities to change a student’s academic outlook simply because limiting access is easier than training staff. We must actively train staff on the proper access and use of student data. As stewards of the data we owe it to our students. We must do everything we can to protect (the data) and serve (the student).