Student Privacy Newsletter
January 2022 Student Privacy Newsletter- studentprivacy.ed.gov
Welcome to the newly redesigned SPPO monthly newsletter! As we begin 2022, we are delighted to share important updates from our office, along with key resources to help you better manage privacy risks in your state or district. This edition of our newsletter also coincides with Data Privacy Week, which occurs from January 24-28. Organized by the National Cybersecurity Alliance, Data Privacy Week recognizes the principle that all organizations share the responsibility of being good stewards of personal information. During Data Privacy Week, we want to take this opportunity to thank you for your important work to protect student data and encourage you to continue embedding a privacy culture into your organization.
PTAC has created 8 flyers for schools and education stakeholders to use to help share the message to protect student data. These flyers encompass a multitude of student privacy topics and best practices from handling personally identifiable information to malware and phishing reminders. Hang these up in your office or classroom to spread the word!
This document was developed as a companion piece to the video Developing a Privacy Program for your School District. The document provides an overview and rationale for why districts need, and should take the time to create and implement, a program to protect personally identifiable information from student records.
How schools and districts can help parents understand a data breach – It can be alarming news for parents and students to receive notification that a data breach has occurred, but there are some immediate steps that can be taken to better understand what happened and reduce the risk of any negative consequences. PTAC has created a resource for you to share with parents if a breach occurs in your district. This includes actionable steps to help parents protect their student’s data:
- Checking the school’s website often and be alert for letters from the school to get
updates on the breach.
- Thinking about changing account passwords, ensuring that they are complex and unique.
- Checking credit reports for unauthorized activity or notify credit bureaus or the
Internal Revenue Service (IRS).
- Reporting to state or local law enforcement if there is indication of identity theft or
other criminal activity.
- Obtaining some form of credit or identity theft monitoring (this often is offered by
the school in cases where sensitive information was involved).
- Monitoring financial, email, and social media accounts for unexpected activity.
For information on additional steps that parents and students can take in the event of a data breach, as well as best practices, please see our Parent’s Guide for Understanding K-12 School Data Breaches.
Where has SPPO been?
Public Engagement – In this section, we want to share information and highlights from a sampling of our recent presentations and remind you that you can request our (free!) services, which include both on-site and virtual privacy-related technical assistance. Visit our webpage to view our service offerings and submit a request.
- NCES Forum
PTAC was invited by the National Forum on Education Statistics (Forum) to conduct a privacy and security training for its members, emphasizing transparency. During this virtual training, PTAC reviewed best practices on communicating with parents regarding school and district data collection policies and procedures, paying specific attention to what information is collected, how it’s safeguarded and used, and why.
- Carson City School District
PTAC also conducted a webinar for Carson City School District in Nevada, dedicated to reviewing the basics of the Family Educational Rights and Privacy Act (FERPA). Participants delved into common scenarios faced by districts in order to improve their understanding of FERPA and reduce misconceptions and misunderstandings surrounding the law.
Webinar: Save the Date
Postsecondary Student Privacy & Data Security Webinar
GAO Report on K-12 Data Breaches – The September 2020 U.S. Government Accountability Office (GAO) report “Data Security: Recent K-12 Data Breaches Show That Students Are Vulnerable to Harm” is the outcome of a request to GAO to review the security of K-12 students’ data. Findings revealed that during the study period, July 2016 – May 2020, thousands of K-12 students were impacted by data breaches, affecting everything from academic records to Social Security numbers. Those responsible ranged from teachers to students to professional cybercriminals; breaches were both accidental and intentional, each one potentially affected thousands of students.
The report noted that federal agencies have provided programs, services, and support to assist kindergarten through 12th grade (K-12) schools in defending against cyber threats. Examples of such support include incident response assistance, network monitoring tools, and guidance for parents and students on preparing for online cyber threats. Highlighted resources included PTAC’s cybersecurity resources, namely the Data Breach Response Training Kit.
The full report is available here.
Don’t Forget the Help Desk!
If you have a student privacy question to which you can’t find an answer on our Student Privacy website, don’t forget you can contact us! The Student Privacy Help Desk, available via email or phone, is staffed by professionals with deep knowledge of the law as well as its practical applications. Please contact us with your questions at PrivacyTA@ed.gov or 1-855-249-3072.