Keeping Data Safe and Sound

Today, he works in law enforcement, specializing in computer crimes and security, and Temaat is a database administrator for Buhler Unified School District 313 in Kansas. She shares the anecdote of her son's hacking misadventures when training teachers about the importance of computer privacy and security. "I've been asked to guard that data," she says, "and I take my job very seriously."

Temaat is lucky. She has a wealth of resources and support available to her because she works in a state that's widely considered a leader in creating and safeguarding longitudinal data systems. Such systems track individual students from pre-kindergarten through postsecondary school to identify and replicate patterns of achievement. But many of her peers around the country struggle to keep their ever-increasing student data secure.

"K-12 is a different animal than any other industry out there," explains Sandy Crews, systems and security services manager at Brevard Public Schools in Viera, Fla. "We're protecting children, so it's a different world."

Given that reality, the U.S. Department of Education has stepped in to help. Last fall, DOE created the Privacy Technical Assistance Center, which provides resources, site visits, training materials, regional meetings and a help desk to states, districts and schools seeking guidance on how to handle individual student-level data appropriately. In April, DOE hired its first chief privacy officer, Kathleen Styles, and announced a few initiatives to safeguard privacy.

In addition to releasing a series of technical briefs addressing privacy and confidentiality, the department proposed amendments to the Family Educational Rights and Privacy Act (FERPA), the 1974 law governing the privacy of student data. DOE officials are reviewing public comments on the proposed changes and plan to announce the amendments by year's end. "This is a 20th century law in a 21st century world," Styles says. "We want to make it work better."

Protect Before You Collect

It's been six years since schools changed the way they report information to the Kansas State Department of Education (KSDE). Rather than sending aggregate student counts, schools now send information about individual students, who are assigned unique ID numbers to keep track of them.

"We really anticipated a lot of pushback from school staff over giving children identifiers," recalls KSDE IT Director Kathy Gosa. "We had some, but it wasn't nearly as broad as we expected" – most likely because KSDE spent a lot of time explaining the benefits of the data being collected so that everyone would recognize its value. Data collection was no longer just a requirement, she explains. It had become an opportunity.

KSDE also put a lot of thought into managing the data, which allayed concerns about it being misused. If you wait until after you build your systems to think about governance and security, Gosa says, you'll be at risk. "The first thing we did was put together our policy for protecting student data," she says.

In the past, program areas (vocational training or special education, for instance) collected some individual student data. But they didn't offer a longitudinal view; they were merely snapshots with no way to tie records from one program area to another. So there were redundant systems and data but no quality or security standards.

Now, district staff enter core information (name, birth date, grade level and gender, for example) into the Kansas Individual Data on Students (KIDS) system, which is stored in the state's longitudinal data warehouse. Program staff in the schools can enter or change only information specific to their program areas. If they think there's a problem with the core information, they must go through the district staff to update it in KIDS. KSDE's enterprise data system provides access to the information through data marts (the access layers of a data warehouse) that include reports and dashboards for principals, superintendents and teachers, and analysis tools for researchers and evaluation experts.

Security varies based on who is viewing the data. Individual student data is accessible through an authenticated interface to appropriate school staff, summarized data is available for public reports, and de-identified data (that which does not identify an individual and can't be used to identify an individual) is available to authorized researchers.

Gosa and her staff completed training in data warehousing, and they built the enterprise data system using SQL, SharePoint and the Microsoft .NET Framework. By creating it in-house, KSDE expanded its expertise after deployment – a significant advantage in sustaining the system, she says.

All of the department's data collection and reporting applications, including KIDS, use a single sign-on portal with password aging (an operating system feature that forces users to change their passwords regularly). The superintendents or their designees must approve access for individuals in their districts.

For instance, Temaat is the KIDS administrator for Buhler USD 313, and she determines not only who can see data, but also what portions of data they can see. "Most of the time, it's pretty clear-cut," Temaat says. When she's not sure, she errs on the side of privacy. "I don't just arbitrarily give out information. They have to be able to prove they have the legal right to see it."

Give and Take

Like many districts, Florida's Brevard Public Schools can't afford to equip every student with a computer, so students often bring in notebook computers or smartphones. The "bring your own technology" approach can go a long way toward enriching the curriculum, but it keeps the IT staff busy. The risk of viruses and malware rises with each device that connects to a district computer or network.

"It's a constant balancing act," Brevard's Crews says. "To provide the best possible education, we can't close everything just because there's a risk. That's the toughest job: Deciding what's too big of a risk. And there's no formula available."

Brevard Public Schools employees can only access student data using district-approved software. The district rates and protects every application based on the critical nature and confidentiality of its data, she explains. For instance, applications containing private student information require regularly updated passwords with specified letter/number combinations, and they block logins after a few failed attempts. Data also is encrypted when accessing applications with higher ratings.

Brevard Public Schools also limits who has access to certain tools and data. The principal of each school "owns" the data and decides who can access what information. "It's the principle of least privilege," Crews says. "You don't get access unless there is a business need for it."

In or Out?

More districts are taking this least-privilege approach. But seemingly harmless directory information has become a problem for many schools.

Directory information can be useful – when printing graduation programs or sending out information about class rings, for example. Once it's collected, however, it becomes public record and is available to anyone who requests it. If the DOE's proposed changes to FERPA go through, schools will be able to limit how directory information is used (solely for yearbooks, for instance) so that it doesn't get into the hands of child predators, identity thieves or marketers. In the meantime, districts are taking a closer look at what goes into directories.

For years, the Plano (Texas) Independent School District had a long list of categories included in its directory information. In 2009, while moving from a paper-based to an automated data-collection system, district leaders reviewed each type of data collected and questioned the purpose it served. In the process, they eliminated fields such as home address, phone number and e-mail address.

Parents can opt out of having their children's directory information released to the public. They also can withhold their child's information and photos from college and military recruiters and from PTA-produced publications, websites and events.

But there are situations in which access to students' personal information can be helpful, says Jim Hirsch, Plano ISD's associate superintendent for academic and technology services. For instance, a college basketball coach might be interested in students' height and weight when reviewing candidates for scholarships.

Beyond the legal requirements, schools should "let parents understand that it truly is their choice," Hirsch continues. "If they opt on the side of privacy, they should know that their child might not get that recruiting letter from Stanford."