Data Security for Schools | September 2019
Endnotes 1
FERPA is the federal law that protects the privacy of student records. 20 U.S.C. § 1232g; 34 C.F.R. Pt. 99.
Natasha Singer, Privacy Pitfalls as Education Apps Spread Haphazardly, N.Y. Times at B1 (Mar. 12, 2015), available at http://www.nytimes. com/2015/03/12/technology/learning-apps-outstrip-school-oversight-and-student-privacy-is-among-the-risks.html. 2
Nat’l Sch. Bds. Ass’n., Data in the Cloud: A Legal and Policy Guide for School Boards on Student Data Privacy in the Cloud Computing Era (April 2014), https://www.nsba.org/-/media/NSBA/File/legal-data-in-the-cloud-guide.pdf?la=en&hash=D74E3D55A0ED0073AE530A079F83F9280CF4BD25. 3
4
See, e.g., Information Protection @MIT, https://infoprotect.mit.edu/risks-to-data https://ist.mit.edu/security/data_risks (last visited Aug. 26, 2019).
5
Privacy Rights Clearinghouse, Data Breaches, https://www.privacyrights.org/data-breaches.
Kristen Taketa, San Diego Unified data breach hits staff, plus as many as 500,000 students, Los Angeles Times (Dec. 31, 2018), https://www.latimes. com/local/lanow/la-me-ln-san-diego-unified-data-breach-20181221-story.html. 6
Privacy Rights Clearinghouse, Central Islip Union Free School District: Security Breach Letter (Feb. 13, 2018), available at https://www.privacyrights. org/data-breaches. 7
8
Ponemon Institute LLC, IBM, 2019 Cost of Data Breach Report at https://www.ibm.com/downloads/cas/ZBZLY7KL.
Nat’l Forum on Educ. Statistics, U.S. Dep’t of Educ., Forum Guide to Education Data Privacy, NFES 2016-096 (July 2016), https://nces. ed.gov/pubs2016/NFES2016096.pdf. 9
10
Id. at *11.
U.S. Dep’t of Educ., Data-Sharing Tool Kit for Communities: How to Leverage Community Relationships While Protecting Student Privacy (Mar. 2016), https://www2.ed.gov/programs/promiseneighborhoods/datasharingtool.pdf. 11
12
Id. at *14.
13
U.S. Dep’t of Educ., Data Security Checklist (Rev. July 2015), https://studentprivacy.ed.gov/resources/data-security-checklist.
U.S. Dep’t of Educ., Best Practices for Data Destruction (Rev. March 2019), https://studentprivacy.ed.gov/resources/best-practices-data-destruction 14
15
U.S. Dep't of Educ., Data Breach, https://studentprivacy.ed.gov/topic/data-breach.
16
201 CMR 17.03(1).
17
Id.
18
See Data Security Checklist supra note 15 and resources available at http://studentprivacy.ed.gov/topic/security-best-practices.
19
See supra note 15, Data Security Checklist.
20
Id.
21
20 U.S.C. § 1417(c).
34 C.F.R. §§ 300.624(b), 303.416(b) (IDEA regulations allow a permanent record of the child’s name, date of birth, parent contact information, and other select data to be maintained without time limitation.). 22
Center for Digital Education, Issue Brief ― Safeguarding Student Data in the Age of Digital Learning: Responsible privacy practices for K-12 school districts (2016), https://ess.csa.canon.com/rs/206-CLL-191/images/K-12-Issue-Brief-Safeguarding-Student-Data.pdf. 23
24
N.Y. Educ. Law § 2-d(2).
25
Id.
26
Id. § 2-d(2)(b).
27
Id. § 2-d(2)(c).
28
See https://studentprivacy.ed.gov/resources/data-breach-response-training-kit.
29
45 C.F.R. §§ 164.400-.414.
30
Greg Mohan, Data Breach at Olympia School District: Employees (sic) personal information released in phishing scam, The Cooper Point Jour-
nal, May 4, 2016, https://www.cooperpointjournal.com/2016/05/04/data-breach-at-olympia-school-district-employees-personal-information-released-in-phishing-scam/.
© National School Boards Association, 2019. All rights reserved.
19