Data Security for Schools: A Legal and Policy Guide for School Boards

Page 21

Data Security for Schools | September 2019

Endnotes 1

FERPA is the federal law that protects the privacy of student records. 20 U.S.C. § 1232g; 34 C.F.R. Pt. 99.

Natasha Singer, Privacy Pitfalls as Education Apps Spread Haphazardly, N.Y. Times at B1 (Mar. 12, 2015), available at http://www.nytimes. com/2015/03/12/technology/learning-apps-outstrip-school-oversight-and-student-privacy-is-among-the-risks.html. 2

Nat’l Sch. Bds. Ass’n., Data in the Cloud: A Legal and Policy Guide for School Boards on Student Data Privacy in the Cloud Computing Era (April 2014), https://www.nsba.org/-/media/NSBA/File/legal-data-in-the-cloud-guide.pdf?la=en&hash=D74E3D55A0ED0073AE530A079F83F9280CF4BD25. 3

4

See, e.g., Information Protection @MIT, https://infoprotect.mit.edu/risks-to-data https://ist.mit.edu/security/data_risks (last visited Aug. 26, 2019).

5

Privacy Rights Clearinghouse, Data Breaches, https://www.privacyrights.org/data-breaches.

Kristen Taketa, San Diego Unified data breach hits staff, plus as many as 500,000 students, Los Angeles Times (Dec. 31, 2018), https://www.latimes. com/local/lanow/la-me-ln-san-diego-unified-data-breach-20181221-story.html. 6

Privacy Rights Clearinghouse, Central Islip Union Free School District: Security Breach Letter (Feb. 13, 2018), available at https://www.privacyrights. org/data-breaches. 7

8

Ponemon Institute LLC, IBM, 2019 Cost of Data Breach Report at https://www.ibm.com/downloads/cas/ZBZLY7KL.

Nat’l Forum on Educ. Statistics, U.S. Dep’t of Educ., Forum Guide to Education Data Privacy, NFES 2016-096 (July 2016), https://nces. ed.gov/pubs2016/NFES2016096.pdf. 9

10

Id. at *11.

U.S. Dep’t of Educ., Data-Sharing Tool Kit for Communities: How to Leverage Community Relationships While Protecting Student Privacy (Mar. 2016), https://www2.ed.gov/programs/promiseneighborhoods/datasharingtool.pdf. 11

12

Id. at *14.

13

U.S. Dep’t of Educ., Data Security Checklist (Rev. July 2015), https://studentprivacy.ed.gov/resources/data-security-checklist.

U.S. Dep’t of Educ., Best Practices for Data Destruction (Rev. March 2019), https://studentprivacy.ed.gov/resources/best-practices-data-destruction 14

15

U.S. Dep't of Educ., Data Breach, https://studentprivacy.ed.gov/topic/data-breach.

16

201 CMR 17.03(1).

17

Id.

18

See Data Security Checklist supra note 15 and resources available at http://studentprivacy.ed.gov/topic/security-best-practices.

19

See supra note 15, Data Security Checklist.

20

Id.

21

20 U.S.C. § 1417(c).

34 C.F.R. §§ 300.624(b), 303.416(b) (IDEA regulations allow a permanent record of the child’s name, date of birth, parent contact information, and other select data to be maintained without time limitation.). 22

Center for Digital Education, Issue Brief ― Safeguarding Student Data in the Age of Digital Learning: Responsible privacy practices for K-12 school districts (2016), https://ess.csa.canon.com/rs/206-CLL-191/images/K-12-Issue-Brief-Safeguarding-Student-Data.pdf. 23

24

N.Y. Educ. Law § 2-d(2).

25

Id.

26

Id. § 2-d(2)(b).

27

Id. § 2-d(2)(c).

28

See https://studentprivacy.ed.gov/resources/data-breach-response-training-kit.

29

45 C.F.R. §§ 164.400-.414.

30

Greg Mohan, Data Breach at Olympia School District: Employees (sic) personal information released in phishing scam, The Cooper Point Jour-

nal, May 4, 2016, https://www.cooperpointjournal.com/2016/05/04/data-breach-at-olympia-school-district-employees-personal-information-released-in-phishing-scam/.

© National School Boards Association, 2019. All rights reserved.

19


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.