Connect with us


Student Data Security and Privacy Must Be Taken More Seriously — THE Journal



Expert Viewpoint: Data Privacy Week

Student Data Security and Privacy Must Be Taken More Seriously

School districts continue to see value in using Google Workspace, Microsoft 365, video conferencing platforms, and other cloud apps even as remote learning restrictions have eased. However, as the use of these online solutions has increased, so have the student data privacy concerns.

Charlie Sander, CEO of ManagedMethods, works to shore up data security and privacy for K–12 students and schools.It’s no secret that school districts have been a popular target of cyberattacks. These cybersecurity incidents pose a threat to the privacy of the data stored by districts as more cyber criminals extract it for malicious use. Couple this with more activity by students and staff in the cloud, and you can see why data privacy in schools is threatened.

Data security and privacy are inseparable. With today kicking off Data Privacy Week, it’s a good time to take a step back and look at the efforts being made to ensure the privacy of our student’s data is being protected.

Government Efforts to Improve Data Privacy in Schools

Federal data security and privacy laws like FERPA, COPPA, CIPA, and others have provided a layer of protection. However, many agree that these regulations are outdated and do not offer enough to protect student data privacy and security in schools.

Given the increasing frequency of cybersecurity incidents in school districts, states are not waiting for Congress and are introducing their own laws to protect student data and privacy. According to Data Quality Campaign, 43 bills were signed into law in 22 states in 2020—with more being introduced.

Here is a short list of states and regulations I believe are leading the way:

  • Illinois’ Student Online Personal Protection Act: Effective July 1, 2021, school districts are now required by the Student Online Personal Protection Act to provide additional guarantees that student data is protected when collected by educational technology companies, and is used for beneficial purposes only.
  • Texas’ Senate Bill 820: Passed into law in 2019, SB 820 requires school districts to develop and maintain a cybersecurity framework that will:
    • Secure the district against cyberattacks and/or incidents
    • Establish a framework that meets the standards set by the Department of Information Resources
    • Establish a risk assessment and mitigation plan
    • Assign a Cybersecurity Coordinator to serve as the liaison between the school district and the DIR
    • Report any cyberattack or incident as soon as possible to the DIR
  • New York’s State Education Law 2-d: Introduced in January 2020, the regulations guide schools and their third-party vendors to strengthen data privacy and security. Education Law 2-d outlines the minimum requirement necessary to ensure the confidentiality, integrity, and availability of State Education Department Information Technology assets and data.
  • California’s Student Online Personal Information Protection Act: Since taking effect in January 2016, the Student Online Personal Information Protection Act prohibits operators from sharing student data and using it for targeted advertising on students for a non-educational purpose. It also requires operators to delete a student’s information at the request of the school or district.

Federal Approach to Protecting Student Data?

Momentum is beginning to pick up at the federal level, most recently with the K-12 Cybersecurity Act being signed into law in October 2021. This law requires the Cybersecurity and Infrastructure Agency to study the cybersecurity risks facing elementary and secondary schools and develop recommendations that include cybersecurity guidelines designed to assist schools.

The study must evaluate the challenges schools face in securing information systems they own, lease, or rely on. It will also evaluate the challenges in securing sensitive student and employee records. Upon completion of the study, CISA will develop an online training toolkit designed for school officials and make the study’s findings, the cybersecurity guidelines, and the toolkit available on the Department of Homeland Security website.

It is important to note that the use of CISA’s recommendations is voluntary by school districts, which raises the question: Are district administrators taking data security in their school district’s seriously?

The State of Data Privacy and Security in Schools

If the proper cybersecurity measures are not put in place by school districts, then the information of students stored is vulnerable to a breach. The bills and laws are being brought forth by state and federal government, but is it leading to action by district administrators?

According to a report from ManagedMethods and EdWeek Research Center, this may not be the case. Of the hundreds of district administrators surveyed, 77% said they were not very concerned with data breaches or leaks. In regards to complying with government regulations, 79% reported not being very concerned and 43% said they either do not monitor for potential regulatory violations or do not know if they do.

The pandemic sparked a massive change in the way education is delivered. For district administrators, it has created a new and everchanging challenge to ensure learning environments are secure and student privacy is protected. The survey by EdWeek Research Center suggests administrators may be under-informed about what steps must be taken to protect what is created, shared, and stored in the cloud.

There is no data privacy without data security. Federal and state governments are becoming more involved in creating guidelines for privacy policies and cybersecurity practices. It’s time for district administrators to get more serious and take action to protect the privacy of our students.

Source link


Inventionland Course and Contest Leads to Product License for Middle School Students — THE Journal




Inventionland Course and Contest Leads to Product License for Middle School Students

Two eighth-grade students in the Grove
City (PA) Middle School
have garnered a product
license for their invention following completion of Inventionland’s
Innovation Curriculum
course and winning both their
middle school and regional contests. The course, which Inventionland
describes as a “cross-discipline STEAM toolbox,” uses the same
nine-step invention process
the company follows in its
own commercial applications.

Innovation Curriculum is divided into elementary, middle, and high
school sections, with age-appropriate activities for various grades.
Students work in teams to develop a new product. Upon completion,
teams can enter their inventions in local, regional, and national
contests. Inventionland also helps schools to design and reconfigure
classrooms and underutilized spaces into “innovation
” that facilitate immersive learning.

Inventionland’s nine-step process, steps 1 to 3 focus on
discovering a problem and inventing ideas to solve it using STEAM
skills. In steps 4 to 6, students sketch and create concept models of
their invention. In steps 7 to 9, they make a working model, create
packaging, and develop a marketing presentation.

are then ready to enter their inventions in contests
starting at the local level, with winners moving on to regional and
national levels, as the Grove City students did. Inventionland’s
founder, George Davis, impressed with the two girls’ invention,
contacted a product distribution company, who offered a licensing

this page for more background on Inventionland’s history and its
education curriculum
. See
a video about how Grove City Middle School implements the Innovation

Source link

Continue Reading


Texas CIO Report Calls for New Law Requiring K–12 Schools to Report All Cyber Incidents — THE Journal



Cybersecurity & Data Privacy

Texas CIO Report Calls for New Law Requiring K–12 Schools to Report All Cyber Incidents

Expansion of Digital Signatures, Regional Joint IT Operations for Local, State Agencies Also Proposed

The Texas Department of Information Resources, in its newly released Biennial Performance Report, has asked the state legislature to require Texas school districts to report cybersecurity incidents to its office within a minimum reporting timeframe.

Currently, public schools in Texas are required to notify the Texas Education Agency of cyber incidents that result in unauthorized theft, duplication, transmission, use, or viewing of student information that is “sensitive, protected, or confidential as provided by state or federal law.” And the Texas Business and Commerce Code says that includes encrypted data, too, if the threat actor has the decryption key.

But, as the Texas Association of School Board discusses at length in several website guides for districts, neither of those laws explain much beyond that — and neither law requires the TEA to publish or share any accounting of the cyber incidents that are reported by school districts. Historically, the TEA has considered such data to be exempt from Freedom of Information laws.

The BPR, released Nov. 16, also requested legislative action to expand DIR’s pilot program with Angelo State University in West Texas that established a Regional Security Operations Center to provide university students with hands-on cybersecurity experience and give boots-on-the-ground support to local taxpayer-funded agencies — including K–12 school districts — that need assistance with major cybersecurity incidents.

The BPR tracks state-funded agencies’ technology progress in fiscal years 2021 and 2022; highlights their technology accomplishments; lists areas of concern; and recommends policy and legislative changes to improve the effectiveness of IT operations at state and taxpayer-funded agencies.

“Over the past two years, state agencies in Texas showed significant progress in delivering secure, innovative technology that makes government more efficient, effective, transparent, and accountable,” said Amanda Crawford, DIR’s executive director and Texas’ Chief Information Officer, in a statement announcing the report’s release. “I applaud the hard work and effort of state agencies which, along with the support of the Texas Legislature, drive the state of Texas to lead the nation in delivering a secure, digital government through well-designed, innovative, and efficient technology solutions.”

The 2022 BPR is available on the DIR website at

Other legislative recommendations relevant to public schools included in the new BPR:

  • Enable private sector peer-to-peer payment solutions commonly used by the public to provide additional payment methods for government services
  • Enable broader access to digital government services, streamlined processes, and digitization by expanding the use of digital signatures

In discussing the need for better, thorough incident reporting, the BPR states:

“Sharing information is essential for protecting public sector assets, personal or sensitive information, and critical infrastructure. State agencies and institutions of higher education are required to report certain types of security incidents to DIR within a minimum timeframe … suspected cybersecurity incidents, including breaches and ransomware attacks, to DIR. School districts report cybersecurity incidents to the Texas Education Agency and county election officials are required to notify the Secretary of State,” the report reads.

“Also, Texas law does not set a standard timeframe for local governments to report cyberattacks. This incongruent reporting of cybersecurity incidents may hinder Texas in tracking trends and understanding the scope and complexity of cyberattacks as well as how they may be related to another cyberattack. By requiring municipalities, school districts, and counties to report cybersecurity incidents to DIR, the state will have a more complete picture of potential threats and may be able to prevent future attacks, avoiding costly response and recovery efforts.”

About the request for funds to expand the RSOC pilot program, the report states:

The law authorizing the RSOC pilot program states the RSOC “may offer network security infrastructure that local governments can utilize and provide real-time network security monitoring; network security alerts; incident response; and cybersecurity educational services. Eligible customers of the RSOC include counties, local governments, school districts, water districts, and hospital districts,” according to the BPR summary.

“DIR’s vision for the RSOC initiative is to partner with additional public universities and establish RSOCs throughout the state to serve local entities and assist in protecting the state from cyber threats,” Crawford wrote in the report. “This vision aligns with a whole-of-state approach to cybersecurity that increases the threat protection and cyber maturity of all of Texas through collaboration and partnerships. DIR is requesting funding from the 88th Legislature to establish two additional RSOCs including one in the Rio Grande Valley and one in central Texas.”

Calls for More Digital Signatures and Blockchain Guidance

Another DIR recommendation that would impact public schools statewide, if lawmakers act, is for new legislation to enable broader access to digital government services, streamlined processes, and digitization by expanding the use of digital signatures.

“Currently, a digital signature can be used to authenticate a written electronic communication sent by an individual to a state agency or local government if the signature complies with DIR’s rules as well as rules adopted by the state agency or local government,” the BPR explained. “Allowing more digital signatures in lieu of handwritten signatures, without additional rule-making, could lead to improved administrative efficiency and reduced costs.”

A final recommendation for lawmakers spelled out in the BPR is “provide guidance for distributed ledger and blockchain technology best practices.”

Nationally, a handful of U.S. universities have piloted using blockchain technology to store and share digital credentials such as academic records; although widespread adoption of blockchain for academic records at any level isn’t seen as likely to happen anytime soon, the DIR noted that 10% of state agencies have said they’re considering adopting distributed ledger-based systems.

View or download the full 2022 BPR at

Source link

Continue Reading


Smart Technologies Rolls Out Android 11 Update as Part of iQ 3.12 Release for Smart Boards — THE Journal



Classroom Technologies

Smart Technologies Rolls Out Android 11 Update as Part of iQ 3.12 Release for Smart Boards

Interactive whiteboard maker Smart Technologies has announced its iQ 3.12 release, which includes an over-the-air upgrade to the Android 11 operating system. The company says the automatic update includes better performance, features, and security and privacy upgrades, allowing more product cycle control and convenience for users.

Smart Technologies announced in Spring 2022 it was the first manufacturer to launch interactive displays supporting Android 11, with functions that relieve users from having to purchase new panels or modules. The November 2022 over-the-air update provides:

  • Android 11 upgrades to SMART V3 interactive displays with the iQ platform;
  • Greater interoperability and support for 64-bit apps; and
  • Improved iQ platform longevity using the Android 11 support timeline for patches and security updates.

In addition, all supported iQ displays will automatically receive these features, the company said:

  • Whole-class collaborative whiteboard improved with content attribution for student contributions from their devices;
  • New pedagogically designed ready-made resources for student contribution from devices;
  • Single-question assessments such as polls;
  • ‘Shout it Out’ brainstorming templates; and
  • Exit tickets and knowledge gathering.

Visit this page to learn more about Smart interactive boards for education and see this page for a comparison of Smart board displays and specs.

Source link

Continue Reading