Achieving IT Compliance in Schools
Technology in the classroom has become increasingly popular in recent decades as teachers turn to digital blackboards, interactive tablets, and web-based assignments to further student learning goals and keep students engaged. But the advantages of technology have become even more apparent in recent months due to the persistence of the COVID-19 pandemic. For many districts, educational technologies that were once an option are now a necessity as they conduct their lesson plans in full or hybrid remote environments.
But as school districts increase their use of educational technologies, they must also take precautions to minimize security risks. Mobile applications, computer software, and cloud-based tools continue to raise privacy concerns among teachers, students, and parents — specifically concerning the handling of personal student records.
To protect students and provide parents with peace of mind, school administrators must stay abreast of the IT industry’s latest security strategies and best practices. Here are some basics of achieving IT compliance in an educational environment.
FERPA and COPPA: The Basics of IT Compliance Regulation
Of the several IT compliance regulations that have emerged to help educational institutions and edtech vendors address privacy concerns, the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA) are two of the most well known.
FERPA is a federal law that protects the privacy of students’ educational records, including report cards, disciplinary records, and contact information documents. Under the law, parents and eligible students (those 18 and older) have the right to review relevant records and request any permissible changes to those records.
The law also states that schools must obtain written consent from parents or eligible students before disclosing any of a student’s personally identifiable information (PII). Exceptions to this rule include disclosures made to school officials with legitimate educational interests and disclosures made to another school at which the student intends to enroll, among others.
COPPA is a federal law that restricts internet service providers, web sites, and edtech vendors from collecting or using PII for students ages 13 and under. The law became effective in 2000 and has remained pertinent to children’s privacy ever since, especially as new solutions continue to emerge at rapid rates. Choosing COPPA-compliant vendors should be an integral part of schools’ plans for enhancing student data security.
Remaining Compliant in the Wake of COVID-19
As district administrators prepare to reopen their schools this fall, many are wondering how they can do their part to prevent the spread of COVID-19 and keep their communities safe. At the same time, parents and educators are concerned with efforts to distribute pertinent public health and safety information without compromising student privacy.
The Department of Education (DOE) is committed to enforcing FERPA and protecting student data during the pandemic and will continue to require consent from parents and eligible students where appropriate. One FERPA exception to this rule allows schools to disclose whether a student has COVID-19 so long as the student is neither directly nor indirectly identified. The DOE has also decided to allow schools to determine “on a case-by-case basis” whether an emergency is significant enough to warrant disclosing PII to protect the health and safety of others.
But protecting students’ PII extends beyond the dissemination of COVID-19-related data. As millions of students across the country shift toward remote learning in some capacity, sophisticated technology is necessary to ensure they achieve key learning objectives. But not all edtech tools are created equal.
School administrators must thoroughly examine each of their vendors’ privacy and security policies to ensure they are COPPA-compliant. By identifying what PII their vendors collect from students, how that information is used, and whether or not that information is deleted once it no longer has an educational purpose, administrators can help keep their students safe from a data privacy breach.
Maximize Security and Maintain IT Compliance
Edtech solutions have foundationally changed what’s possible in (and out of) the classroom, redefining how teachers engage their students. But as teachers adopt new platforms, maintaining their students’ security is essential. To help their staff remain compliant and overcome common edtech challenges, district administrators need access to on-demand tech support.
Epiphany provides round-the-clock remote help desk support staffed by experts with firsthand experience in the education sector. We know that selecting and implementing new solutions can be challenging — that’s why we handle the initial user training sessions and provide comprehensive, ongoing IT support to students, parents, and educators. Contact us today to learn how we can help you adopt and deploy new solutions with confidence.