Ensure Student Privacy & Secure Inclusive Practices

Districts are required, at minimum, to follow federal laws to protect student data and ensure the security of the educational systems. In addition, many states have more robust laws than the federal requirements. School officials, families, and device and software developers must be mindful of how data privacy, confidentiality, and security practices impact students. The NETP emphasizes, “Schools and districts have an obligation to tell students and families what kind of student data the school or third parties (e.g., online educational service providers) are collecting and how the data can be used.” AT leaders must keep these factors at the forefront when selecting assistive technologies and accessibility tools. 

Keep in mind, a student’s need for assistive technologies and/or accessing accessibility features often provides direct, personal, identifiable data sets to school staff, district leaders and third-party vendors. Therefore, all staff, students, and partners must follow strict privacy guidelines to ensure preferences are respected, maintained and remain private. 

Ransomware attacks have dramatically increased in K-12 school systems over the last few years. Cybersecurity measures must be adhered to by all staff, students, families, and vendors, including AT leaders and special education teams.  

Actions to help keep student data and systems safe include:

• Confirm privacy laws and best practices are being upheld so all student information is secure, including CIPA, FERPA, HIPAA, by mandating privacy agreements as a requirement in district contracts for devices, digital content, tools, and resources.
• Support an informed, collaborative staff on safety measures, including training IT leaders regarding student privacy considerations related to IDEA, HIPAA and personal, student preferences. When considering new tools or resources,train AT leaders on student privacy and security requirements. 
• Implement safe cybersecurity practices to minimize cyberattacks and threats.
• Inform families of all parties who have access to the student’s data, the district privacy practices, and cybersecurity measures in place to keep the student’s information secure. 
• Embrace data modernization to ensure that accurate, secure data can be exchanged to provide educators, families, and students with a clear understanding of school performance, IEPs, student attendance, academic performance, or support services.

Resources

• Student Data Privacy Consortium, A4L
• Cybersecurity Toolkit, CoSN
• Data Modernization, SETDA and Cybersecurity Legislation Report 2021, CoSN 
• Data Interoperability 101, Project Unicorn
• Data Interoperability Rubric, Project Unicorn
• Protecting Student Privacy, U.S. Department of Education
• CoSN 2021 Cybersecurity Legislation Report 
• K-12 School Security Guide, Cybersecurity and Infrastructure Security Agency (CISA) 
• Trusted Apps and Data Privacy, 1EdTech