Particular attention should be given to confidentiality when data are released through electronic means because of the increased potential for unauthorized access. For example, school staff cannot visually check the photo identification of a facsimile or electronic mail recipient. It is recommended that policies and procedures be established to address the issue of data forwarding via electronic means.
School officials should routinely embed various levels of encrypted codes into computerized databases. This will protect the confidentiality of the data, as well as ensure the integrity and authenticity of the information. Clear rules and procedures about who can send and who can receive and use data should be established, as should the penalties for abuse or misuse of systems. The transmission of data from one agency to another creates additional security risks that can be minimized through the use of standardized protocols, various encryption technologies, and digital signatures. Refer to Weaving a Secure Web Around Education: A Guide to Technology Standards and Security (National Forum on Education Statistics 2003) for a detailed discussion and technical specifications of these methods.
It is important for the electronic system to log the transfer of personally identifiable data in a security audit trail to account for releases of data by and to appropriate individuals. The use of electronic authentication programs can reassure the sending agency or school that the information has reached the appropriate recipient and that no changes to the contents have been made.