Whether or not an education agency has an LDS, data need to be secured to prevent unauthorized access and tampering. However, the collection, maintenance, and dissemination of student-level data via an LDS and other source systems increases the importance of data security. While many districts have long stored some personally identifiable information, states take on a new responsibility when they begin to manage personally identifiable, student-level data.
The Forum has more detailed information... |
|
...about data security issues: |
Security measures should keep sensitive data out of the wrong hands, while allowing maximum accessibility to users. An LDS contains sensitive data that can be compromised and used to expose restricted personal information, thereby violating privacy (Houde 2008). Protections must allow access to authorized users, while barring others from seeing or manipulating the data.
Ownership model of data security Within a data governance structure, ultimate responsibility for each of the agency’s data elements should be assigned to a single data steward (see chapters 1, 2, and 3). These stewards should work with the security team to determine the sensitivity of, and appropriate level of security for, every data element. Together, they may
|
The first step in securing an education agency’s data is developing a clear view of its information “landscape.”
Role-based data access
Users should have easy access to the data in an LDS, and standardized reports
showing aggregate data and analysis results should be publicly available.
Additionally, for ad-hoc querying and analysis, the general public may be given
access to aggregate statistics and to non-identifiable individual student records. For
personally identifiable information, users should be granted varying levels of access
depending on their role, needs, and responsibilities. For instance, through an online
application, users could gain access to permitted information by signing on with their
individual username and password. A student’s record may be made available to that
student, as well as to his or her parents or guardians, current teachers, counselors,
school, district administrators, etc. However, the specific information shared may vary
depending on the user’s identity; for example, only parents might be allowed to see
a student’s lunchroom account balance. Researchers with appropriate contracts and
permission may also be granted access to some personally identifiable data.
|
The more data an agency has, the more it must secure. Although stakeholders may demand a wide range of information, each agency should consider disposing or securely archiving any data deemed unnecessary, especially if they contain personally identifiable information. In this stage of the life cycle of information (see chapter 1 of Book Two: Planning and Developing an LDS), data should be destroyed in a manner consistent with their sensitivity.
Authentication is the verification of a user’s identity through means such as the submission of a unique password and/or other personal information. Authorization is the mechanism by which that authenticated user is granted access rights (e.g., the right to view data of varying degrees of sensitivity, or the right to manipulate data in addition to viewing them). |
Agencies need to stay on their guard, identifying vulnerabilities and adapting to ever-changing security threats. Threats may come from within the organization or outside agency walls. The Internet, for instance, increases the risk to student privacy as individuals from the local education community or from across the globe can hack into data systems to change test scores, unleash viruses, or just wreak general havoc.
Even with a solid security plan, agency data will not be secure without proper implementation. All staff, not just IT, should understand the sensitivity of the records and the vulnerabilities of the system, and security should be a priority in everyone’s daily routine. Improving agency security therefore involves a certain degree of culture change. |
Disaster preparedness
Natural and manmade disasters can severely disrupt educational activities, displacing
students and interrupting services including data collection, maintenance, and use
of data. LDSs, which may consolidate a wide range of data and data processes, are likely
to be necessary for carrying out day-to-day business (“mission critical”). Moreover, when
disaster strikes, these systems are vital to mitigating the effects of the crisis. For instance,
the LDS can be used for enrolling displaced students in the appropriate grades, courses, and
programs; meeting accountability requirements; and efficiently allocating funding. Agencies
should carefully plan for destructive or disruptive events, including physically safeguarding
the system, designing the system architecture to facilitate displaced student tracking (e.g.,
including data elements such as displacement identifiers and event descriptors), and creating
policies for tracking students and exchanging data after a crisis.
|
The Forum has more detailed information... |
|
...about data ethics: |
With an LDS, more staff members will gain access to sensitive student-level data. As access to data expands, so must security and confidentiality training to avoid unlawful data sharing or use. Some best practices follow.
LDS Lore: Identity theft in the printer room |
|
At the school district office, Margaret typed in her password and accessed the teacher information system. She
found the data she needed and sent it to the printer. The phone rang—Sally was calling about lunch. Starving,
Margaret grabbed her coat and headed out for a burrito. Meanwhile, at the printer, Bonnie lifted a stack of
unclaimed paper from the tray and set it on the table. She waited for her job to collate, snatched it, and left
the room. After lunch, Margaret was extremely busy as one meeting flowed into another until it was time to make
the commute home. Before close of business, Chris, the district's data governance coordinator, was making his
rounds and noticed the pile of papers on the table. He picked them up, quickly realized what they were, and
raced back to his office.
|