Data Privacy & Security Service
Issue 8
PARENTAL CONSENT, OPTING-IN AND OUT
The publication titled “Student Data: Trust, Transparency, and the Role of Consent” addresses the practical implications of consent requirements (opt-in, opt-out) both for day-to-day school management and for the education system as a whole. It ex- plores how existing federal laws, including the Federal Educational Rights and Privacy Act (FERPA), protect student data. If your district has struggled with deciding what to include in “Directory Information”, this publication will help. Generally, the publication proposes that in lieu of focusing on the technicalities of parental consent requirements, legitimate privacy concerns must be addressed in a manner that protects all students. It argues that parents should never have to opt-out
Additional Resources
The following are some additional re- sources that may help to guide your district in developing policies around consent: 1. Student Data and Consent Policies 2. Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices
of embracing new technologies in order to protect their children’s privacy. Instead, to foster an environment of trust, schools and their education partners must offer more insight into how data is being used. With more information and better access to their own data, parents and students will be better equipped to make informed decisions about their education choices.
View the full article here .
The LinkedIn Phishing Attack: How They Did It
Over the last few months several phishing attacks have been carried out against LinkedIn users using LinkedIn itself. The following article details how the attacks were and are being carried out. This summary serves as an important example of why users cannot assume that a message is le- gitimate even if it is shared via the service itself. Hackers have found many ways to attempt to steal users data, many of which seems perfectly legitimate.
Additional Resource What can a district do to help its users avoid phishing attacks and what limita- tions exist when educating users about phishing?
DARKreading has a detailed article avail- able here that provides some insight.
View the full article here .
COMPTROLLER’S CORNER
In this month’s Comptroller’s Corner, we feature a website from the Privacy Rights Clearinghouse. This website features information on data breaches that have been made publically available. This site allows filtering by organization, years, and
types of breaches. Why might you want to look at this website? Well, the answer is simple: The best form of security is aware- ness. By knowing what breaches have occurred recently, organizations can stay ahead of the curve and implement policies and procedures that may prevent future data breaches that other organizations have suffered. Visit the Clearinghouse here .
The Comptroller released an Audit of the Holland Patent Central School District’s Student Information System (SIS) on January 13, 2017. The audit focused specifically on access to the SIS and rights of users. The key findings of the audit included that users were granted access to areas that were not relevant to their job functions, and users were also given rights to assume another user’s account and identity when it was not necessary for their job function. The audit expressed that it is important for dis- tricts to assure that users have the appropriate rights for their job functions. Additionally, districts should continuously review permissions granted to users and adjust as appropriate.
View the contents of the full audit here.
3
Made with FlippingBook flipbook maker