How Assessing Information Governance Can Improve Privacy in Schools

For public schools, technology is an important tool. But establishing strong security measures to protect student privacy is even more essential.

The K-12 Cybersecurity Act of 2019, a recent bill that has been introduced in the U.S. Senate, calls for the Department of Homeland Security (DHS) to initiate a review of the cybersecurity policies at public schools across the country. This includes developing a more comprehensive set of guidelines and tools so that schools can better protect institutional and personal data from ransomware and other breaches.

Being able to safeguard both school and student data should be apparent, but with limited resources and funding schools are finding it hard to be effective. In addition to the DHS guidelines, once available, schools should look at their records and information management programs. Creating an approach to effectively manage the full information lifecycle will ensure that records — both student and school — are in a better position to remain protected.

Effective Information Governance

Student records and personal data must be strictly governed in educational institutions, beginning when a record is created and continuing through its usage, storage, retrieval and maintenance phases. Information must also be managed with proper security and protection structures in place, especially when it comes to personal and confidential information.

Schools need a formal information governance program to establish a framework that details roles and responsibilities and identifies how records should be treated. This allows schools to effectively manage the growing volumes of information they are seeing and ensures that associated risks are well understood, documented and then controlled so risk mitigation can happen appropriately

But what does a formal information governance program look like?

Privacy Assessments

The first step in information governance is identifying where personal and sensitive data is located throughout a school’s records storage system, and who is responsible for managing those records. An in-depth assessment enables schools to identify gaps and prioritize opportunities for improvement. 

As part of this assessment, it is important to establish a records retention schedule. At the most fundamental level a retention schedule dictates how long to keep documents according to the given regulations that apply to each individual school district.

Information Governance Framework

While assessing, and later improving, a privacy program may seem easy, schools may have constraints that prevent them from making greater strides in protecting their records and information. Building an information governance framework should serve as the next step in the process. Establishing this framework will address issues spanning risk management, retention, compliance and disposition, and is important to give schools increased control over their information, from creating a record to its final disposition. To establish a framework, schools should identify its complete information inventory and develop information maps, which are databases that capture an inventory of what systems, applications and repositories they have, where they are located, and who is responsible for managing them. With this in place, they will be able to better understand their records and information program. Schools can also benefit from an updated retention management platform, a metric system that will measure the alignment of information management outcomes to privacy policies.

Content Classification

Classifying content is the last step in ensuring proper management of records and information. Educational institutions should develop an enterprise strategy that applies to both the pick-up of new, physical records, the digitization of these records, and the training of access, archiving and destruction requirements. This component sees an establishment of both accurate and fast-processing search engines, a reduced amount of legacy records and storage costs, improved service responsiveness, and the identification of records that can be eliminated to support space management requirements.

Access Controls

In addition to the steps outlined above, for privacy purposes it’s critically important to maintain access control policies and effective chain of custody procedures. This includes developing a step-by-step process to ensure complete security and should include using a unique identifier for location tracking as well as assigning certain levels of access to individuals depending on roles and responsibilities.

Conclusion

As security and privacy of records and information in schools continues to be one of the most pressing issues today, it is critical that school systems focus on their information governance program. Privacy starts with the ability to protect student records that are constantly being produced and stored. By executing a more detailed and managed framework, schools can worry less about breaches and more about their mission of education.

About the Author

Mary Ellen Buzzelli is Director State, Local and Education Strategy at Iron Mountain Government Solutions.


Featured

  • Abstract AI circuit board pattern

    Nonprofit LawZero to Work Toward Safer, Truthful AI

    Turing Award-winning AI researcher Yoshua Bengio has launched LawZero, a nonprofit aimed at developing AI systems that prioritize safety and truthfulness over autonomy.

  • stylized illustration of a desktop, laptop, tablet, and smartphone all displaying an orange AI icon

    Survey: AI Shifting from Cloud to PCs

    A recent Intel-commissioned report identifies a significant shift in AI adoption, moving away from the cloud and closer to the user. Businesses are increasingly turning to the specialized hardware of AI PCs, the survey found, recognizing their potential not just for productivity gains, but for revolutionizing IT efficiency, fortifying data security, and delivering a compelling return on investment by bringing AI capabilities directly to the edge.

  • magnifying glass with AI icon in the center

    Google Releases Learning-Themed AI Mode Features for Search

    Ahead of back-to-school season, Google has introduced new AI Mode features in Search, including image and PDF queries on desktop, a Canvas tool for planning, real-time help with Search Live, and Lens integration in Chrome.

  • sunlit classroom with laptops on every desk, each displaying a glowing AI speech bubble icon above the screen

    Copilot Chat and Microsoft 365 Copilot to Become Available for Teen Students

    This summer, Microsoft is expanding availability of its Copilot Chat and Microsoft 365 Copilot products for students aged 13 and older. Administrators will be able to grant access for students based on their institution's plans and preferences, the company announced in a blog post.