How Assessing Information Governance Can Improve Privacy in Schools

  • By Mary Ellen Buzzelli
  • 02/27/20

For public schools, technology is an important tool. But establishing strong security measures to protect student privacy is even more essential.

The K-12 Cybersecurity Act of 2019, a recent bill that has been introduced in the U.S. Senate, calls for the Department of Homeland Security (DHS) to initiate a review of the cybersecurity policies at public schools across the country. This includes developing a more comprehensive set of guidelines and tools so that schools can better protect institutional and personal data from ransomware and other breaches.

Being able to safeguard both school and student data should be apparent, but with limited resources and funding schools are finding it hard to be effective. In addition to the DHS guidelines, once available, schools should look at their records and information management programs. Creating an approach to effectively manage the full information lifecycle will ensure that records — both student and school — are in a better position to remain protected.

Effective Information Governance

Student records and personal data must be strictly governed in educational institutions, beginning when a record is created and continuing through its usage, storage, retrieval and maintenance phases. Information must also be managed with proper security and protection structures in place, especially when it comes to personal and confidential information.

Schools need a formal information governance program to establish a framework that details roles and responsibilities and identifies how records should be treated. This allows schools to effectively manage the growing volumes of information they are seeing and ensures that associated risks are well understood, documented and then controlled so risk mitigation can happen appropriately

But what does a formal information governance program look like?

Privacy Assessments

The first step in information governance is identifying where personal and sensitive data is located throughout a school’s records storage system, and who is responsible for managing those records. An in-depth assessment enables schools to identify gaps and prioritize opportunities for improvement. 

As part of this assessment, it is important to establish a records retention schedule. At the most fundamental level a retention schedule dictates how long to keep documents according to the given regulations that apply to each individual school district.

Information Governance Framework

While assessing, and later improving, a privacy program may seem easy, schools may have constraints that prevent them from making greater strides in protecting their records and information. Building an information governance framework should serve as the next step in the process. Establishing this framework will address issues spanning risk management, retention, compliance and disposition, and is important to give schools increased control over their information, from creating a record to its final disposition. To establish a framework, schools should identify its complete information inventory and develop information maps, which are databases that capture an inventory of what systems, applications and repositories they have, where they are located, and who is responsible for managing them. With this in place, they will be able to better understand their records and information program. Schools can also benefit from an updated retention management platform, a metric system that will measure the alignment of information management outcomes to privacy policies.

Content Classification

Classifying content is the last step in ensuring proper management of records and information. Educational institutions should develop an enterprise strategy that applies to both the pick-up of new, physical records, the digitization of these records, and the training of access, archiving and destruction requirements. This component sees an establishment of both accurate and fast-processing search engines, a reduced amount of legacy records and storage costs, improved service responsiveness, and the identification of records that can be eliminated to support space management requirements.

Access Controls

In addition to the steps outlined above, for privacy purposes it’s critically important to maintain access control policies and effective chain of custody procedures. This includes developing a step-by-step process to ensure complete security and should include using a unique identifier for location tracking as well as assigning certain levels of access to individuals depending on roles and responsibilities.

Conclusion

As security and privacy of records and information in schools continues to be one of the most pressing issues today, it is critical that school systems focus on their information governance program. Privacy starts with the ability to protect student records that are constantly being produced and stored. By executing a more detailed and managed framework, schools can worry less about breaches and more about their mission of education.

About the Author

Mary Ellen Buzzelli is Director State, Local and Education Strategy at Iron Mountain Government Solutions.


Featured

  • glowing digital human brain composed of abstract lines and nodes, connected to STEM icons, including a DNA strand, a cogwheel, a circuit board, and mathematical formulas

    OpenAI Launches 'Reasoning' AI Model Optimized for STEM

    OpenAI has launched o1, a new family of AI models that are optimized for "reasoning-heavy" tasks like math, coding and science.

  • landscape photo with an AI rubber stamp on top

    California AI Watermarking Bill Supported by OpenAI

    OpenAI, creator of ChatGPT, is backing a California bill that would require tech companies to label AI-generated content in the form of a digital "watermark." The proposed legislation, known as the "California Digital Content Provenance Standards" (AB 3211), aims to ensure transparency in digital media by identifying content created through artificial intelligence. This requirement would apply to a broad range of AI-generated material, from harmless memes to deepfakes that could be used to spread misinformation about political candidates.

  • clock with gears and digital circuits inside

    Report Estimates Cost of AI at Nearly $300K Per Minute

    A report from cloud-based data/BI specialist Domo provides a staggering estimate of the minute-by-minute impact of today's generative AI boom.

  • glowing lines connecting colorful nodes on a deep blue and black gradient background

    Juniper Intros AI-Native Networking and Security Management Platform

    Juniper Networks has launched a new solution that integrates security and networking management under a unified cloud and artificial intelligence engine.