October is National Cybersecurity Awareness Month (NCSAM). It is an initiative to promote cybersecurity awareness and education, which is essential in today’s digital age. NCSAM typically includes various activities, events, and campaigns to encourage individuals and organizations to take steps to protect their online information and systems from cyber threats. It’s an important reminder to stay vigilant and practice good cybersecurity habits.
In this blog, I want to highlight the importance of being deliberate in our efforts to protect the data we, as professionals, have access to. Whether you are a data officer, data steward, or data user, you are responsible for protecting data. Data breaches and privacy violations have become very common in today’s digital world, emphasizing the need for robust and intentional data privacy and security practices. This blog comes on the backdrop of one of the largest data breaches in recent history highlighted in (see https://techcrunch.com/2023/08/25/moveit-mass-hack-by-the-numbers/?guccounter=1). In addition, it is fitting because October is the perfect time to remind and raise awareness about these crucial issues.
Student data is a treasure trove of information, including identifiable personal demographic details, academic records, attendance records, and other sensitive information. These data are invaluable for administrative purposes, educational research, and evaluation. Nobody wants to have their personal information handled carelessly, and this applies to both you and me. Whenever I use data, I make it a point to treat it as if it were my personal information. The potential consequences of mishandling student data are substantial, including breaches, identity theft, and misuse.
The Family Educational Rights and Privacy Act (FERPA) is a federal law in the United States that governs the privacy and security of students’ educational records. The law plays a crucial role in safeguarding the privacy of students’ educational records in the United States and ensures that educational institutions handle student information responsibly. If you have access to student data, and you have not taken a FERPA training, or you need a refresher, you can take the training from the United States Department of education website @ https://studentprivacy.ed.gov/content/online-training-modules.
Here are some strategies you can use to protect student data:
- Implement strong data encryption protocols to protect data both in transit and in storage. Encryption ensures that even if unauthorized access occurs, the data remains unreadable.
- Control and/or limit access to data to only authorized personnel. Access to data should be role-based within your organization. In addition, perform regular audits to ensure unauthorized user lists are up to date.
- Conduct frequent security checks and updates of all software and systems because outdated software makes systems more susceptible.
- Conduct regular training to educate personnel about data security and management practices. Human error is a common cause of data breaches, so everyone needs to be well-informed and reminded often.
- Establish data retention or destruction policies. The less data you store, the less there is to protect.
- Set-up Multi-Factor Authentication (MFA) for access to systems that can be used to access data. This adds an extra layer of security beyond just passwords.
- If relevant, ensure third-party vendors have security practices that safeguard student data.
By implementing these security measures, adhering to ethical principles, and staying compliant with relevant regulations, we can strike a balance between leveraging data for educational and research advancement and ensuring that students’ personal information remains confidential and secure. We have an ethical obligation to protect the personal information entrusted to us. I strongly urge you to take every possible measure to safeguard data. Let’s commit to prioritizing data privacy and security beyond the month of October, ensuring that data in our hands remains exceptionally secure.