Dive Brief:

• The past two years have seen school districts spend $41 million on adaptive learning efforts heavily reliant on vast data sets and algorithms, EdTech: Focus on K-12 reports, and that growth is leading to calls for more attention to how that student data is collected and protected.
• When working with any vendors or tech tools, districts should first weigh the strength of its privacy factors against the Student Privacy Pledge or Common Sense Media's Privacy Evaluations. They can also use tools such as Windows Information Protection (WIP) to decide whether a piece of software or other tech can access school data, in addition to how it's used.
• The University of Colorado’s National Education Policy Center also proposes that educators and researchers should be able to see the algorithms in use by software so they have better understanding of the way that tool uses data and that it isn't being collected for profit.

Dive Insight:

Cybersecurity events, like the recent Equifax breach, highlight the impending need for administrators to pay more attention to data protection. As TechCrunch succinctly put it over the weekend, these occurances are likely to start happening on a weekly basis in the coming years, most companies aren't prepared for it, and the data being targeted isn't data that can be replaced as simply as changing a password.

Schools and districts have already found themselves among the most popular targets due to the massive amount of sensitive data they hold, such as social security numbers. Ransomware attacks alone have raked in an estimated $25 million over the past two years, and education has faced a higher number of those attacks than any other industry.

With this in mind, data protection can no longer be an afterthought. Districts must take the same precautions as any corporation should, budgeting for measures that include splitting data into separate databases, implementing the best firewalls, keeping security patches up to date, ensuring two-factor authentication is in place, and utilizing phishing tests to train faculty, staff and students how to avoid compromising the network.