Dive Brief:

• School districts must continue to protect high school graduates’ student data just as securely as before graduation, retaining or purging it in accordance with federal and state regulations as well as district policies, EdTech: Focus on K-12 reports.
• Experts suggest districts take a good look at vendor contracts to make sure administrators know who controls the data after students graduate and that it’s not shared with third parties. 
• Some districts, such as Fresno Unified School District, build their own student information system that is located onsite — it is backed up in an offsite facility that is also owned by the district and never moved to the cloud due to privacy concerns.

Dive Insight:

School districts have become one of the top targets for hackers looking to steal information. Any data on the system, including that of faculty and graduates, is vulnerable when it comes to data breaches.

Schools' records are considered gold mines to hackers, with their importance in day-to-day operations making them especially vulnerable to ransomware attacks, but many districts can't afford to have top-tier security systems. This creates a perfect storm that even the FBI has called attention to. Children are also 35% more likely to be targets of identity theft since they don’t have a credit history and their social security number isn’t active.

When students leave high school, much of their information remains behind. While many districts don’t store information like social security numbers, students' birth dates, their parents' names and home addresses are all valuable pieces of information. 

It's a good idea for parents and students to follow up on school records after graduation, both to fix errors and inquire about how the information will be stored or disposed of — though districts can also make it a best practice to provide this information upfront, building additional trust through transparency.