Strengthening Data Privacy in Schools

Published February 26, 2015

By Andrew Bloom | Chief Privacy Officer for McGraw-Hill


Essential recommendations to help schools keep student data safe and secure.

Technology is becoming increasingly prevalent in nearly every aspect of 21st century teaching and learning. K-20 instructors and students often interact with several different information systems and digital devices each day. New educational software and hardware options seem to emerge, evolve, and disappear overnight. As a result, the task of keeping student data secure has never been more challenging for schools -- or more important.

At McGraw-Hill, protecting privacy and maintaining the trust of our customers, the students, and their parents has always been of the utmost importance. We're also committed to helping schools and educators learn what they can do to further protect their student data. By increasing awareness and transparency of student data privacy and security issues, we hope to better understand the concerns and create an ongoing dialogue about privacy, security, and confidentiality.

All schools should carefully consider three key areas to help protect data from unauthorized access and misuse:

Security: Schools should place controls, policies, and procedures in place to prevent unauthorized access to student data in either hard copy or soft copy formats. This can be done through physical controls (e.g., use of a locked data center or file cabinet), technical controls (e.g., use of strong passwords that are changed regularly), or administrative controls (e.g., access to sensitive data requires approval). Any school can implement the best privacy practices in the world, but at the end of the day, if they haven’t also addressed security, then they will have wasted time and money.

Training: All personnel -- especially those accessing student data regularly -- should be trained on the basics of privacy and security, including:

  1. What are privacy and security, and why are they important?
  2. How do privacy and security impact school staff and students?
  3. What key guidelines should be followed by all staff?

Third-Party Relationships: Nearly all schools rely on third party products and services to help educators save time and improve learning outcomes. Make sure to review and document the data collection and privacy policies for any third-parties working with your school to make sure they meet acceptable standards. Contracts should include references to policies and/or language to ensure that both teacher and student data will be kept private and secure.

Some helpful resources for educating school staff and students about data privacy issues include:


About the Author

Andrew Bloom

Chief Privacy Officer, McGraw-Hill

Andrew Bloom is Chief Privacy Officer for McGraw-Hill and has an extensive background in data security with deep expertise on privacy in corporate and educational settings.