Whose job is it in schools to make sure confidential data is kept private and secure?

If you answered, "The Tech Department," you are only partially right. 

As I work my way through the process of helping our district obtain the COSN Trusted Learning Environment (TLE) certification, what has been most eye-opening is how good data security is an organization-wide effort and responsibility - that the technology department alone cannot assure data is protected, no matter how hard it works.

There are, of course, many things for which the technology department has primary responsibility - firewalls and encryption schemes and backups and access control to databases. Those of us who work with technology every day have a responsibility for making sure others in our organization have their level of concern raised sufficiently that they see their role and responsibility in data security and data privacy.

Here are some job groupings in schools along with some data protection roles they need to play:

Administrators. Superintendents, school board members, business managers, building principals, food service directors, special education directors, operation directors all need to understand both the legal and day-to-day issues involved in securing data and protecting student privacy. Their knowledge is critical to writing good policies, and asking others under their charge to make data security a high priority in what is usually an already full workload.

Business and HR department personnel. Major responsibilities of these groups involve vetting business/finance systems privacy and security functions and helping establish policies regarding role- appropriate access to private data. HR may also have responsibilities for determining all staff required training related to safety issues - and should help make data protection one of these required training areas.

Professional development and curriculum leaders. Those in charge of professional development plans must support and help prioritize teaching staff members about both the legal issues as well as best day-to-day practices on data privacy and security. Our curriculum leaders need to help build digital citizenship teaching expectations into at all grade levels. They also need to understand the laws surrounding the use of student data by vendors and vet products' compliance with data laws.

Clerical staff. Our secretaries handle a lot of student data, provide data to individuals and organization outside the school district, and often maintain access rights to other employees. The clerical staff is too often overlooked when PD days are offered - especially in the critical are of data security. I believe these folks are also must vulnerable to phishing and other social engineering schemes.

Classroom teachers.  Digital citizenship, of which learning to protect one's privacy is a vital understanding, cannot be taught by the library media specialist, technology integration specialist, or computer teacher alone. It needs to be woven into classroom teachings whenever technology is used as a part of the instructional unit. Classroom teachers also need to understand the process for vetting new educational programs to insure COPPA compliance.

Getting nearly every employee in a school district not just trained in good data practices, but getting them to take these practices seriously. Technology departments can lead, but they cannot do it all.

Image source