Security

There are many easy ways for teachers to protect the security of student data. Our favorite checklist on this topic was developed for Fordham University School of Law, Technology and Privacy Law by Elizabeth Walker. Check out the full checklist in PDF here, or our version of the checklist below.

General Guidelines
  • Do not share passwords for school accounts with anyone, including other staff, family members, or significant others. Check out some of the suggestions in this article for how to create a secure password. You can also use password managers like LastPass or 1Password to help you remember your passwords and keep them secure.
  • Use different passwords for your school accounts than you do for personal accounts.
  • Avoid connecting to the Internet through wireless networks (WiFi) that are not password protected.
  • Immediately report to the administration any suspicious activity involving or affecting technology related to school work, school accounts, or student data.
  • Back up your data regularly. If your account is hacked, subject to ransomware, or there is just a technical bug, you will be very glad that you kept a backup of your data.
Accessing or Sharing Student Data
  • Ask the administration whether your district or school has a policy about using or sharing student
    data.
  • Only access the student data that you have permission to access.
  • Only access student data for legitimate school or educational purposes.
  • When accessing student data, only use computers or devices that have either been approved by the
    school or that contain security software and are password protected.
  • Lock up hardcopy files and devices with access to student data.
  • Do not share or disclose student data without authorization from an administrator, parent, or
    guardian.
  • Do not share student data during public meetings or presentations; use fictitious records instead.
  • Avoid sending student data via email unless specifically authorized.
  • Immediately report any incidents to the administration where you believe student data may have
    been inappropriately accessed or shared.
Using Computers, Tablets, and Other Devices

When you are using school-owned equipment:

  • Ask the administration whether your district or school has a policy about using school-owned computers, tablets, or other devices.
  • Log out of accounts and close browsers and programs whenever you finish using a program.
  • Password-protect, lock, or otherwise secure all computers and devices when not in use.
  • Immediately report lost or stolen devices to the administration.

When you are using your own equipment:

  • Ask the administration whether your district or school has a policy about bringing your own computer, tablet, or other device to school or using your own device for school purposes.
  • Ask the administration if approval is necessary prior to using your own computer or other device in the classroom or to access student data.
  • Install anti-virus software on the device before using it on the school network or to access school accounts
  • If the device or a program notifies you that critical security updates or patches are available, promptly follow the instructions on the screen to download and install the updates.
  • Set up password protection to log in to the device, wake the device, or unlock the screen.
  • Log out of accounts and close browsers and programs whenever you are finished.
  • Password-protect, lock, or otherwise secure all computers and devices when not in use.
  • Immediately report lost or stolen devices to the administration.
Using Email
  • Ask the administration whether your district or school has a policy about using email.
  • Do not click on any links or download any attachments you receive from a suspicious source.
  • Be cautious of emails containing the following:
    • Links in suspicious-looking messages
    • Threats that your account will be closed if you do not respond
    • Web addresses where names of well-known companies have been slightly altered
    • Requests for personal information
    • Unexpected attachments, especially those purporting to come from banks or financial
      institutions
    • Deals that sound too good to be true
    • Urgent emails demanding that you act immediately
    • Messages that list your email as the sender or from address

Do you have any security tips to add? Email them to info@studentprivacycompass.org