School closures due to COVID-19 have led a number of districts and institutions to implement programs for remote learning. Such programs are necessary for facilitating instruction during these challenging times, but they inherently carry increased risks to the privacy and security of the institution’s data.
It is critical in this time for schools and institutions to remind employees that existing policies, procedures and rules concerning both communications with students and the protection of student data privacy and security remain in effect and are not suspended. In fact, the remote learning environment warrants enhanced vigilance by educational institutions to protect personal information and student data.
These issues are of such concern that Democratic Senators Markey, Blumenthal, and Durbin recently sent a letter to Federal Trade Commission (FTC) and the Department of Education regarding student data privacy and data collection in light of at-home and distance learning. The letter urges the FTC and Department of Education to issue guidance to ed tech companies and parents that will help protect student privacy during this pandemic and in the future.
There are a number of things institutions can do to help mitigate cyber risks associated with remote learning, including:
- Consider and evaluate the risks inherent in remote learning, keeping continued FERPA compliance in mind
- Determine what services and platforms will be permitted, and inform teachers and other employees of what is permitted and what is not
- Ensure any video conferencing platform or service used is approved and managed by the institution
- Inform parents of any changes in practices concerning student data
- Check your existing parental consent forms pertaining to use of students’ image or likeness in videos to ensure they encompass video conferencing, and consider obtaining a separate explicit consent