Data is central to the MTSS framework. In fact, one of the most important components of an effective Multi-Tiered System of Supports is easy access to data from multiple sources, brought together in a way that supports intervention planning and delivery. But with access can come vulnerability. Schools often struggle to keep up with the cloud security and data privacy standards of their vendors, making them vulnerable to cyberattacks. EdWeek has gone so far as to call it the Cybersecurity Wild-West for schools!
As schools implement MTSS, protecting student data is a top priority. Branching Minds is a leader in data security for education technology, and we want to support schools in taking all necessary precautions when handling data.
Here are five questions to consider about your school’s protection of student data:
Question #1: Does My School or District Adhere to FERPA Guidelines?
The Family Educational Rights and Privacy Act of 1974 (FERPA), which is also known as the Buckley Amendment, is a U.S. federal law that protects the privacy of students’ educational records. Those records include personally identifiable information (PII) of underage students and adults over 18 enrolled in educational programs. Violation of that privacy harms students and is a serious offense with penalties, so this question is perhaps the most important to consider and prioritize.
Branching Minds is authorized by schools and districts under the FERPA “school official” exception to receive and use educational data to provide educational services. This data has significant educational value, enabling teachers to identify students’ cognitive learning strengths and challenges, match them with research-backed learning supports, and track and report data on student growth. This information is used only for academic purposes. Branching Minds does not collect data for collection’s sake, and access is limited and appropriate.
Question #2: Does My School or District Work With Secure Third and Fourth-Party Vendors?
Under FERPA, schools and districts are responsible for their chosen vendors’ use of student data. If a vendor intentionally or accidentally misuses students’ education records, the school is responsible. The school is held accountable for any possible violation of student privacy. This is to ensure that your school and district only use vendors who have vigilant Data Privacy Practices.
The Branching Minds platform is designed from the ground up to protect school data and support FERPA compliance. Our platform allows or restricts access to individually identifiable student and personnel data based on each user’s defined roles. We utilize an administrator permission system to ensure that student and staff data is protected according to all FERPA requirements according to access level. And, we monitor all Branching Minds vendors on an ongoing basis to ensure they utilize industry-standard privacy precautions.
➡️ Related Resource: How to Create a Seamless Data-Driven School Culture Through MTSS
Question #3: Does My School Use Technology — Databases, Systems, Apps, and Other Tools — With the Highest Standards of Encryption?
The key to protecting your school’s data is encryption. According to the U.S. Cybersecurity and Infrastructure Security Agency,
“In very basic terms, encryption is a way to send a message in code. The only person who can decode the message is the person with the correct key; to anyone else, the message looks like a random series of letters, numbers, and characters. Encryption is especially important if you are trying to send sensitive information that other people should not be able to access. Because email messages are sent over the internet and might be intercepted by an attacker, it is important to add an additional layer of security to sensitive information.”
At Branching Minds, all data is encrypted in transit and at rest. Strong encryption protects data as it moves through your organization to ensure the highest viable levels of security. Learn more about the specifics of data encryption here.
➡️ Related Resource: 5 Considerations When Selecting an RTI/MTSS Intervention Management Software
Question #4: Does My School Use Secure Cloud-Based Tools?
When schools vet new tools, functionality is often the first concern and security the second.
Some apps, platforms, and tools aren’t obviously under the cloud security umbrella—such as learning management systems (LMS), where teachers can post assignments and instructions, link to resources, or use tools for emails or newsletters. These apps, platforms, and tools can lead to potential data loss if they aren’t correctly secured. Be skeptical and investigate to ensure student data is protected.
When considering a new technology tool, check:
- Information or account retention
- Privacy policies
- Encryption
- Sharing settings
- Data storage
Branching Minds uses an internal Secure File Transfer Protocol (SFTP) site called Branching Minds Cloud (cloud.branchingminds.com) to transfer student and assessment data. SFTP’s network protocols provide file access, transfer, and management over a reliable data stream. The Branching Minds Cloud site is hosted on our internal servers, with the files residing within our secure SFTP.
Branching Minds also supports the use of a secure SFTP connection to send student and assessment data. Districts wishing to automate the sending of their manual assessment files on a nightly basis can utilize this option. This SFTP is set up by Branching Minds, and the credentials are either sent via a Branching Minds Cloud link or relayed over the phone, but cannot be sent via email.
Everyone has a role to play in data security
Here are 5 Data Security Tips for Educators you can download and use today!
Question #5: Does My School Need to Be Following Any Other Data Privacy Laws and Regulations?
The Protection of Pupil Rights Amendment (PPRA) of 1978 (also known as the Hatch Amendment) is a law intended to protect the rights of pupils and their parents in programs funded by the U.S. Department of Education. The Children’s Online Privacy Protection Act of 1998 (COPPA) is a U.S. federal law protecting children’s privacy under 13 years of age. (Read more about how Branching Minds adheres to COPPA standards here.)
PPRA and COPPA include strict parental notice and consent requirements on how underage students’ data should be gathered, shared, and used within a school or district.
Even with FERPA, PPRA, and COPPA compliance under control, your school or district might still have some security gaps. The Parent Coalition for Student Privacy has a wealth of information and resources dedicated to helping parents and educators create more secure digital environments for students.
➡️ Related Resource: Webinar - Using Screening Data to Tier Students for RTI/MTSS
Final Thoughts
Used correctly - and safely - technology allows us to more easily support students on their pathway to success. Access to student data in your MTSS practice is essential for success, but it comes with a need for increased vigilance in protecting that data. Asking the right questions will help ensure your students’ data is secure.
Branching Minds
Branching Minds is a highly respected K-12 services and technology company that leverages the learning sciences and technology to help districts effectively personalize learning through enhancements to their MTSS/RTI practice. Having worked with hundreds of districts across the country, we bring deep expertise in learning sciences, data management and analysis, software design, coaching, and collaboration. Combined with our extensive toolkit of resources, PD, and technology, we provide a system-level solution. We are more than a service or a software provider, we are partners who will deliver sustainable results for educators, and a path to success for every learner.
Related Posts
Comments (0)