Integrating technology into your school can ease the burden of many administrative functions, support individualized learning styles, enhance the existing classroom experience, and provide frameworks to help students and staff reach their goals. High on the list of challenges, however, is ensuring that the products and services you introduce to your school align with data privacy and security requirements, and that your school’s own compliance practices are well established and understood.

If you don’t have a compliance program, here are some tips for creating one:

1: Identify Current Technology & Stakeholders
The best place to begin is to simply identify all of the technology currently used in your school, from the data management platforms to the smallest classroom apps.  Then, identify the key stakeholders who should be part of building a compliance program.  These may include school board members, superintendents, principals, teachers, IT staff, your school attorney, and even community members.

2: Review Regulations
Review all of the existing regulations, including the Family Educational Rights and Privacy Act (FERPA), the Protection of Pupil Rights Amendment (PPRA), the Children’s Internet Protection Act (CIPA), the Children’s Online Privacy Protection Act (COPPA) and state regulations, as well as district requirements and community norms.  Also consider unique situations that may arise as a result of bringing technology into your school, including adverse incidents such as cyberbullying, sexting, theft, and data breaches.

3: Map Out a Policy
Begin to map out the policies that will guide your decisions around technology.  At a minimum, your policies should cover:  privacy, security, user safety, access, incident detection/prevention/response, social media use, and communications. 

4: Train Your Staff
Once you have your policies written, develop training for your staff so that they are aware of your expectations and rules, and understand their  responsibilities.

5: Review the Technology
It’s very important to map out a process for reviewing the technology that you might want to bring into your school.  You may want to involve your school attorney and IT department, as well as individuals specially trained in privacy and security assessment work. 

Given the resources you have on hand, your review process may end up consisting of an evaluation of the privacy policies, terms of use, and any applicable contracts. These documents should help you understand what data is collected and why, how it is handled and managed, how it is secured, the deletion practices, and other assurances around compliance.  If the documents aren’t clear to you, ask your vendors to provide you with the information you need to feel comfortable with their privacy and security practices.

6: Educate and Communicate
Staff members, parents, and students should all be made aware of their responsibilities and rights around data privacy.  Ongoing communication about your technology plans and compliance requirements will help everyone support implementation of the policies you’ve developed.

7: Reassess Yearly
Compliance programs are never static; they are always living and breathing. As your school community evolves, review and update your privacy compliance plans. By taking the time each year to assess the technology you have on hand, review your policies, educate your stakeholders. and update your communication with teachers, parents and students, you can be confident that you’re taking the right steps to implement a solid compliance program to support your technology plans for the future.

To learn more about creating a school privacy compliance program,  check out this Hobsons webinar.

Linnette Attai, Founder and President of PlayWell, LLC, is a data privacy advisor to Hobsons.


Visit the Resource Center