K12 is no longer a stranger to data privacy and security. Over the past couple of years advocacy on the matter has brought to the forefront the need to educate users on how to handle student data online and with digital tools. Districts are starting to build teacher and staff awareness and training programs to prevent internally caused breaches. But the growing number of issues stemming from the staff lack of understanding of digital data best practices and the reality of growing and extremely aggressive hacking groups points toward an acute need for vivacious internal data privacy and security staff educational program, as well as a close partnership with the k12 institution edtech partners and vendors.

Analyzing the dangers we can easily identify the areas of exposure that leave the district open to attacks and loss or compromising of data. To get a personalized analysis, a district/school should look at the types of data that

is exchanged:

• Login information (password)

• Credentials needed to set up accounts (email, dob, etc)

• PII used in account management of digital tools

• PII and pass-through information collected by digital publishers

• 3rd party services

• Internal data transfer practices (among departments, between schools, district&school, etc)

• Data management vendors (assessment platforms, data warehouses, analytics services, conceptual solution development between schools and vendors)

With the adoption of 1-1 devices at high school, and the focus on integrating digital learning into the classroom, teachers embrace digital tools. It becomes immediately obvious that a data privacy and security education is required, to supplement the mandatory digital citizenship trainings that teachers and students receive in a 1-1 program. Engage all the teachers in the district’s data privacy awareness program. Students must be engaged in exploring the nuances of privacy, and create visuals to support peers and teachers’ understanding.

More acute than the digital learning data is the assessment data. Several state assessments are exclusively online, therefore it is crucial that all campuses become prepared for the online interaction that came with online testing. Not many think of the amount of data that changes hands during online testing, so here is what you should start with:

• Esubmission – campuses uploading their respective secured e-documents required by the state in a folder in a secured location like and Office 365 SharePoint

• Transfer students data – moving students between campuses or districts

• Add-ons – adding new students to a campus roster

• Data exchanges – corrections of erroneous data in the system

• Data coming back from state sometimes being delivered to different districts

All of the above involve the interaction of various parties (campus testing coordinator, district testing administrator, state entities employees, platform customer service representatives, etc), and their communication is currently in emails (mostly via unencrypted services).

Here are a few things to make your digital assessment transition smoother.

Embed data security in all training modules, both for online testing and paper to prepare the campuses for the massive data exchange involved with online testing,. While test secure paper documents are tangible and easily identified by all, with the transition to online testing it is important to ingrain in staff that digital data, such as student information needed to correct a test, register the student on the platform, or transfer students between districts, is in fact highly sensitive PII that should always be handled carefully, and definitely not be exchanged via unencrypted email. Use your students to create fun and catchy memes and videos to train teachers and their peers.

Move all data exchanges to a secured form submission, with authorized access for certain staff to facilitate best practice adoption and reduce the risk of data lost or compromised. For example, at the beginning of last year, one state's practice was to email protected spreadsheets, and send the password in a different email, so the practice was changed with a secured office 365 folder with strict designated access. Likewise, any data exchanges needed by other districts are now happening via secured form request, and all transfer and/or release operations does not leave the state designated platforms. This eliminates the unnecessary steps (emailing back ad forth via unencrypted email) that could lead to data loss in case of email breaches.

Talk to your (and not only) vendors. Over the past year, many data practices were revised in response to our conversations with the state assessment leaders and their platform providers about new ways to ensure that all the interaction can happen exclusively in the system, and extraneous exchanges that may result in breaching, are avoided. We were also able to influence the creation of several new features on the testing platforms workflows to enable accessible, platform native bidirectional data exchanges; user feedback shapes the platform features, a lucrative aspect for the vendors, and peace of mind for schools, so don't be shy about your needs and suggestions.

Have a proactive plan known to all. In August I meet with representatives from all our direct and indirect assessment platform vendors. In this annual meeting I emphasize the need for data security, and request the cybersecurity plan to inform us on the vendors’ data breach/disaster recovery practices. This is part of an online readiness plan that can help you prepare for the unexpected. This must become a consistent practice for the schools, and it allows the partners, including the indirect ones, such as the state vendors, to change their practices, and improve their platforms to alleviate the need for information exchange outside the system, and even better understand how to protect themselves in the new, and potentially costly new digital learning environment.

Involve everyone. We are most successful when we build new practices and workflows together, as there are many opportunities to learn the technological ins-and-outs from each other. One constant that we do have, and must keep for the sake of ourselves, our staff and our students, is the simplicity of a well-known process, and the key ingredient in any successful change is trust. As we teach appropriate digital interaction, we must remember to keep things simple, avoid shrouding technology in mystery, and make information easily understandable and accessible. Besides, rules have not changed, but only the means with which to accomplish out tasks.

Help them own it. Open conversation, feedback, and follow-up create a sense of ownership in stakeholders, making them push themselves to learn and adopt the new ways, and improve the process. Organizational change happens when consistency meets ownership and sustainability. Making things happen is not a one-man, or one-department job, but a every-person-in-their-own-way contribution.

“Out of clutter find simplicity; From discord find harmony; In the middle of difficulty find opportunity” – Einstein

While there’s no need to reinvent the wheel, we can always change the tire if a new one is more resilient or better fitted! And who doesn’t love a smoother ride?