"5 Questions: How Can You Protect Student Data?" article banner

5 Questions: How Can You Protect Student Data?

As data privacy debates become more prevalent, consumers are working to find the best way to keep their data safe. Strong passwords, limited exposure, and diligent data deletion can help us all in our personal lives, but how are schools and districts responding to this 21st-century problem? Here we discuss five common questions around data in education as a way to encourage educators to delve into their issues for themselves. No one-size-fits-all solution will work to protect student data in every school, so discuss these pressing questions with your leaders to help determine the best plan of action for your specific school or district.

document with magnifying glass

1. What information should be collected?

Before entering a discussion on how to protect student data, schools and districts should evaluate what data they are already collecting. Personally identifiable information, or PII, refers to any data or information about students that might reveal their identities. The collection of some data is inevitable and necessary to provide a proper education. Subsidized lunch programs, specialized learning needs, and basic record keeping require that information be disclosed to schools and districts. But recent debates have called into question the need to collect other data such as social security numbers and even addresses. Many administrators are asking themselves if this information is necessary to provide a student with a quality education. And if not, should they even be collecting this data to begin with?

The answer to this question gets even more complicated when incorporating open resource providers who collect demographic information to customize ads, autocomplete searches, and suggest content. Consider where your student data is being stored, and how it is being used in every interaction, even something as innocent as reporting standardized test scores. Schools with very small African American student populations could inadvertently compromise the anonymity of students by comparing test performance by race. But this information is necessary to obtain some federal, state and local funds as well as to evaluate the efficacy of educational practices across districts, states, and countries.

bar graph

2. How should data be used?

As described by EdSurge, data is also used to “understand how well students perform over time, how well a school system is serving different populations, and how well different educational strategies are succeeding.” While statistical analysis is often laced with controversy, if we stop collecting data and performing analysis, we will have even more difficulty identifying what works and what doesn’t in terms of student success. Larger statistical trends can inform policy and funding while the introduction of education technology has changed the way we teach individual students. Adaptive technology changes the order, content, or pacing of a course to meet the needs of an individual student based on his or her knowledge of that particular subject. With the popularization of these programs, schools have also exponentially increased the amount of student data they possess. While most can agree that this level of personalization provides a more customized educational experience for the student, it also increases the number of potential risks to their PII and highlights the need for schools to protect student data.

box with an x

3. When should schools allow students and parents to opt out of data collection?

As parents struggle to protect student data, they may ask about opting out of all data collection. As described previously, some data is necessary to ensure quality programs at both the individual and institutional level, so opting out of data collection entirely is not a long-term solution. Parents do have the right, however, to determine how their student’s data is used for secondary uses such as marketing. In fact, FERPA mandates that schools require parents to give informed consent before their student’s data is used for purposes outside of primary school functions. But the hesitancy parents feel about the level of data collected by schools should be weighed against the value this data provides.

Instead of opting out, one parent has pushed schools and districts to observe “National Student Data Deletion Day” every June 30th. As part of this, he suggests that schools automatically delete student browsing history, student work saved on open platforms such as the Google G Suite, student emails, biometric data, behavioral data, and student physical location data. By cleansing these data points at least once a year, schools can better protect student data from potential leaks.


4. So, how do we protect student data?

Finding a way to protect student data while also using that data to inform instruction and demonstrate learning efficacy can be challenging. As one district’s Coordinator of Instructional Technology points out, “we are not a bank.” And while he wants parents to trust they will protect student data and use it responsibly, he also emphasizes that, “Our needs are different, and our security measures can’t be the same. We can’t get in the way of learning and helping children become curious and innovative.”

With the increased legislation around student data privacy, it is essential for schools to comply with laws and maintain a secure network to house and protect student data. Establishing one point of contact, often the Technology Director, can reduce confusion and help define procedures for the entire school or district to reduce the likelihood of data breaches. Simple policies such as requiring students and teachers to update passwords regularly help protect student data and assuage parental concerns. The IT department should also secure their network with firewalls, intrusion protection solutions, and authentication software. Also, ensure vendors have similar policies in place to protect their systems. Many technology providers have even started regularly hacking their own system in an attempt to discover how an outsider might be able to break in, and then subsequently patching those weaknesses. But to protect student data, schools must look beyond the IT department, and involve the entire school or district (including students themselves). Resources like the Data and Privacy Dashboard of the Future Ready Schools Framework created by the Alliance for Excellent Education provide suggestions to help schools and districts stay protected.

data cloud with a lock

5. But really, how do we protect student data?

Teach students digital citizenship

Lessons around digital citizenship should start before students even push the power button. Nowadays, students may be sophisticated with texting, social networking, and playing video games, but without proper guidance, many don’t know how to navigate search engines, evaluate online sources for credibility, or behave safely and appropriately online.

Establish protocols and build strong passwords

Any system that stores, uses, or integrates with student information should be password-protected for any user. Furthermore, teachers should lock their computers when they’re away from them, and everyone—faculty and students—should be educated on how to create a strong password, as well as what sensitive information should not be shared with others.

Keep security in mind with device rollouts

Security issues tend to increase when more devices are connected to networks. Consider segmenting traffic so that each part of your network can have separate security permissions to provide different types of users (e.g., educators, students, visitors, etc.) with different, appropriate access.

Increase network monitoring

Closely monitoring your networks and regularly enforcing rules around network routers, switches, and firewalls can help ensure that everyone is mindful about network security at all times.

Have backups and keep systems updated

Back up critical information and store it in an offline device as often as possible. Additionally, make sure all operating systems and antivirus programs on all devices that are connected to your network are up to date. (Here are some other tips on building the best district data center.)

Reach out to a network security expert

An expert can help identify potential holes and cracks in cybersecurity defense procedures and systems, and offer suggestions on how to best fix them.


Leong, B. (2015, March 16). Why opting out of student data collection isn’t the solution. EdSurge News. Retrieved from https://www.edsurge.com/news/2015-03-16-why-opting-out-of-student-data-collection-isn-t-the-solution

Peterson, T. (2017, January 16). K–12 Districts find that education and awareness are key to privacy protection. EdTech. Retrieved from edtechmagazine.com/k12/article/2017/01/k-12-districts-find-education-and-awareness-are-key-privacy-protection

Personally Identifiable Information. (2015). In The Glossary of Education Reform. Retrieved from https://www.edglossary.org/personally-identifiable-information/

About the Author


Emily Kirk

After growing up in the Phoenix area, Emily escaped the heat to study in Flagstaff where she graduated from Northern Arizona University with a BA in Art History. She went on to work and study at The University of Phoenix, earning her MBA. After volunteering to teach English in Chile for a semester, she worked in sales and marketing for a major ocean freight carrier. Throughout her career, Emily has also taught ballet, so she is thrilled to be part of the Where Learning Clicks team where she can combine her love of teaching and business acumen to help transform classrooms.