The start of a new school year typically brings new staff to buildings. During my recent travels across the country to visit with customers, it became very evident to me that many districts are experiencing significant turnover due to retirement. The new certificated and non-certificated staff taking their place in the local K-12 community may not have the background or training to understand the full weight of the responsibility that comes with having some level of access to confidential student data stored in a SIS or other database software.
A lack of adequate end-user training for the new staff is very commonplace. “Here are your temporary log-in credentials…” “Here are some manuals…” “Call the support line if you have any questions…” Sadly, these brief sentences are, more times than not, the only “training” a new end-user receives during their first few weeks on the job. We all understand that budgets are tight, but it is important for districts to not underestimate the potential problems that could arise from a lack of basic confidentiality training for new staff.
When it comes to the security of student data, users of software products should realize that an application can only do so much in the way of restricting access to confidential data. All the possible safeguards one could imagine can be easily circumvented by a lack of district security policies. After 20 years in the K-12 SIS software business, I still hear stories about districts that experience exploitation of student data by individuals who have simply learned or deciphered simplistic (or unchanged “temp”) log-in credentials.
Beyond access considerations, another key training issue surrounds what constitutes appropriate disclosure of data. Staff must understand the nuances of FERPA and HIPAA. Your district may already have training material for new hires that provides a high-level overview of FERPA, HIPAA, and other security and privacy issues. But if your district needs to craft this type of training material or revisit existing materials, I would suggest viewing a presentation given by the New Mexico Public Education Department at the recent New Mexico Data Conference. (In the document, the name STARS refers to their state collection.) The NMPED document succinctly details key points surrounding disclosure of student data.