(Newswire.net — March 6, 2020) — Cybercrime has become a major threat over the last decade with the increasing use of digital solutions by organizations and the rise of new technologies such as high-speed internet, artificial intelligence, mobile devices, big data, and cloud technology. The highly-publicized data breaches at some of the world’s largest organizations over the last several years, compromising the personal information of tens of millions of consumers, have done much to raise public awareness of this growing risk.
Yet it’s not only giant global corporations that cybercriminals are interested in. Increasingly, the nation’s educational institutions are being targeted, making K-12 students vulnerable to identity theft, extortion, and fraud.
Adam Mahoney, a NYC IT services professional who focuses on providing IT services to educational institutes across New York City.
American Schools Under Cyberattack
The U.S. Department of Education has reported that hundreds of data breaches occur at educational institutions every year, exposing the private information of both students and educators. K-12 schools and any institution receiving federal funds are required to abide by the data privacy regulations established by The Family Educational Rights and Privacy Act (FERPA), passed in 1974, but many schools say they lack the resources to meet the standards. Yet, many privacy advocates are saying that the law needs to be modified and strengthened to reflect new technologies and protect against the increasing sophistication of cyberattacks.
Low-Security Grades For Protecting Student Data
Last year two student privacy organizations, The Network for Public Education and the Parent Coalition for Student Privacy, released a study named The State Student Privacy Report Card giving all 50 states a letter grade based on the laws they have passed to protect the digital privacy of students. No state received an A+; Colorado scored a B, the top grade.
Rachael Strickland, the lead author of the report, stated, “Digital record-keeping has replaced traditional paper files, classroom assignments and assessments are often delivered online via laptops or tablets, teachers use social media platforms, websites and ‘free’ apps in class and many operational functions historically performed by schools are now outsourced remotely to contractors. As a result, students generate enormous amounts of sensitive electronic data about themselves every day, not all of which is clearly protected by federal law.”
The types of student personal data that can be at risk include their full name, birth date, home address, educational records, health records, and sometimes biometric data such as facial recognition scans and fingerprints. A cybercriminal in possession of this type of information can easily steal a student’s identity or commit fraud under their name.
Federal Privacy Laws Are Weak And Confusing
According to the report noted above, “Compounding the problem, FERPA has been weakened numerous times over the years through regulatory changes, making it easier for schools to collect and share this data with large private corporations, including Silicon Valley giants such as Google, Facebook, and Microsoft, as well as thousands of smaller ed-tech companies, many of them start-ups who offer their wares for free to schools in exchange for access to student data.”
In an attempt to compensate for the weakening of the federal law, states have stepped in to pass their own laws to protect the personal data of students. Although well-intentioned and enhancing protection to some degree, these new laws have also had the effect of creating a confusing legal labyrinth of statutes making it difficult for schools to stay in compliance.
States, Schools, And Vendors Are Responsible For Student Privacy
There has been an increasing call from schools and privacy advocates for FERPA to be updated to reflect the modern realities of data privacy and protection. But that won’t give schools the resources to stay in compliance with the new regulations.
The states and their school districts are responsible for protecting the personal information of students, but the same laws apply to the third-party vendors who provide them with services, and schools need to make sure these vendors comply with the requirements of their contracts. Parents also have a role to play in ensuring that schools have the right security safeguards in place.
Cybercrime is a threat that affects everyone, and it’s not going away. Only a combined effort by federal and state government agencies, K-12 school districts and their partners, privacy advocates, and parents can be effective at fighting back.