AEM Blue

The K-12 education community has become the No. 1 target for ransomware since the school year started. Ransomware actors have stolen – and threatened to leak – confidential student data to the public unless institutions pay a ransom.

AEM is proud to support the US Department of Education’s Student Privacy Policy Office with the launch of the Chief Privacy Officer (CPO) Network for state education agencies.

The CPO Network has kicked off with CPO participation from 28 states, representing privacy and security leadership over education records for more than 30 million public education students. CPOs in the network bring a range of experience, from one month in their role to more than 17 years of direct experience.

Background

Privacy and security have been at the forefront for those dealing with education data for many years. Since 1974 when the Family Educational Rights and Privacy Act was first passed, schools and districts have been tasked with keeping education data private and secure. Many states have also passed laws on student data privacy which provide additional protections to student information. This focus is continuing to grow as more and more schools are relying on technology systems to provide teaching and learning platforms for instructional purposes.

So why is the CPO network a priority for the Student Privacy Policy Office? A recent study was conducted by the U.S. Government Accountability Office by analyzing data from the K-12 Cybersecurity Resource Center from July 2016 to 2020. The study revealed the following:

  • Thousands of K-12 students had their personal information compromised in data breaches between 2016 and 2020
  • Compromised data included grades, bullying reports, and Social Security numbers—leaving students vulnerable to emotional, physical, and financial harm
  • Breaches were accidental and intentional—with a variety of responsible actors and motives
  • Wealthier, larger, and suburban school districts were more likely to have a reported breach

In December 2020, a joint report created by the FBI and other security agencies reinforced the importance of this effort. It revealed that for the 2020-2021 school year, the K-12 education community has become not only the No. 1 target for ransomware since the school year started, but also makes up most of all ransomware attacks. According to the report, “malicious cyber actors target school computer systems, slowing access, and – in some instances – rendering the systems inaccessible for basic functions, including distance learning. Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen – and threatened to leak – confidential student data to the public unless institutions pay a ransom.”

Join the Network

The CPO Network is designed to be a closed network of CPOs who have the responsibility of privacy and security of education records. CPOs can become a member of the network by submitting a request to the Privacy Technical Assistance Center (PTAC), which is located within the Student Privacy Policy Office of the US DOE, by sending an email to PrivacyTA@ed.gov.

Members will meet quarterly to discuss agenda topics and monthly during Open Office Hours to discuss topics of their choosing. In addition to sharing their excitement for a safe space to collaborate on current and emerging privacy and security issues, the CPOs have expressed eagerness for the opportunity to share and receive resources and best practices from their peers.

The CPO Network is being facilitated and supported by PTAC, which is led and operated by AEM for the past 11 years. PTAC develops data privacy and security resources and conducts training for education institutions across the United States. PTAC also operates the Student Privacy Help Desk offering assistance on complex student privacy issues to the education community. The knowledge and resources available from the CPOs, combined with the knowledge and resources available via PTAC, position the CPO Network as another tool state CPOs have in their efforts to continuously improve the privacy and security of education data.

If you are dealing with any privacy or security issues related to student education data, please contact PTAC at privacyTA@ed.gov or call (855)249-3072 for assistance.

AEM’s data and security experts work with federal, state, and local education agencies and institutions to address critical vulnerabilities, enhance practices, and maintain compliance with an evolving policy landscape. Please contact our team for more information.

RECOMMENDED BLOG POSTS

Announcing the Chief Privacy Officer Network for State Education ...

AEM is proud to support the US Department of Education’s Student Privacy Policy Office with the launch of the Chief Privacy Officer (CPO) Network for state education agencies.

The CPO Network has kicked off with CPO participation from 28 states, representing privacy and security leadership over education records for more than 30 million public education students. CPOs in the network bring a range of experience, from one month in their role to more than 17 years of direct experience.

Be SAFe and Realize the Full Benefits of Agile IT Practices

An increasing number of education agencies are turning to Agile software development as a preferred approach for delivering software services to their business users. This approach helps to lower project risk and align IT resources around a shared set of goals.

While Agile offers high value at a project level, the reality is that it can be challenging for large and complex organizations to adopt. To achieve full-scale Agile adoption, the Scaled Agile Framework (SAFe) offers a number of benefits that we’ll discuss in this article.

How Generate Advances Common Education Data Standards

This blog post was co-authored by Nancy Copa.

To help with the heavy lifting, Generate, a freely available application, can be used to automate compliance education data reporting to the US Department of Education.