AEM Blue

The K-12 education community has become the No. 1 target for ransomware since the school year started. Ransomware actors have stolen – and threatened to leak – confidential student data to the public unless institutions pay a ransom.

AEM is proud to support the US Department of Education’s Student Privacy Policy Office with the launch of the Chief Privacy Officer (CPO) Network for state education agencies.

The CPO Network has kicked off with CPO participation from 28 states, representing privacy and security leadership over education records for more than 30 million public education students. CPOs in the network bring a range of experience, from one month in their role to more than 17 years of direct experience.

Background

Privacy and security have been at the forefront for those dealing with education data for many years. Since 1974 when the Family Educational Rights and Privacy Act was first passed, schools and districts have been tasked with keeping education data private and secure. Many states have also passed laws on student data privacy which provide additional protections to student information. This focus is continuing to grow as more and more schools are relying on technology systems to provide teaching and learning platforms for instructional purposes.

So why is the CPO network a priority for the Student Privacy Policy Office? A recent study was conducted by the U.S. Government Accountability Office by analyzing data from the K-12 Cybersecurity Resource Center from July 2016 to 2020. The study revealed the following:

  • Thousands of K-12 students had their personal information compromised in data breaches between 2016 and 2020
  • Compromised data included grades, bullying reports, and Social Security numbers—leaving students vulnerable to emotional, physical, and financial harm
  • Breaches were accidental and intentional—with a variety of responsible actors and motives
  • Wealthier, larger, and suburban school districts were more likely to have a reported breach

In December 2020, a joint report created by the FBI and other security agencies reinforced the importance of this effort. It revealed that for the 2020-2021 school year, the K-12 education community has become not only the No. 1 target for ransomware since the school year started, but also makes up most of all ransomware attacks. According to the report, “malicious cyber actors target school computer systems, slowing access, and – in some instances – rendering the systems inaccessible for basic functions, including distance learning. Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen – and threatened to leak – confidential student data to the public unless institutions pay a ransom.”

Join the Network

The CPO Network is designed to be a closed network of CPOs who have the responsibility of privacy and security of education records. CPOs can become a member of the network by submitting a request to the Privacy Technical Assistance Center (PTAC), which is located within the Student Privacy Policy Office of the US DOE, by sending an email to PrivacyTA@ed.gov.

Members will meet quarterly to discuss agenda topics and monthly during Open Office Hours to discuss topics of their choosing. In addition to sharing their excitement for a safe space to collaborate on current and emerging privacy and security issues, the CPOs have expressed eagerness for the opportunity to share and receive resources and best practices from their peers.

The CPO Network is being facilitated and supported by PTAC, which is led and operated by AEM for the past 11 years. PTAC develops data privacy and security resources and conducts training for education institutions across the United States. PTAC also operates the Student Privacy Help Desk offering assistance on complex student privacy issues to the education community. The knowledge and resources available from the CPOs, combined with the knowledge and resources available via PTAC, position the CPO Network as another tool state CPOs have in their efforts to continuously improve the privacy and security of education data.

If you are dealing with any privacy or security issues related to student education data, please contact PTAC at privacyTA@ed.gov or call (855)249-3072 for assistance.

AEM’s data and security experts work with federal, state, and local education agencies and institutions to address critical vulnerabilities, enhance practices, and maintain compliance with an evolving policy landscape. Please contact our team for more information.

RECOMMENDED BLOG POSTS

Massachusetts EOE Improves Development Capabilities Using Scaled ...

In this blog post, we will discuss the importance of project management and how the Massachusetts EOE has chosen to modernize their practices by implementing a Scaled Agile Framework (SAFe). We explore the ways in which this helps to improve resource allocation and project outcomes, and why it is important to take a structured approach to project management.

Data for One, Data for All

(Thanks to Johan Rempel from the Center for Inclusive Design and Innovation (CIDI) at Georgia Tech, who contributed to this article.)

The importance and impact of equitable access to data cannot be overstated. Data can directly impact personal decision making, and it informs policy, research, and education from the local level through to the federal level.

The old ‘knowledge is power’ adage could just as easily be replaced with ‘access to data is power.’ As it relates to the early childhood through K12 populations, stakeholders of that data may include any number people, including parents, educators, government entities, administrators, policymakers, researchers, and students themselves.

Announcing the Chief Privacy Officer Network for State Education ...

AEM is proud to support the US Department of Education’s Student Privacy Policy Office with the launch of the Chief Privacy Officer (CPO) Network for state education agencies.

The CPO Network has kicked off with CPO participation from 28 states, representing privacy and security leadership over education records for more than 30 million public education students. CPOs in the network bring a range of experience, from one month in their role to more than 17 years of direct experience.