Human Resources |
Article by Melissa Musser, Aronson LLC
From the September/October 2018 Net Assets Magazine
The General and the Diplomat: Cybersecurity at Independent Schools
A GDPR Primer
In order to truly know where your school stands, we recommend performing a privacy risk assessment. Suggested steps:
We also recommend that schools revisit existing agreements with vendors and other third parties. Do contracts include an expectation of privacy and data security measures, as well as limitations on liability in the event of mishandling or improper disclosure of sensitive data? If the third party is a technology company, inquire if the organization has signed the “Student Privacy Pledge,” launched in 2014 by the Future of Privacy Forum and Software & Information Industry Association and signed by more than 300 companies.
The Pledge is a list of 12 legally enforceable commitments that include not selling student personal information, and not collecting or using student personal information other than what is needed for the given educational purposes. Ed tech companies take the pledge to affirm they safeguard student data. The pledge concisely details existing federal law and regulatory guidance regarding the collection and handling of student data and encourages service providers to more clearly articulate these practices.
Download a PDF of this article.
The General and the Diplomat: Cybersecurity at Independent Schools (Sept/Oct 2018)
A GDPR Primer (web-only, August 2018)
Sign in to leave a comment
Get Net Assets NOW
NBOA's free twice-monthly newsletter
1400 I Street, NW, Suite 675Washington, DC 20005www.nboa.org