October was National Cyber Security Awareness Month. IT spent time in October reminding Wayne County Superintendents and Technology leaders the importance of cyber security practices and awareness. We even highlighted a few strategies to secure our data while still leveraging digital communication.
Our policy and FERPA requires that Personally Identifiable Information shall be limited to those with an academic interest in the student and “ensure the security, safety, and confidentiality” of this information (see board policy 4500 – Information Security)
The acceptable use of Technology (4500-R) also clarifies that email is not considered secure (see highlighted below). The fact it was in an image does not make it non-readable with technology that can identify text in images.
15. Data Security
Staff/contractors may have access to client student, employee, and financial information. All reasonable steps will be taken to keep data confidential and secured. Data will not be stored on unsecured laptops, transmitted over an unsecured transmission, including email, or left in unprotected office space. Data will only be used for the intent of assisting clients. Staff and contractors are required to read and sign the Acceptable Use of Technology annually.Acceptable Use of Technology (4500-R)
However, we have other methods to share data securely:
- https://securedropbox.oakland.k12.mi.us – It looks and works like an email client, but keeps the data secure and it self-destructs after a few days.
- Use Outlook “Encrypt” option (not available in Mobile App)