Privacy vs Security

As technology plays an ever increasing role in our educational systems, schools have an obligation to protect themselves and the privacy of their students. The more technology integration applied in the school, the more comprehensive the security measures that must be incorporated. Privacy and Security no longer are two separate entities1. Both students and teachers must be aware that in order to protect vital information, such as identification information, grade reports, IEPs and the like, some personal freedoms must be narrowed to protect the security of the greater population. The ability for a school to maintain a working security plan depends on the level of understanding and compliance of its students and employees.
To provide a comprehensive security plan, privacy and security issues should be itemized and prioritized. Issues such as student and employee personal information, e.g. income, social security numbers, grades, IEPs, home phone and address, and disciplinary records should be allotted the most privacy and security. It is commonly accepted that employers may have access to email, phone, and student and teacher records. Many states are requiring background checks and fingerprint verification before employment within a school is granted.
Option 1:
The school district needs to develop and post a comprehensive security plan. From this plan, the institution would develop an acceptable use policy (AUP), detailing the responsibilities of each teacher and student. Consequences for violating these rules should also be outlined. Each employee and student wishing to utilize the school technology provided must first read and sign the AUP. The AUP document should be easily accessible from the district website. Modifications can be made on a district by district basis. The following is a sample AUP:
School District Technology Regulations

Permitted:

1. Use your school Network/Internet for educational purposes only.

2. Use the Internet responsibly. YOU are responsible for all material received via the Internet. Sites that are blocked by the school servers can only be over-ridden by authorized school personnel.

3. Use your SCHOOL email account for educational purposes only.

Not permitted:

1. Use the school Network/Internet for non-educational purposes (which includes games, facebook, etc).

2. Attempt to circumvent Network/Internet security measures, default or teacher-created settings, or create and/or place a computer virus onto any computer

3. Access any password-protected school software with out explicit permission. Any passwords created by or given to you must be kept completely confidential. It is a violation to provide any other person with this information without permission of administration or the technology coordinator. This includes user IDs and passwords.

4. Trespass/share another’s account, folder, work, or files. This includes: delete, rename, move, copy, any file or its properties, other than your personally owned data files

5. Load/copy/run software or executable files of any kind onto any of the district’s computers or network server

6. Create, send, display, or receive anti-social, harassing or threatening messages, pictures, or other media, including that which is defamatory, abusive, obscene, profane, racially offensive, or offensive to human dignity (which includes the creating of violent Power Point presentations)

7. Create, send, display, or receive hate mail, discriminatory or other antisocial remarks, or information which is intended to harass

8. Receive or transmit information pertaining to dangerous instrumentality such as bombs, automatic weapons, or other illicit firearms, weaponry, or explosive devices

9. Complete and/or submit forms found on web sites/reveal personal information (i.e. name, address, phone number) without permission.

10. Participate in any type of newsgroups, “chat” rooms, or instants messaging without permission. Teachers should check with the technology coordinator before using these resources in any school assignment.

11. Violate the federal copyright laws and/or software license agreements

Consequences:
It is the user’s responsibility to abide by the rules set forth in this policy. Violations will result in:

• The user’s account being removed from the Network/Internet for a period of one week, one month, one semester, or one year depending on the gravity of the offence
• parental notification

Depending on the gravity of the offense, other administration and/or legal action may occur.

Attempts to log in to the system as a teacher (if a student), another user or system administrator will result in immediate cancellation of user privileges.

The network administrator, school administrators, superintendent, and/or the school board may request specific accounts to be denied, revoked, or suspended.

The district has the right to monitor all communication, including email and voicemail accessed through the school servers. Key-stroke or other similar software may be utilized at any time for the purposes of ensuring school safety and security.

Pros: The AUP is comprehensive. By signing the document, any liability would fall on the user.
Cons: The policy is impersonal. The district cannot be sure that all the items are completely understood by the users. Additionally, thought the consequences are laid out clear, users may no be aware of how to best secure their information.

Option 2:
A security system is only as strong as its weakest link. Teachers and students must be aware of ways to protect the security of the school and the reason for the adopted measures in order to increase compliance. The district could distribute the AUP to teachers and students and require a ½ day of training in appropriate security measures before the AUP can be signed. An addenda to the AUP should state that appropriate training has been received regarding ways to effectively implement this policy. Teachers should be expected to require these objectives from their students as well.
Pros: Not only is an appropriate security policy in effective, all parties are aware of the terms and consequences. Additionally, all parties understand the best practices needed to implement these policies.
Cons: Time and training is needed to effectively implement this plan.