Easy Tips for Keeping Student Data Safe When Taking Your Work Home

Commercial cloud storage services such as Dropbox, iCloud and Google Drive can be incredibly convenient for busy educators who work from home after the school day is done. Need to revise a lesson plan or draft a document before class tomorrow? Cloud services make it easy: save your document to the cloud and access it from work the next day, without the hassle of emailing yourself files or carrying around a flash drive. But are they a safe way to store grades or confidential student data? To help you keep student data safe and avoid getting into trouble with your IT department (or worse!), let’s compare cloud service designed for consumer use vs. those services contracted by your school or district.

A cloud service is any service made available to users via the internet, as opposed to being provided on a company’s own servers. Cloud services can include many types of services including but not limited to:

  • Online data storage and backups (Dropbox, Carbonite)
  • Web-based e-mail (Gmail, Yahoo mail, etc.)
  • Hosted office suites and document collaboration services (Office 365, G Suite)
  • Online platforms (such as Google Classroom or other learning management systems)

For example, when you store a document in Dropbox, your document is being stored on servers owned by Dropbox, as opposed to servers owned and operated by your school or district. “Local” file storage, on the other hand, would be storing documents on your computer hard drive, or perhaps on a shared network drive, where data is stored on a server physically located on your school campus or in a district data center.

Cloud services can be used by individuals (such as a personal Dropbox account) or by companies (such as a district using G Suite for Education). Cloud services contracted by school districts often have different features, privacy policies and terms of service (TOS) agreements than those used by individuals. For instance, the core applications in Google’s G Suite for Education have different privacy policies than your personal Gmail and Google Drive account, to help ensure school districts stay compliant with student privacy laws like FERPA. So while it might be just as easy for you to access data stored in your personal Google account as your school G Suite account, you should never store student data in a personal Google account. The same applies for storing student data in other personal cloud accounts, such as Dropbox, iCloud, Office365, or Evernote.

If you are looking to store work-related but not confidential data in the cloud, such as lesson plans, the guidelines are less clear. Check with your school or district IT department to find out what online storage tools or platforms, if any, are sanctioned for educational use. Some schools and districts may limit work-related cloud storage to officially approved platforms; others might provide more flexibility. Regardless of the platform, use 2-factor authentication whenever possible. In addition, since part of the attraction of cloud based storage is the ability to access files on your phone or tablet, be sure to lock your phone with a passphrase – the longer the better!

What is 2-Factor Authentication?

2-Factor Authentication, (also known as TFA or multi-factor authentication, is an extra layer of security that requires

  1. a username and password, and
  2. something that only that user has on them,- for example, a physical token (like an ID card) or an additional code sent via SMS text or generated via a mobile app.

You’ve probably used 2-Factor authentication before, even if you didn’t realize what it was called. For example, when you log into a bank website, you might have to (factor 1) enter your username and password and then (factor 2) enter a temporary code that is then sent to you via email or text message after you have submitted your log-in credentials.

Check out our related blogs on 3 Easy Ways for Educators to Keep Their Accounts Secure and 3 Easy Steps for Educators to Make a Secure Passphrase.

Susan M. Bearden is an education technology consultant for the Future of Privacy Forum and the Chief Innovation Officer for the Consortium for School Networking. She was previously the Senior Education Pioneers Fellow at the U.S. Department of Education’s Office of Educational Technology in 2015-2016, and the Director of Information Technology at Holy Trinity Episcopal Academy in Melbourne, Florida.