Small Missouri school district thinks big about privacy and security
The Raytown Quality Schools district in the Kansas City, Mo., metropolitan area serves fewer than 9,000 students—but Raytown officials think big when it comes to privacy and security.
The district recently earned the Consortium for School Networking (CoSN) Trusted Learning Environment (TLE) Seal for carrying out a commitment to ensure the privacy and security of student data. Raytown was one of seven school districts selected for the seal out of nearly 90 school districts that applied.
In the second in a series on districts earning CoSN’s TLE Seal, EdScoop talked with Melissa Tebbenkamp, director of instructional technology for the Raytown schools, about the ins and outs of privacy and security in her district and what she and her team gleaned from going through the process of earning the Trusted Learning Environment Seal.
EdScoop: What motivated your district to pursue the CoSN seal?
Tebbenkamp: Data privacy has been a big priority for our district and for me personally. I’ve worked with CoSN for several years on their data privacy committees and focus groups. So much of our content is going digital and so much of what our students are doing is going digital. A lot of people don’t understand the impact and the need for [data privacy and security] as we continue to go a more technology-rich environment.
What challenges did you face before you embarked on your pursuit of the seal?
One of the biggest challenges that we face in our district as far as [privacy and security] is the use of third-party services. Many free Web sites out there are a tremendous challenge for us because they look like great tools; they’re very user-friendly and they’re very attractive. And, by golly, they’re free, and our teachers love free stuff because the reality is that we don’t have endless pots of money.
The problem is that a lot of these free resources aren’t as safe as we need them to be, and they have a lot of “gotchas” in their contracts. So a big challenge was just training our staff and our teachers to understand the importance of data security and the need to [use our Web site] vetting process.
Another challenge we have is contract negotiation. We need to make sure our contracts are compliant with federal laws intended to make students safe. A lot of companies say, “We’re going to put all the compliance and liability on you as a district.” I can’t take on all of their liability. So [it’s a challenge to find] sites that understand the education spectrum and are out there to partner with us instead of trying to make money off the product.
What steps did you take and what resources were required to earn the seal?
Our state auditor is in the process of conducting data security and privacy audits. At the time the TLE seal application was released, the first audit results [were coming out]. We went through the audit results [and found that] they aligned really closely with the TLE seal requirements. So we looked at the seal requirements, at what the auditor found for other districts and at practices around the nation.
Then we pulled together all of our existing policies and practices to look for any gaps. And the one thing we were missing was just putting it all together.
Read: How Miami-Dade County keeps finger on pulse of threat landscape.
So in applying for the seal, we created a data-governance manual, a collection of all of our policies, procedures and practices. That’s where a lot of energy was focused. We needed it anyway to connect all of the dots. And that helped us with our application significantly–and it also helps us prepare for an audit if one comes around.
What lessons did you learn from the process?
In pulling together the manual, we could identify areas where we’re not as strong—I won’t necessarily say weaknesses but maybe areas where we needed a little more development. It also gave us a platform to have district-wide discussions [about security and privacy] and give a new sense of urgency to it. Other districts in the state or the area don’t necessarily follow all of these best practices. To have that validation [from earning the seal] of our practices and procedures shows that we really are being progressive.
How do you feel that earning the seal will help your district’s reputation?
In Raytown we don’t stop just stop [at privacy and security] — we pride ourselves in showing leadership on many fronts. I think sometimes we’re overlooked because we’re overshadowed by other big districts around us. We’re a very forward-thinking, big-picture district and we like to be a leader in different practices, whether it’s our approach to employee wellness or getting an entire career program going for a consortium of other districts.
What advice might you offer other school districts?
It can’t happen overnight. If we hadn’t been making the strides [in security and privacy] we have over the last four or five years, the seal application process would have been a lot more difficult.
There are a lot of different facets, from the training and procedures to how you handle contract negotiation. Those behaviors take time to change. We go by the motto “Go Slow to Go Fast.” That’s what I would recommend for those who are aspiring to be a leader [in data privacy and security]: remember to go slow to go fast because you’re not going to make real, productive, sustainable change overnight.