Skip to Main Content
Best practices Security & Privacy

Steps Canadian schools can take today to better protect student data

August 25, 2023 Sriram Seshadri

While Canadian educators are calling for better safeguards in data privacy, there are actions that schools can take right now. Clever’s Director of Security provides recommendations for vetting vendors and building a culture of cybersecurity within Canadian schools.

As Canadian educators start the 2023-24 school year, they’re speaking out on one of the most important issues to come out of the COVID-19 pandemic: data security. In July, both the 365,000-member Canadian Teachers’ Federation (CTF) and the regional Alberta Teachers’ Association issued strong, clear statements about the imperative to protect student information from what the CTF called “unchecked monetization.” Both statements call on policymakers to pass legislation preventing edtech companies from selling the data they collect to third parties. 

But as schools look to implement better safeguards for student data privacy, it’s critical to ensure cybersecurity is embraced comprehensively – with commitment not just from lawmakers but at every level of school systems, from individual teachers and staff to leadership.  

A 2023 study by researchers from the University of Chicago and New York University underscored the serious lifelong impacts data breaches can have on students, highlighting why robust cybersecurity measures are essential to safeguard student privacy amid the rapid increase in edtech. Compounded by several recent incidents in Canada, it’s imperative that cybersecurity and student data privacy remains at the forefront of ongoing conversations. 

Protecting student data: What can schools do right now?

One solution for schools outside of legislation involves carefully vetting the privacy policies of edtech companies, something that was impractical during the mad rush in March 2020 to transition to in-person learning. This requires that school systems perform privacy impact assessments of all tools being used within the system — and, ideally, performing this assessment before implementing a given solution.

Administrators should work with companies to ensure that there are necessary controls to reduce privacy violations and data security. Many edtech companies, including mine, only partner with platforms that have agreed to abide by relevant laws and the company’s rules about data collecting and sharing. 

When evaluating potential edtech partners, there are a few key steps schools can take:

  • Closely review vendor privacy and security protocols. Ask detailed questions about data encryption, access controls, breach responses, logical segregation and other safeguards.
  • Establish clear vetting standards tailored to your school’s policies and priorities. Rigorously evaluate each vendor against those benchmarks for the data they are handling.
  • Conduct ongoing monitoring, reassessing vendor relationships at least annually. Check policies for changes, audit data flows, and re-verify controls as risks evolve.

But vetting edtech vendors is only one part of the solution. Truly securing student data requires engagement across the entire school community. Cybersecurity cannot fall solely to IT staff—it must become a shared priority through training and open conversations that empower all stakeholders

We encourage schools to engage community voices in open discussions about cybersecurity risks and collectively build layered defenses through informed and vigilant staff, training, and technologies like multi-factor authentication. Activating the whole school is key, as cybersecurity is too critical and widespread an issue to silo. 

With collective action across all levels, schools can help safeguard both student privacy and continued learning amidst the growing role of edtech.

More to read

Cybersecurity for schools: Everything you need to know
District Districts

May 23, 2024

Cybersecurity for schools: Everything you need to know

Ensure data security and meet regulatory compliance. Discover the cybersecurity essentials for K-12 schools, including strategies to protect student information.

Implement stronger security in 2024 with  new layered security tools
District Districts

May 20, 2024

Implement stronger security in 2024 with new layered security tools

Clever is offering comprehensive layered security solutions and a cybersecurity blueprint to help K-12 combat cyberattacks.

Implementing school security tools with a team of one
Districts

January 22, 2024

Implementing school security tools with a team of one

Clever IDM revolutionizes school security by simplifying password management, reducing IT support tickets, and streamlining operations. This partnership empowers a K-12 leader in Wisconsin to efficiently implement changes, boost security, and confidently embrace broader technology initiatives.

Subscribe to receive news and updates from Clever.

This field is for validation purposes and should be left unchanged.