Future-Proof Record Retention#Data
by Casey ThompsonRead time:
School records hold a position of particular importance to communities. School districts also have a responsibility to provide access to certain records for the entirety of a student’s life. Imagine how much technology has changed in the last few decades. Adjust for the technological leaps and bounds we have yet to encounter (or invent), and record retention gets rather complicated.
Record retention then and nowData managers in schools are no strangers to odd file formats. As SIS managers have described in the past, records today range from elaborate hand-written (and rapidly decaying) gradebooks to microfilm and microfiche.
Schools must be prepared to furnish certain education records like transcripts for students regardless of how long ago they graduated. In recent years, these records have mostly moved online to student information systems.
Online data retentionStudent information systems often provide a cloud-based data storage solution. Some districts may prefer to host student data onsite in their own servers. Either way, preparing data for long-term storage incorporates two main areas of concern: preventing data decay and securing data.
Data must be preserved, so it needs to be stored in a format that will remain easily accessible even after an SIS becomes obsolete or school leadership chooses a new system. Interoperability standards have emerged, which help with transitioning from system to system, but it’s early yet to anticipate a seamless transition from one SIS to another.
It also doesn’t make sense to expect every SIS to read every single transcript file dating back through a district’s entire history. It simply means that before an SIS is abandoned by a school district, they must extract and preserve copies of all relevant records from the cloud or other storage solution. To decide which format would be most appropriate, consult data professionals within the district and at edtech vendors. Often, the simplest file type is the one to choose to ensure readability long-term. Look to the pros for proof: the Smithsonian Institute has their own guidelines for keeping digital files.
But wait—isn’t a simple file begging to be compromised? No, file types and security are two separate concerns. Keeping student records in an easily accessible, simplified format only works if security is complex and robust.
Backing up data is the first step to security. Data recovery from various threats, whether man-made or natural, depends on having a secure backup. The 3-2-1 method requires three different copies of data stored on two different media with at least one kept offsite. This challenges record retention specialists to maintain several types of backups but keeps irreplaceable data safe.
Ransomware attacks are one of the biggest threats to data retention, and many schools are ill-equipped to deal with one. This makes schools an easy target for hackers. Many ransomware attacks begin with hackers finding an “in” through one of the biggest threats to security in a district: people.
Phishing, especially carefully targeted, name-dropping attacks called spear phishing, create immense vulnerability for districts. Try making the “why” part of your phishing training: everyone in the district is on the front lines of protecting student data from ransom.
Edtech vendors are responsible for maintaining iron-clad cloud security on their end, too. Insist on open communication about security protocol to keep everyone on the same level of data security. While the district stands to lose millions in the event of a data attack, students are at risk of losing their privacy.
It’s worth the effort to enact a solid strategy for keeping data safe.
For more information about data security threats and training, check out these resources:School Districts for Ransom
Security Drill: 3 Threats to Watch For
Beware These 5 Threats During COVID-19
Vetting Apps Across the District
|Casey Thompson Edtech Thought Leader|