Asset Notebook Warehouse SecurityAccess PDC-final PDC Upcoming AdjustedSection AttendanceType ClosedSection Comment CurrentOpening DiscardScore DroppedAssignment DroppedSection InProgress MissingScore NoCount NotConnected OpenConflicts OpenSection RetainGrade ScheduledClass ScoreClarifier TransferGrade Unused VerticalSplit StudyHallScheduler SaveStyle SaveRun RunReport Rounded Link FoodMenu Diploma ClassMessage ChangeSection Bus Books Book Attachments RestrictedAccess Unpublish Publish Number0 Lightbulb GradPlanReq AVID Levels Headstart Military Number9 Number8 Number7 Number6 Number5 Number4 Number3 Number2 Number1 LetterZ LetterY LetterX LetterW LetterV LetterU LetterT LetterS LetterR LetterQ LetterP LetterO LetterN LetterM LetterL LetterK LetterJ LetterI LetterH LetterG LetterF LetterE LetterD LetterC LetterB LetterA Exclamation Ellipsis Cart-new Guidance History Unsubscribe Timespan ApproveDeny Noncritical PendingChanges CartLoad CartUnload ClearLeft nextArrow IHP Keyboard Email Unlink NSE AtRisk LEP Substitute Hourglass AddPlusLines QueuePeople Release Currency Percentage Comma IncreaseDecimal DecreaseDecimal ReleaseCompleteLater WOOF-Tile Out-Tile In-tile Break-Tile SwitchJobs-Tile TOOF-Tile Stethoscope ClipboardPencil CourseRequest Contact EmergencyContact AddPage ChangeLog Paintbrush Hide DeselectAll SelectAll UpdateBack UpdateAccounting Reselect Unschedule RollbackBudget AdvanceBudget Adjust AdjustDrop NSFCheck Private Rebuild Build AddHeader2 DontSave Draggable Stop GraduationRequirements Password Aggregate SpecialEducation Section504 PartiallyEnrolledDropped Import ReplaceReport InsertImage DropClass ScheduleChanges PartiallyEnrolled Activate Deactivate Split StudentProfile Impersonate TestScores AddCourseRequest AutoSchedule ReplaceSection Selection Revert Export DesignReport AddMainSection AccountReceivable Transparent Twitter Uncompress Underline Undo Unlock Update Upload User Utilities Vendor VerticalBottomAlign VerticalCenterAlign VerticalTopAlign View ViewCourseList Void Warning Workflow YearEnd AccountPayable ActivityAccess AddCourseList AddNote AddPlus AdminAccess AdvancedSecurity Analytics ApplySchemaChange ArrowDown ArrowLeft ArrowRight ArrowTriangleDown ArrowTriangleLeft ArrowTriangleRight ArrowTriangleUp ArrowUp Attendance BatchAndConfirm Bold BorderBottom BorderColor BorderLeft BorderRight BorderTop Breadcrumb Budgeting Calculate Camera Cancel Cart CenterAlign Check CheckBox CheckBoxPartial CheckBoxUnchecked CheckmarkConfirm ChevronDown ChevronLeft ChevronRight ChevronUp Clear ClearFilter Clone Close ClosedFolderAlt ClosedGrading Collapse CollapseAll ColumnHeight Columns ColumnWidth Community Compress Conflict Consolidate Curriculum Customization Date Default Delete Demographics DialogPrompt Discipline District Dock DockClose Download DropDate Edit Education ELogoColor Employee EmployeeAccess Enrollment Error Excel Expand ExpandAll Facebook Family FamilyAccess Fee FileSettings FileUtility Filter FontBackgroundColor FontColor FoodService Globe GooglePlus GradeBook Health Help Home Image In Info inlineEdit Italicize LeftAlign Legend Lock Lunch MainMenu ManageFiles MassAssignClose MassAssignOpen MassChange MenuCollapsed MenuExpanded MissingAssignment Money NewStudent NewStudentImport NewWindow NoImage Number OneToMany OpenFolderAlt Out Override PaddingBottom PaddingLeft PaddingRight PaddingTop PageBreak PagerArrowBackward PagerArrowForward Pause Payroll Position PrintAvailable ProcessInBackground Purchasing Queue Redo RemoveAllStudents RemoveCurrentStudent RemoveDocument Reorder ReportCard Reporting Reports RequestEdits Resume RightAlign RowAction RowOpen Save SaveAndBack SaveAndForward ScheduleBuilder School Search SecuritySmall Select Separator Settings Signature SignIn SignOut Speedometer SportsLink StarOutline StarShortcutMenu StarTenPoints StateReporting StudentAccess StudentGrades StudentSchedule StudentViewAll SubReport SuperUser TeacherAccess Text Ticket TileBrowse Time TimeOff Transfer Account

Protecting Student Data

The protection of student data received a welcome boost in awareness thanks to recent remarks from President Obama coinciding with his proposal of a new Student Digital Privacy Act in January. Unfortunately, some of the most important factors are often overlooked. Last year, we examined the difference between privacy and security and made some best practice recommendations for both... 

Ray Ackerlund

Chief Marketing Officer

An earlier version of the following article was originally published as a White Paper on the Skyward website in July, 2014. It was featured in EdTech Digest one month later. 


A Guide to Protecting Student Data

The breadth of data collection and use in school districts nationwide continues to expand at an exponential rate. In fact, more than 90% of districts today are electronically storing an extensive range of information, including student demographics, attendance, grades, test scores, and course enrollment histories. As a result, student privacy concerns are at an all-time high. The 2013 release of this Fordham Law National Study brought the importance of protecting data to the forefront of education news, leading to discussions both inside and outside the industry. 

While administrators have always been concerned about student information security, the increased awareness has ignited important conversations among all stakeholders – discussions that have already had a measurable impact on improving security measures, establishing guidelines for districts and service providers, and balancing the positive impact of student data use with privacy concerns. 
As a leading student information system provider serving more than five million students, Skyward has always placed a high priority on data secruity and privacy protection, beyond what is required under the Family Educational Rights and Privacy Act (FERPA) and the Children's Online Privacy Protection Act (COPPA).
This paper outlines the importance of data privacy and security in education, best practices for districts to follow, and an overview of Skyward's data protection protocols, which are designed to ensure that student data is used only for its intended purpose. The protection of data involves two elements: privacy and security. Privacy has been the main topic of recent discussions, but security is an equally important core element that has been at the heart of most recent data breaches throughout the country. 



Ensuring the privacy of student data at all levels of collection, use, and sharing is a complex challenge that every district faces. As access to student data becomes increasingly widespread, so does the risk of compromised data security. Maintaining a high level of privacy requires ongoing collaboration between districts and vendors.


District Efforts

  • Configure strict security access to ensure data use is consistent with FERPA requirements.
  • Ensure integration with third-party vendors is well defined and limited to the data they are authorized to access through written contracts and agreements.
  • Discuss the importance of data privacy with staff on a regular basis. Even simple reminders about physical security (i.e. stepping away from the computer) are critical.
  • Conduct routine security audits to ensure that all roles have proper security and staff are assigned to appropriate groups.
  • Establish a defined account management process to fully remove an employee's access to the network and application when he or she leaves the district.
  • Have a strong knowledge of FERPA and COPPA guidelines and know when it is appropriate to share student data and when it is necessary to otain consent.
  • Confirm that bckup policies include physical safeguards, such as storing copies of data in remote locations.
  • Clearly communicate data policies and usage with parents to maintain transparency.


Skyward Efforts

  • Provide extensive security functionality within the application to control which data is accessible, printable, or exportable, and to ensure that data management supports even the strictest district's data governance strategy.
  • Offer specialized options to provide data access that is user-friendly and easy to arrange and control.
  • Ensure data practices that validate data protection policies of third-party partners and include steps for approval and initialization by authorized district representatives.
  • Undergo procedures to ensure data is used only by authorized employees and that data is cleared upon completion of a project. 
  • Run routine security audits of the application and maintain internal procedures to ensure the latest industry standards are not only being met, but exceeded.



Security is an oft-overlooked aspect of privacy, but it is crucial to the sustainability of privacy practices. Each time a new story appears about the loss of personal information in the consumer market, the fault is typically attributed to improper management or malicious attacks on data systems. Without proper security measures, student data is always at risk.

Student data security may depend on whether the district chooses to use on-premise or cloud-based data storage solutions. The Fordham Law study focused heavily on cloud storage; however, it must be noted that security in cloud environments is dependent on the qualifications of the cloud service provider. 

Only a short time ago, on-premise storage was the most common approach. In the past five years, however, districts have increasingly opted to move their data to a cloud-based environment to save both time and money. We expect that trend to continue.

On-Premise Storage

Districts that choose to store their student information on-premise should follow these key steps to ensure data security:
  • Maintain physical security measures to protect network equipment. Include multi-step processes to access network centers such as server rooms and Storage Area Network (SAN). 
  • Establish separate network access points within buildings that limit student and guest exposure. 
  • Limit database administrator rights to a minimum number of staff - typically primary and secondary individuals.
  • Conduct routine security audits and network penetration testing to ensure that security measures meet current standards.
  • Establish a disaster recovery policy that protects data secured off-premise with the same level of protection dedicated to on-premise data. 
  • Monitor network traffic to detect and block any unusual activity.

Cloud Computing

Cloud computing is one of the fastest growing technology sectors. At the time the Fordham Law study was compiled, 95% of districts were relying on the cloud for a variety of functions, including data mining related to student performance, support for classroom activities, cafeteria payments, and transportation planning, among many others.

Districts that utilize cloud computing experience a host of benefits, from eliminating the cost of on-premise hosting and continuous hardware replacement, to enabling IT staff members to focus on other tasks besides system maintenance. The best cloud service providers also offer a significant upgrade in data security and privacy protection by controlling and monitoring direct database access at all times.

In the education industry, minimum requirements have not yet been standardized throughout much of the country and often vary from district to district. Cloud services are poorly understood and weakly governed, with only 25% of districts keeping parents informed about cloud services and as few as 20% having any documented policies for the use of online services, according to the Fordham Law findings. Often, the contractual requirements between district and service provider are outdated and incomplete. 

When selecting a student information system and a secure cloud computing provider, districts should ensure that the provider: 
  • Requires a single contract that includes all parties and defines up-to-date security requirements
  • Meets SSAE 16 Reporting on Controls standard as a bare minimum
  • Provides hardware updates and database management without hidden fees
  • Provides application updating and monitoring services
  • Maintains multiple data centers with redundant failover
  • Continually monitors industry standards to ensure that the latest protection and security recommendations are always being followed

The Skyward-ISCorp Solution

Skyward has partnered with ISCorp, a leading provider of cloud computing services with extensive experience supporting financial and governmental organizations. Together, the two organizations have provided cloud computing services for more than ten years and are now providing cloud services to 70% of Skyward's customer base.

ISCorp offers a secure, private cloud system specifically built for Skyward's products. ISCorp is annually certified to SSAE 16 industry standards. All employees receive background checks and are required to earn eight certifications in order to operate equipment. All of ISCorp's data servers are located on United States soil and the provider has no authority to own, use, or sell the data under any circumstances.

The spotlight on student data privacy is a positive one for the education community as a whole, and all of the individual schools and districts that it comprises. The ongoing discussions will help administrators strengthen internal procedures for the management and storage of student information while bringing more awareness to the students and families who are directly affected.

Skyward has established a data privacy standard that demonstrates its commitment to maintaining strict customer confidentiality. As security continues to develop and improve, Skyward will continue to strengthen its cloud computing offering, leading the industry by example and providing districts with cutting-edge services that offer administrators, students, and families nothing short of the best.


Additional Privacy and Security Resources

Protecting Privacy in Connected Learning Toolkit from CoSN

5 Key Steps to Safeguarding Student Data by Ray Ackerlund (published September 12, 2014 on eSchoolNews)

Big Data: Seizing Opportunities, Preserving Values from the Executive Office of the President (2014)


Recent articles