Why Students Are at Data Breach Risk (and How to Protect Them)

As schools have embraced new technologies, security and privacy have become more important concerns. Schools now store and share many types of student data on digital platforms, and student data privacy laws have yet to adapt to these new environments. Teachers and other education professionals must go beyond these regulations to keep student data secure.

Here’s why student data is so important, and why it’s still under threat.

How student data is at risk

IBM ranks education in the top 10 sectors most targeted by cybercrime for two main reasons.

First, the industry holds a wealth of sensitive information. School systems contain several types of student data, such as names, addresses, birthdays, and financial information, which hackers could hold for ransom or use to perform other attacks.

Second, schools are often vulnerable. The popularity of distance learning platforms and similar digital solutions is relatively new, so the industry has yet to adapt to the unique security issues of these technologies. These solutions mean that all of this sensitive data is now available online if hackers can bypass schools’ defenses, which are often lacking.

The 2022 Illuminating the Violation of Education highlights these risks. Attackers gained access to the information of 820,000 current and former students by hacking into a grade and attendance tracking solution.

USE VIDEO OF THE DAY

How does FERPA and other laws protect student data privacy?

Protecting students’ privacy rights at school also has legal implications. The Family Educational Rights and Privacy Protection Act (FERPA) requires schools to obtain parental permission before sharing student records, among other rights. While FERPA originated in the 1970s, these restrictions could apply to cybersecurity.

Poor security resulting in a data breach could lead to legal issues for schools under FERPA or similar laws. However, many of these regulations focus on schools invading student privacy, not protecting against outside cyberthreats. As a result, they often lack specific or up-to-date advice on reducing cybersecurity risks.


Some state student data privacy laws set more modern standards. For example, California and Illinois limit the sharing of student data with tech companies, and Texas requires a formal cybersecurity plan. However, until the United States has more comprehensive national data privacy laws, schools should go beyond existing regulations.

How can teachers protect students’ privacy rights?

Teachers can do a lot to protect student data sets. Teachers should learn more about cybersecurity, including the relevant risks and the most effective measures against them. Professional development is key to creating opportunities from challenges, and cybersecurity is no different.

Next, they should aim to minimize the data they collect and share. This includes reading the software’s terms of use and data permissions before using them to ensure they don’t collect more information than necessary. This will help comply with FERPA and other student data privacy laws.


Since teachers have access to so many types of student data, they also need to protect their accounts. They must use strong and unique passwords on any account with access to sensitive information. Enabling multi-factor authentication (MFA) adds another layer of protection.

While more than 90 percent of K-12 schools use cloud computing, half do not have a cloud security platform. Teachers should counter this trend by advocating for their schools to use cloud security software, emphasizing its importance in keeping student data safe. Likewise, schools should use reliable anti-malware software and update it regularly.

Teachers and their school systems should also embrace transparency. Before using digital platforms and before each school year, they must inform parents of the potential risks and benefits of the data. Parents should also be able to ask teachers not to use these solutions for their children if they feel it is unsafe.


Schools must respect the privacy of student data

Student data security goes beyond FERPA and other laws. While these student data privacy laws provide a solid foundation for what schools should and shouldn’t allow, they fall short of today’s cybersecurity needs. Teachers and other education professionals should set higher standards to keep student data secure.

When schools protect the privacy of student data, they avoid legal complications and prevent further damage from cyberattacks. If they apply these steps, they can use new technologies safely, meeting the educational needs of students without sacrificing privacy.

Comments are closed.