Open a newspaper or your home page and you’ll see dozens of stories about data misuse, like this parent who faces felony charges for changing her children’s grades or this student who posted thousands of student records on an anonymous online forum. These security breaches should be anticipated and guarded against, but sometimes the question lies in not who got into your network, but what information you’re keeping.
A Timely Question
Certain information needs to be saved electronically in designated servers and systems, but which data you should keep in the first place has become the subject of heated debate. Awarded public school principal Carol Burris recently had a blog post published in the Washington Post about the controversial decision to have students’ truancy and suspension records uploaded to New York State Educational Department’s “inBloom” cloud database via their EngageNY Portal. According to the official EngageNY Portal site, the data is necessary to “support improved instruction and student learning outcomes,” while opponents argue that it’s a gross breach of privacy.
“There is simply no justifiable reason for a state education department to know whether an individual student was ever suspended,” Burris writes. Combined with other states’ concerns over inBloom’s security, her argument to decrease the amount of sensitive information contained online is timely, at the very least.
Collecting sensitive and (occasionally) subjective information is often necessary for your school to operate smoothly. ISM believes these items should not be kept any longer than necessary, with access to that data restricted on a need-to-know basis. Your official schoolwide policy must regulate purges of unneeded information. But as we firmly settle into the Information Age, record keeping can very easily turn into record-hoarding.
Case Study
One adjunct recently reminisced about a private-independent school she’d heard about during a workshop. It collected teacher evaluations during its admission process, with the stipulation that all such documents will be destroyed once final decisions are made. All portions of a prospective student’s application (including the evaluations) were reviewed, with the student’s privacy maintained with specific information shared only with the appropriate team members. Acceptances and rejections were mailed, electronic student files were archived in the school’s computer system, and the year continued on.
Shortly after the letters were sent, a couple entered the Admission Office, demanding to speak with the director to ask why their child was not accepted. In an effort to promote transparency, the director read over part of the child’s archived file and found that the child’s previous teacher had written a blunt evaluation for officials’ eyes only—with a destruction date clearly marked on the bottom—which had led the selection committee to decide the child was not well-suited for the school.
The Admission Director gently shared this information with the couple, who left to confront the teacher who wrote the evaluation (“You’re the reason my son didn’t get into XYZ Academy!”), shocking him that the evaluation was ever shared with the parents (and that the document still existed at all). The teacher told his Division Head about the revelation, who then shared it with the School Head and the Trustee Board.
All of this lead to a lawsuit by the school district against the private-independent school for sharing confidential information. The expenses were so astronomically high, the private school declared bankruptcy and closed its doors.
The Moral of the Story
In sharing this case study, we want to draw attention to the fact that the Admission Director had direct access to such records. If the records had been purged per school policy and the agreement on the bottom of the page, the lawsuit never could have happened. It’s not just the Admission Office at risk, either—from faculty to Trustees, everyone has archived sensitive information that needs to be addressed and periodically disposed of. Even e-mail chains should be monitored as sources of subjective information.
Certain data in the wrong situation could condemn your school to a dark hole of lawsuits and bad publicity from which it will never emerge. Selective data retention protects everyone from lawsuits and bad judgment, so it’s time for that policy to be more than just a line in the handbook.
Think about what your school has kept longer than it should. How does your school handle the disposal of sensitive paper and electronic documents? Do you have some sort of “shredding party” atmosphere every year? Tell us in the comment section!
Additional ISM resources:
ISM Monthly Update for Development Directors Vol. 8 No. 2 Guidelines for Maintaining Your Gift Documentation Records
Additional ISM resources for Gold Consortium members:
I&P Vol. 32 No. 10 Records Retention in the Admission Office
I&P Vol. 38 No. 3 Maintain Personnel Records Diligently to Protect Your School