1. SECURE DATA TRANSFER Melvin Freeman The Next Step Public Charter School

2. OBJECTIVE  Readers WBAT identify the best solution to securely transfer school data and develop internal policies for their organizations.

3. PROTECTING SENSITIVE DATA  As schools continue to collect larger amounts of data on students it is important that they take the proper precautions when sending that data to other parties  Sensitive data includes  Personally Identifiable Information (PII)  Name  Social Security Number  Special Education Data

4. EMAIL  Email is one of the most common tools for data transfer  Sending spreadsheets  Sending information in the subject body of email  Interception of emails and email hacking does happen  Using spam or phishing to get login and other information  It’s generally safe practice to take the following precautions  Don’t send sensitive data in the body of emails that can be tied to a specific student (use initials or internal IDs to refer to students)  Password protect attachments if possible; send the password in a separate email

5. SHARED FILES/FOLDERS  Using shared drives has become a very common tool for sharing data (especially for internal sharing)  Cloud based sharing: Google Drive, Dropbox  Network drives on onsite servers  Sharing settings will determine how secure  Sharing settings can be set to public, anyone in the organization, specific people or private  Sensitive data should only be viewable by those who need to see it and explicit permission to see it as defined by internal data sharing policy

6. FILE TRANSFER PROTOCOL (FTP)  Used for transferring computer files  This protocol has a server-client architecture where files are stored on the server and any number of clients/users have access to add, edit, or delete files  Allows users to send files over a secure data connection  IP restrictions  Use SSH protocol for secure transfer  More secure than email and file sharing  FileZilla is a great free tool for sending data securely

7. DEVELOP INTERNAL POLICY/PROCEDURE  Schools should all develop policies for sending data to  Coworkers within the School  Districts or State Education Agencies  Other schools  Community Based Organizations  Families  In addition to policies your organization should consider mechanisms for audit data transfer to ensure policies are being met

8. WHAT’S APPROPRIATE?  The appropriate tool will depend on the organizations appetite for security risk and budget  Organizations can invest huge sums of money into data security but hackers are typically after very specific targets with valuable data  Most of the data exchanged in schools does not have great value  For legal and compliance protection, certain data should be treated as if it does have that great value and proper security measures should be taken