Sam also has a car, three credit cards, and a 30 year fixed mortgage for his home on the beach. For more and more kids across the country – and their parents – cases of child identity theft are becoming an all too common reality.
According to a study by Carnegie Mellon University’s CyLab, children are 51 times more likely to be a victim of identity theft than adults. Largely unmonitored and a virtual clean slate, young people’s data is considered highly valuable in the online black market, prompting nefarious actors to focus where the data resides.
While there is no question that student records collected by schools can be incredibly helpful in improving the educational experience for students and managing the entire educational ecosystem, there are real and explicit risks associated with amassing vast amounts of highly valuable data. Schools are entrusted with sensitive personal information – social security numbers, home addresses, birth dates and more – that if lost or compromised could cause significant harm.
In the digital information age, when virtually every aspect of our daily lives is supported in some way by the collection or exchange of data, privacy and security have become inextricably linked. In this reality, protecting children’s data becomes a shared responsibility for the two institutions children trust the most: schools and parents.
Even when school districts work with vendors following the letter of the law regarding privacy – that is, those who do not share students’ data with unapproved third parties –data can still be lost in a security breach, creating a privacy violation. A 2015 ESET/National Cyber Security Alliance (NCSA) study on the state of security in American homes found that 1 in 5 households have received notification from a school that their child’s (or children’s) information had been compromised in a data breach. It also revealed that only 61 percent of parents were confident that their child's (or children’s) personal data generated and collected at school is being protected.
At home, parents – just like teachers and school administrators – are struggling to establish the right rules and values around privacy and security.
The same ESET/NCSA study found that although 61 percent of American parents felt highly confident they knew what their kids were doing online. However, most failed to establish a basic, viable set of rules that would protect their children and their data online. Only 40 percent disallowed password sharing and an even lower number (31 percent) limited the kind of personal information shareable on social networks. It’s not all bad though. More than 75 percent of parents have had a “talk” with their kids about using the Internet safely and securely. Still, much needs to be done.
To better protect and secure all children/student’s data, here are four suggested assignments for schools and parents to consider:
For Schools:
- If you collect it, protect it. Follow reasonable security measures and best practices to keep students’ personal information safe from inappropriate and unauthorized access.
- Be open and honest to parents about how you collect, use and share student’s personal information. Think about how parents expect their children’s data to be used.
- Create a culture of privacy and security. Explain to and educate employees about the importance and impact of protecting student and employee information as well as the role they play in keeping it safe.
- Conduct due diligence and maintain oversight of partners and vendors. Make sure you understand what privacy means to them and the steps they take to achieve and maintain privacy.
For Parents:
- Treat personal info like money. Value it. Protect it. Be thoughtful about who gets your child’s (or children’s) information and how it’s collected through apps and websites.
- Be aware of what’s being shared. Set the privacy and security settings on web services and devices to your comfort level for information sharing. It’s OK to limit how and with whom your child (or children) can share information.
- Share with care. Think before posting about your child (or children) online. “Over-sharenting” is common mistake many parents make. Consider what it reveals, who might see it and how it could be used or perceived now and in the future
- Keep a clean machine. Keep all software, operating systems (mobile and PC) and apps – including your children’s – up to date to protect data loss from infections and malware.
As Internet savvy as kids are these days, we tend to assume that being digital natives make them experts on staying secure or protecting their privacy. It doesn’t. Protecting children’s data – wherever it resides – will take a collaborative effort between schools and parents.
About the Author:
Michael Kaiser is the Executive Director of the National Cyber Security Alliance. The organization leads efforts for Data Privacy Day – January 28 – in the US and Canada and co-sponsors the annual National Cyber Security Awareness Month with the Department of Homeland Security in October.