Security Best Practices

This section provides best practice resources related to data security issues. These materials have been designed to help education stakeholders, such as state and local educational agencies, the postsecondary community, and other parties responsible for safeguarding student records, to improve protection of student records in their care.

Guidance and Best Practices

Data Breach Scenario Trainings

The Data Breach Scenario Trainings are a series of packaged trainings developed by the Privacy Technical Assistance Center, designed to help educational organizations at all levels conduct internal staff development on data breaches. Each scenario has been developed into a training package, providing ready-to-use resources for the scenario leader(s) and participants.

Guidance and Best Practices

Best Practices for Data Destruction

The Data Destruction Document is a best practices guide on properly destroying sensitive student data after it is no longer needed.  It details the life cycle of data and discusses various legal requirements relating to the destruction of data under FERPA, and examines a variety of methods for properly destroying data.  The guide also discusses best practices for data destruction and provides some real-world examples of how to implement it within your organization.

Letters

Cyber Advisory - New Type of Cyber Extortion / Threat Attack

Schools have long been targets for cyber thieves and criminals.  We are writing to let you know of a new threat, where the criminals are seeking to extort money from school districts and other educational institutions on the threat of releasing sensitive data from student records.  In some cases, this has included threats of violence, shaming, or bullying the children unless payment is received.

Guidance and Best Practices

Data Breach Response Training Kit

Any organization with electronic records is vulnerable to security breaches, and education agencies are no exception. The PTAC Data Breach Scenario is one of a series of exercises intended to assist schools, districts, and other educational organizations with internal data security training.

The Password Data Breach interactive exercise is aimed at district management and provides a simulated response to a district-level data breach. Over the course of 1-2 hours, this customizable exercise leads participants through a scenario involving a breach of student information and other personally identifiable information. The exercise focuses on the processes, procedures, and skills needed to respond. The package includes three parts: Facilitator’s Guide, PowerPoint Slides, and Exercise Handouts.