|
Introduction |
Nowadays, organizations are required to adhere to email archiving compliance legislation, and educational institutions are no exception. From the compliance perspective, running a school is like running a business. Any breach of regulations can have serious consequences for your educational institution, including fines, penalties and reputation damage.
When it comes to digital data archiving and compliance, things seem to get even more complicated for schools, universities and other educational institutions. The line between using email, social media and instant messaging in and out of the classroom has blurred, and with several relations in the equation (student ‒ student, teacher ‒ student, teacher ‒ parent, teacher ‒ teacher), it’s not surprising that the regulatory landscape in the educational sector has become increasingly difficult to navigate.
This eBook outlines the issues that schools, school districts, universities and other educational institutions face in relation to regulatory compliance, eDiscovery, data security and student safety. It also demonstrates how email archiving is the single most effective tool which allows you to successfully capture the elusive digital data and meet various challenges that come up in your sector.
|
Mapping the Challenges in the Education Sector |
Compliance
Organizations now need to follow various compliance laws and strict regulations which govern how and where they should store their digital information. Educational institutions, just like other organizations, increasingly rely on digital communication technologies for their day-to-day operation. However, unlike other highly regulated industries, schools can fall under a number of different categories, which further complicates the compliance picture in educational institutions.
Almost 90% of daily communication relies on email as the main communication channel, closely followed by unsecured instant messages.
Here’s a list of the relevant regulations that govern retention, storage and accessibility of all digital communications:
1. The Freedom of Information Act (FOIA) and State Sunshine Laws
According to FOIA, public schools, colleges, universities and other government agencies must make available all records, including those in the electronic format (email, IM, social media). Freedom of Information Laws (commonly known as Sunshine Laws) are state laws very similar to FOIA and entail that the school must produce the requested information.
Similar laws have been enacted worldwide. In Canada, for instance, there’s the Freedom of Information Protection and Privacy Act (FIPPA). Given that schools inevitably collect a lot of personal and health information, this law makes them responsible for “ensuring compliance with all access to information and protection of privacy requirements”. Schools are required to keep complete student files and grades for 10 and 30 years, respectively.
2. Family Education Rights and Privacy Act (FERPA)
This federal law governs the access to educational information and records and may apply to electronic communication. FERPA gives parents access to their children’s education records. After the student reaches the age of 18, their consent is mandatory before their education records can be accessed, inspected and reviewed. FERPA is applicable to all public K-12 school districts and all post-secondary institutions.
3. The Health Insurance Portability and Accountability Act (HIPAA)
Although HIPAA regulates the way healthcare workers handle protected health information and medical records, we now have medicare on school campuses. Schools often provide services such as counseling, vaccination or administration of prescription drugs. This means that schools which possess sensitive health information must ensure full compliance with HIPAA.
4. Gramm-Leach Bliley (GLBA)
Given that GLBA is the federal act which regulates the security and privacy of personal financial information, many educators believe that it is limited solely to financial institutions. However, if a school issues loans to students or personnel or provides financial counseling to donors, it may be considered a financial institution. The process is much more straightforward in higher education, as colleges and universities regularly engage in lending and providing financial advisory services. When it comes to K-12 schools, it is necessary to conduct assessment to evaluate whether their activities fall under GLBA. Still, all schools are required to make sure that their students’ financial aid records and all other sensitive information are kept secure and confidential.
eDiscovery
If a school becomes implicated in a lawsuit, federal agencies, courts or attorneys might request electronically stored information relevant to the case. Until recently, a vast majority of schools stored their data on tapes, which means that administrators and the IT team have to organize extensive searches in order to produce the requested information in a timely manner.
A recent survey by Osterman Research found that the time needed to respond to an eDiscovery request can exceed 24 hours. Can your organization afford that amount of time?
The biggest hurdle that schools face here is that electronic information can be located anywhere – on the school’s email server, in PST files, on backup tapes, or, in the worst-case scenario, on somebody’s personal device? Traditional backup methods are prone to errors and failures which might result in data loss or corruption. Looking for particular data manually is like looking for a needle in a haystack. If you fail to provide the requested information, you might be found guilty of evidence spoliation, face colossal fines or even lose federal funding.
Storage Concerns
Public schools use email and electronic documentation on a daily basis, just like the rest of the business world today. Traditionally, all electronic records were backed up on unreliable media such as tapes or the school’s primary server. Backup, however, proves insufficient if your IT administrators need to retrieve particular data from an email conversation spanning months.
Sending large files means we need more storage space. The average email storage requirement now equals 30MB per user per day.
The blizzard of email and text messages exchanged daily might be clogging your school servers, and this can reduce storage capacities and result in an impaired performance. In case of crashes or system failure, important or confidential student or staff-related data might not be fully recoverable and you’ll spend a considerable amount of time and money on retrieving them safely and in a timely manner.
Limited Resources
Unlike businesses and other organizations, public schools receive limited federal and state funding, and investing into an email archiving appliance might seem like a costly venture. Many organizations opt for non-compliance simply in order to avoid the cost of establishing a digital data archive.
In 31 US states, total state funding per student has been decreasing steadily since 2008. In 15 states, the cuts exceed 10 percent.
However, the shortsightedness of such a decision comes with a cost – this time literally. Countless companies and educational institutions have lost thousands of dollars due to their lack of compliance, not to mention the loss of time and reputation that they inevitably face in such situations.
BYOD (Bring Your Own Device)
Schools, colleges and universities were the first organizations to fully and enthusiastically embrace the BYOD trend. In today’s world dominated by portable computers, tablets and smart mobile devices, the advantages are obvious: both teachers and students feel more comfortable working on their own, familiar devices and the whole idea offers unparalleled convenience. So what’s the problem with giving a presentation from your personal device or texting your students about the next drama class meeting via your own phone?
Personally-owned mobile devices are changing the education experience. With changes come new challenges.
The results of the “Impact of BYOD on Education” survey have shown that 52% of schools integrate personal devices into classroom experience, while 27% allow open access to their school network despite going against network security best practices.
There are numerous concerns regarding the security of these devices. Bringing in new devices into your network could increase the risk of data leakage, especially via email. Moreover, you might go on a delete spree while cleaning your inbox and unwittingly delete a thread, a post or a text message that could be considered important evidence in case of Discover.
Cyber Bullying
Educational institutions and school boards are now faced with a pressing challenge of taking care of students and ensuring their safety both inside and outside the classroom. Cyber harassment ‒ bullying using electronic forms of contact ‒ includes posting rumors, threats, hate speech, stalking or disclosing victim’s personal information and is on the rise among teenagers.
According to research by Pew Research Center, 71% of teenagers aged 13-17 use Facebook every day, while 52% and 41% use Instagram and Snapchat, respectively. 42% of teenagers with tech access have been cyberbullied.
To ensure student safety, a lot of legislation has been enacted since 2006 and the majority of US states now have harassment laws that explicitly include electronic forms of communication. Educators are now required to monitor internet browsing and use social media monitoring in order to keep students safe and prevent liability issues for the school or university.
Staff Ignorance or Unawareness
School staff are often intimidated by the word compliance. According to recent research conducted at the Faculty of Education, Vancouver Island University in BC, Canada, a large number of public school educators use both email and social media for teaching and communicating to students and other staff, but are completely ignorant that they need to comply with regulations such as FIPPA. Many teachers may be using social media (e.g. for communicating to students about a project in Facebook groups) without the knowledge of the employer.
“Why didn’t anyone tell us that we need to comply with so many regulations?”
Another group of educators, whose habits the authors refers to as “knowledgeable non-compliance” are clearly aware of the regulations and their implications, but seem to think that the law is optional. They believe that legal requirements are “too much work” or are uncertain about how to effectively meet them. Unfortunately, this doesn’t make a valid excuse in court. In other words, not being aware of regulations is never an excuse for non-compliance.
|
Respond to Challenges with Email Archiving |
1.Ensure Full Compliance and Improve Cost-Effectiveness
The regulatory environment is, without a doubt, the primary driver behind the adoption of email archiving solutions in all organizations, including schools and other educational institutions. Federal rules and data protection legislation now mandate that school districts and universities adopt email archiving as part of their data compliance duties.
Email archiving has evolved. It now includes other forms of electronic communication. Many organizations are aware of archiving emails, but only 2-7% archive social media and mobile. -Osterman Research
The first step towards full compliance is to conduct an assessment and check which specific regulations apply to you. This first stage is the most demanding and time-consuming, but it’s worth the effort. Email archiving can solve your compliance worries by letting you retain the necessary communication data in a secure “vault” for a specified period of time. There’s no point in ignoring the laws and regulations or trying to save money. Make sure you include a comprehensive, automatic email archiving solution into this year’s budget and remember that it’s a one-time investment with a minimal maintenance fee.
2. Enable Seamless eDiscovery
Managing electronic information can be a demanding task, especially when you deal with somebody’s entire education history and hundreds of student records. Secure storage of such data is mandatory for all educational institutions. In legal discovery, a school might be required to deliver specific information in a very short time frame. Email archiving allows you to do this easily and in a matter of minutes. Restoring data from tapes takes forever and costs a fortune.
Archived digital data is readily accessible, traceable and retrievable.
Email archiving is often neglected because of the misconception that it is too complicated and expensive. In reality, the costs of a possible lawsuit can far exceed the costs of investing into digital archiving. Don’t risk costly searches with an already limited funding and keep in mind that an archive can actually be a lifesaver in case a lawsuit comes up.
3. Solve Storage Problems
Given the growing number of emails and the size of attachments, your school IT administrators might soon need additional storage space on the server. People who bring their own devices put additional pressure onto your server.
Advanced archiving solutions compress each email before it is archived, which results in up to 50% savings of storage space.
Email archiving offers clear advantages – deduplicated, compressed, single copies of emails and other digital data are stored in a central repository together with all their metadata, searchable by using various criteria and keywords. It solves your storage problems, keeps data at users’ fingertips and vastly improves their ability to access, organize and use information.
4. Keep Students and Staff Safe
Schools are places that constantly buzz with activity, both physically and digitally. Teachers typically bring their own mobile devices to school and communicate to other staff, students or parents via mobile. Students use apps, social networks and IM for everything from gossip to collaborating on school projects. You need to have oversight of this beehive. Mobile communications and social media are now viewed the same as email and need to be archived accordingly.
Invite your staff – the administrative team, teachers, IT administrators and the school board to join forces and create a communication policy which would clearly define the appropriate use of all electronic communication channels. Educate your staff and get them to educate the students. Provide strict guidelines and enforce the policy among staff.
58% of school kids have not told anyone about being bullied online. With an effective archiving tool, your school will be able to solve this problem before it escalates.
Here’s what you can do: if teachers use their own devices, they should create dual persona. This form of mobile application management separates user’s corporate and personal data, which allows schools to have control and archive an employee’s digital communication without infringing on their right to privacy. On the other hand, if your staff use school-issued mobile devices, they should be aware that they are expected to use them exclusively for official communication and that their online activities will be archived.
In addition, a good email archiving tool enables responsible persons to monitor students’ and teachers’ online presence and react proactively in order to prevent instances of misconduct, cyber bullying and harassment. This ultimately comes down to monitoring communication generated by students and staff for legal or staff management reasons.
People tend to be very sensitive when it comes to monitoring or having their online space invaded. This is why it’s crucial to educate your staff and students about the regulations, to teach them how to use the Internet responsibly on school grounds and inform them about the potential dangers and repercussions associated with its misuse. Make sure you put advantages into focus and explain the bigger picture. Digital data archiving and monitoring social media posts and comments will allow you to react to abusive content or inappropriate messages and prevent all forms of online bullying and harassment.
|
Conclusion |
Complying with various policies and responding to eDiscovery requests was once a daunting task. Email archiving systems not only facilitate compliance and legal discovery, but also provide invaluable support in terms of security breaches, storage space and student safety.
Adopting and starting to rip the benefits of your archiving solution is a process which can’t happen overnight. Be prepared to invest some time to explore the regulations pertaining to the education sector and make sure you create a clear communication and retention policy. And finally, make sure your staff and students understand that email archiving is a powerful tool which does not only keep you compliant, eDiscovery-ready and help to prevent lawsuits and scandals, but also protects school personnel and students from dangers associated with email and social media misuse.
To learn how to implement an archiving solution in the education sector and for a more detailed presentation of its key features, contact us or schedule a personal demo.