NIST Privacy Framework : Our Essential Data Protection Guide



10 Data Privacy Tips for College Students and Staff, Protecting Student Privacy

January 22, 2024

As colleges and universities plan for the future, remote learning is an option that will continue to be offered. This increases the risk of threats to private student data, which is federally regulated. IT administrators are responsible for making staff and students aware of the importance of protecting data and providing practices they can implement to keep it secure.

Educating Students and Staff on Remote Data Privacy Practices

With plans for remote education to stick around in some capacity, IT administrators can be assured that the time spent making numerous quick decisions and solving all sorts of remote learning problems in the last year was not in vain. It’s possible, however, that throughout all the chaos, stressing privacy and security to your staff and students may not have been a priority.

While data privacy is a top priority for you, remote employees and students are still new to the game. Because your college or university will undergo audits for PII (personally identifiable information) in the future, it’s imperative that everyone associated with your school follows all policies and regulations. Federal funding can be withdrawn for data privacy regulation non-compliance, which is a risk no school can afford to take.

Communicating Privacy Tips to Students and Staff

You understand the ins and outs of data privacy, but it’s possible that your students and staff do not. Because student data privacy is so important, you need to carefully craft your message in a way that’s understandable to everyone.

Here are five tips to help get the message about the importance of privacy across to staff and students:

  1. Be clear and direct. Your first line of communication should be an official email outlining the policy. Give clear guidance on how to handle sensitive data while working remotely—and, just as importantly—what not to do. Keep this email simple and scannable.
  2. Use social media. Staff and students often turn to their university’s official social media channels for information and announcements. Ensure you’re reaching this audience by creating several posts for each platform—Facebook, Twitter, and Instagram—that your social media manager can post.
  3. Get creative. You want staff and students to pay attention to your messages and social posts, so have some fun trying to capture their attention. Create a few funny videos and design some memes about privacy. The more interesting your posts are, the more likely that staff and students will share this content with friends. Ultimately, this will boost awareness around data privacy and the importance of preserving it.
  4. Remind early and often. Remote learning is here to stay, so you’ll need to regularly repeat your privacy message throughout the school year. As online classes become the standard for some students, they may revert to old habits and become lax about privacy.
  5. Provide next steps for questions or concerns. Staff and students may have a question about a specific situation or a concern about how a fellow student or employee handles sensitive data. Clearly state who should be contacted for help and provide that contact information. You should establish a dedicated support channel, such as an email, live chat, or phone number. Preferably, offer all three.

Implementing data privacy solutions

As providers of not only education, but healthcare and financial services, universities are responsible for highly sensitive data that’s regulated by federal laws. For example, the Health Insurance Portability and Accountability Act (HIPAA) protects personal health information and the Payment Card Industry Data Security Standard (PCI DSS) protects personal financial data. Thus, the platforms that allow staff and students to digitally access health records or make online payments with credit cards need to be HIPAA and PCI-compliant. Non-compliance, or worse, data breaches, can result in significant financial repercussions for universities.

Unfortunately, the shift to remote learning has made this sensitive data more vulnerable to breaches. Everyone must do their part to help keep that data safe, which is why we compiled the following list of staff and student data privacy tips.

  • Use a VPN for university-related tasks. Because university-related information must be secure, use a Virtual Private Network (VPN) every time you log in to your university email, server, or website. This service keeps information private and secure. Provide specific information about how to access and use the VPN.
  • Do not log in to unsecured networks, such as those offered by coffee shops or in public areas. Do not access any university-related information over a public internet connection. You should not send sensitive information over an internet connection that’s accessible by other people.
  • Limit backups of devices. Every time you back up your phone or computer, you create another version of the data on it. While occasional backups are necessary, each one creates more data to protect.
  • Use strong and unique passwords. Make sure that all of your university-related passwords include letters, numbers, and special characters. We also recommend using both lower- and upper-case letters. If you are using the same password for other accounts, now is a good time to create a unique password.
  • Do not click on suspicious links or download files from unknown sources. Hackers and scammers often employ fake or phishing emails that mimic real companies’ messages and the types of campaigns you are likely to open. If you are unsure about an email, especially one with an external link or attachment, double-check the sender before clicking or downloading.

Understanding the bigger picture of student data protection

By taking the time to carefully communicate with staff and students the importance of protecting private data, you can minimize the threat of breaches and unauthorized access.

Remote learning comes with new processes that can overload staff and students with information. Be sure to provide regular reminders of privacy processes. As processes and needs change, be sure to consider privacy at every decision point along the way. By protecting sensitive information consistently, your institution can avoid costly data privacy risks.

Spirion’s software can discover and classify data in your complete landscape, including every endpoint. Find and protect sensitive structured and unstructured data across your environment—even when staff and students are working and learning remotely. Click here to learn more.