If you've been following along with the blog, you're probably aware of the work we've been doing with HB 1612/RSA 189:66. It's a bit of privacy legislation developed to help schools (public and private) protect their students' Personal Identifiable Information (PII) data.
One of the people we've been working relatively closely with has been Neal Richardson, the Director of Technology from the Hillsboro-Deering School District. He's a CISSP, a trusted voice in the education community, and a good friend of Security7 Networks. He was the perfect target for me to torture for information...I mean...talk to.
As it turns out, HB 1612/RSA 189:66, at least for the time being, has stalled. Most of the bill's sponsors have since left office (or been voted out) and what with Covid-19, there are bigger fish to fry for both the state and the school districts.
"We've definitely learned some valuable lessons from the process," Richardson said with a laugh. "Especially with what's going on with the pandemic and all of our student remote learning from home."
Richardson said that protecting student PII data during the Covid Crisis has been much more challenging, especially with the amount of "free" software being made available to educators.
"A lot of vendors have opened up their software suite until the 30th of June and it's been an interesting experience trying to vet it all," Richardson said. "Unfortunately, oftentimes, this is software that as a district, as an organization, financially afford, or that we'd ever approve the use of, and now we've got a lot of educators that going down that rabbit hole and it's presenting a problem."
Richardson wouldn't give me a list of what software suites his district is currently having an issue with, due to any potential security concerns (which is understandable) but a quick Google easily showed the severity of the issue.
"So now, you've got all of these vendors out there, trying to help ultimately, but they're really only making the situation worse when it comes to trying to protect student PII data," Richardson said. "For example, if we've got 300 teachers out in the wild working from home, we've potentially got 300 instances of different, FREE learning platforms in use. None of them approved, none of them sanctioned.
"So for each platform, if they're not using the same ones, they're collecting PII data from each student when the student registers on their end. Best case scenario is these platforms only collect an email address, but a lot of them are asking for an email address, a name, class information, what town the student's in.
"That's a lot of sensitive data that's being collected and trying to mitigate that risk has been interesting," Ricardson said.
Richardson said he and the rest of the leadership team are doing their best to get messaging out to the educators and inform them of the State laws that are in place (RSA 189:66/HB 1612) to protect students' sensitive information, as well reinforcing the fact that the district has no intention to purchase any of these software suites at this time, let alone in the future.
"I understand the difficulty the educators are facing," Richardson said. "You know, with what's going on you've got a lot of people out there who are trying to do a job they weren't necessarily prepared for (working from home and educating students remotely), and now they think we're trying to take away the resources they've been given by these companies."
"Ultimately, you know, that's tough. It's tough. But these resources aren't resources they had to begin with and we've got to make use of what we've been given," Richardson said. "That's not an ideal situation for anybody."
On top of the messaging that's been sent out to educators, Richardson says leadership has been trying to educate older students about the dangers they're facing using these programs.
"I've started to send out reminders to the high school students and teach them how to spot a phishing email, to raise awareness" Richardson said. "And that's difficult too, there's been mixed success with it."
As for the future, and what might be next, Richardson said that was still up in the air.
"Our main goal is to finish out the year, especially now that schools all over the country are closing for the duration of the time left," Richardson said. "But leadership is aware and we have been looking into what's next."
One of those things the district has been talking about is plan ahead and build out lesson plans now on the (hopefully off chance) that the stay at home orders last until into the NEW school year, or if Covid-19 rears its head again next winter.
"That's so far off in the future though," Richardson said. "So one hurdle at a time."
Beyond the Covid-19 issues, Richardson said things are going along as they ever would.
"We're still looking at content filtering," he said. "We're still doing all the things a district would normally do to make sure the infrastructure is protected. Just because our teachers and staff are out of the building we're still maintaining things. We know they're coming back...eventually."
"One of the interesting things is to see the inbound traffic coming in, especially now that we have little to no outbound traffic going out," he said. "So it's been pretty interesting seeing what's going on with that."
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.