What is a Data Privacy Officer?

Data breaches and privacy scandals have made parents more aware of their students' data privacy rights and more concerned with how student data is used in the classroom and beyond.
 
The Data Privacy Officer (DPO) responsibilities revolve around ensuring our school district is compliant with data privacy laws from the State and Federal Government, addressing data privacy requirements early on in new technologies, and enabling data as a tool to be used for instruction. 
 
Unlike cybersecurity as a whole, Data Privacy is concerned with the collection, storage, and uses of data.  This includes not only the data we collect, store, and share from our students, but data that is collected, stored, and shared via third-party resources.
 
For example, a 2012 survey conducted by Pew Research Center reported that 93% of parents were uncomfortable with their child's internet usage being tracked by advertisers while utilizing school-owned devices.  Our job, in the Office of Technology and Learning, is to be aware of these trends and to follow best practices for the protection of student data.

Julie Bowles, DPO

Data Privacy Officer - Julie Bowles
Julie Bowles
Student Data Administrator
& Data Privacy Officer

An Interview with the DPO

What is your technology background?  How did you get started in this field?

I have a personal interest in technology dating back many years.  I love a challenge and am mostly self-taught on PCs.  Since that time, I have taken a few courses to help boost my knowledge but a lot of it started with the “school of hard knocks!”   My first computer experience was when I was a member of the United States Air Force in England.  The computer then used only DOS.  I was the only one in the office who could use it after I figured out how to make it print my reports by filling in the blanks.  Later while stationed in Washington state, my father, in Virginia, sent me the pieces to put together my own personal computer.  I completed this but there were a few times I had to call him with questions.  Over the phone he would describe how to place pieces in the motherboard such as the memory.  Back then I used something called PC Tools as Windows was not available as it is now.  I learned how to do the basic things on this first PC.  I started working in CH in 1985, part time.  When offered a chance to work as a full time paraprofessional in the ESCE program at North that next year, I was excited.  It was in this classroom that I first experienced a MAC.  The teacher in the room at the time was not that familiar with the machine nor the operating system.  I taught myself and learned how to operate it and install programs.  I helped the students in that room use those programs.  From there I went to a full time technology paraprofessional at North.  I have worked at the HS and then as part of the divisional tech team before moving to the data side of the house.
 

What made you interested in security/data privacy? Has there been any particular event or action that drives you?

Data privacy has been a concern of mine for many years.  Recent news of all of the data breaches have made me sit up and take notice of my digital footprint.  When I found out that once data is created on the internet it never goes away, I was fascinated and a little more cautious.
 

What do you think is the biggest cybersecurity threat to K-12 schools?

One large threat I see now for us as a school division are phishing scams or other targeted attacks using email as a way to gain the confidence of our users.  We send our students’ and our faculty data to many places including to each other.  Sometimes, we do this without even thinking about what the vendor or learning partner is going to do with that data.  Just because someone asks for our student data doesn’t mean we need to send it or that we should send it with all the data they request.  If someone needs a birthdate, or other personal information of our staff or students, we should ask why.  Recent breaches led me to remove all SSN from our Student Information System.  Students are particularly vulnerable to data breaches as they do not yet have financial obligations that they regularly follow.  Someone could open a credit card in their name and they might not find out until they become older and try to open their own line of credit or credit card.  By then, they could be in deep debt!
 

How do you stay aware of current trends and news topics in cybersecurity?

I take every opportunity to stay on top of trends and laws where data privacy is concerned.  I read articles & books on the subject and follow other school divisions in VA and around the country to see what issues they face, how they handle them and solutions they have found that work.  There are many governmental, educational and general websites that also have great resources.  I have studied FERPA, COPPA and CIPA extensively but have much more work to do.  I also attend meetings & workshops with other professionals that discuss student data privacy.
 

What initiatives does the school division need to be focused on this year? 

This school year, our division will be doing a lot of the groundwork for our privacy program.  Gathering the resources and knowledge necessary for us to put together a comprehensive data privacy program.  We will be developing web pages that will both inform and educate our staff, students and parent as well as interested stakeholders.  Basic policies will need to be drafted so that we will have a starting point and a shared communication tool for all.

How do you handle cybersecurity in your personal life?  Can you provide examples?

I am perhaps a little more reserved than others when it comes to technology in my private life.  For example, I do not use online banking on my phone.  Neither does my husband.  I prefer to use a desktop PC that while connected to the internet, it is not likely to be stolen like my phone might be.  I do protect my phone with a security code though.  Take a look at your phone.  When you look at it closely, you can sometimes see the pattern you draw on the screen if you use that as your unlock method.  How easy would it be for someone to replicate that?  A 4-digit pin code could be better but a 6 to 8-digit code is even better.  Some may say I am not using my phone to its full potential as most cell phones now a days are in fact mini computers.  I feel safer this way. In today’s society where you hear almost every day about a data breech, it is sometimes the little things that will help you feel more secure about your personal data.  At work, I use two factor authentication.  I started this when I was an admin for the Google email system.  If someone had access to my password, there could have been much damage done.  With two factor authentication, even if you have my password, you could not gain access to my information without the other data.  I still use this to this day and do so wherever possible both at work and at home.

What are three things that staff could do right this moment to increase their cybersecurity posture?

At work now, there are three things you can do to help you and your students data stay protected and private.  Do not direct students to use websites where they have to enter personal data such as their email addresses, whole names and/or their birthdates.  Lock your laptop when you are not sitting directly in front of it.  If you leave it unlocked, ANYONE could come along and change grades or send an email in your name.   Create a password that is more like a phrase instead of someone in your family or your dog’s name.  The longer the better as long as it is something you can remember.  You can add a number in the middle of it for extra security!