Storing Data in the SBO#Business
by Erin WerraRead time:
How is data stored?Hopefully record storage is not limited to paper. Odds are, though, that some paper documents need to hang around, and that’s okay. Here are some tips for physical data storage of very old documents. Although most of these “dinosauric” record tips are limited to student records which must be kept indefinitely, the oldest materials cannot be read by automated machines. They require manual search and organization. The technology to reproduce some of them can cost thousands of dollars!
Digital records may live in data centers onsite. If this is the case, they need to be protected from threats both physical and digital. The first line of defense against digital attacks is ensuring your team is well versed in the myriad methods hackers use to broach the human firewall (phishing drills and other security training can help). As for physical safety, natural disaster prep will depend on your region. Also worth considering: where is your onsite data center? Some locations are more secure than others, both from human interference and the elements. Hint: your best bet is not the basement!
Finally, data may also be stored offsite in a virtual server located outside of the district, commonly referred to as cloud storage. This super-secure option boosts security, takes stress and responsibility off your shoulders, and makes disaster recovery easier.
Rules, regulations, and lawsData stored in the business office is not student data, so FERPA isn’t a concern. However, most business office data is highly confidential, and some is regulated by labor and privacy laws including HIPAA.
School business office data may include:
- Applicant documentation (applications, resumes, job descriptions and interview notes)
- Employee information
- Payroll information
- Medical testing for employment
- Employee evaluations
- Disciplinary documentation
- Harassment claims and investigations
- Protected health information from insurance plans
Paper records can be scanned and retained, but keep in mind a few guidelines to stay compliant:
- Records must be accurate.
- Records must be entire and exact: For example, if notes are present in colored ink, the scanned copy must be in color.
- Records must be in an unalterable file format (PDF, image, etc).
What SBOs can do to stay up to date
Follow your local, state, and federal regulationsEach state will offer guidance for recordkeeping, and it may differ slightly from place to place. The best bet is to stay in touch with local and state agencies. Your edtech provider should also support users’ compliance for state and federal reporting.
Join and learnBuilding your network will connect you with folks who also keep their sights on compliance. Whether this is a regional, nationwide, or international Association of School Business Officials (ASBO) organization, neighboring district business offices, or people you meet at edtech conferences, these connections will help you stay on track. Many minds fixed on compliance make it easier to stay aware when guidelines change.
If your ERP solution offers a community or a forum, join it. Sometimes the best solutions come from other users in the thick of day-to-day tasks. Subscribe to industry publications to be notified of new developments.
What edtech providers suggest
Back 👏 up 👏 your 👏 data 👏Work with your edtech provider to ensure you have backup and disaster recovery plans in place well before any threat occurs.
Start with the 3-2-1 data backup rule. Keep 3 copies of any important file: 1 primary and 2 backups. Keep the files on 2 different media types. Store 1 copy offsite.
This is just the tip of the iceberg of protecting invaluable and highly targeted data.
Phishing and security drillsOnce you have your backup and disaster recovery all squared away, it’s time to focus on the human firewall.
Phishing is one of the most common ways hackers can breach your network and snatch your data. Unfortunately, the multitudinous opportunities to be phished fill inboxes every day. Practicing the skills to spot a fake link in an unexpected, but urgently worded email from someone pretending to be your boss might just save your district millions in data ransom.
The data stored in your school business office is irreplaceable and precious. As much as we hope we’ll never have to fall back on data recovery plans, it’s best to prepare for the worst ahead of time.
Follow-up resources: Data securityRetaining records is important, but unprotected data is a sitting duck. Try these articles for tips:
The Cost of Proactive vs. Reactive Data Security
Using Multifactor Authentication
Use Task-Based Permission to Tighten Edtech Security
Beware These 5 Threats During COVID-19
|Erin Werra Edtech Thought Leader