As more and more states introduce bills and laws regarding the use of student data and student data privacy, education tech companies need to adapt to this changing landscape and adjust how they do business and support their customers. eScholar is no exception. We pride ourselves in doing whatever is necessary to provide our customers, state and local education agencies, with the help they need in order for them to help their customers – students. But with so many states passing strict laws that govern how student data is used and who has access to that data, are education tech companies handcuffed in being able to help state and local education agencies work through their data problems? Is it possible for education technology companies to provide world class customer support and abide by strict student privacy laws? Yes it is possible. Although the laws may be strict, proactively caring for student data privacy goes a long way in building trust between state and local agencies, parents, students and education technology companies. We recognize that customers need our expertise to assist in identifying, troubleshooting and resolving data issues that occur while using our products and for those purposes, providing confidential education data to eScholar is beneficial to the customer.
Happy Customers, Safe Data
To provide customer support, we troubleshoot primarily via web meetings so as to limit customer data being in our possession. In cases where we need to do further analysis and troubleshooting, we do the following:
- Customers will upload all data via eScholar’s secure FTP site.
- If a data file is exceptionally large, the customer may elect to send data on a CD, DVD, or portable hard drive.
- Alternatively, customers may ask eScholar staff to download a data file from a password-protected and secured file transfer service or similar technology.
- eScholar removes Confidential Customer data from the eScholar FTP site upon notification by the customer that data is being sent and receipt of the data or as soon as the automated FTP site monitoring process alerts the eScholar Customer Support staff.
- eScholar stores Confidential Customer Data on a secure, dedicated server on the eScholar network (e.g., a development server).
- eScholar does not store Confidential Customer Data on a laptop computer, personal workstation, or mobile device.
- Neither eScholar nor the customer transmits confidential customer data via email or other unsecured means.
- If a customer sends confidential customer data to eScholar via email, eScholar immediately deletes the email and asks the customer to send the data via eScholar’s FTP site. This may require emptying the e-mail system’s Delete/Trash folder.
- eScholar clears, purges or destroys confidential customer data from our servers, either upon customer request or upon closure of the support ticket, in accordance with standards established by the National Institute of Standards and Technology (https://www.nist.gov/itl/csd/how_083106.cfm). eScholar completes the process within 48 hours of initiating the process. For data on our data backup system, it will take 72 hours.
- eScholar staff follows a “clean desk policy” with regard to all Confidential Customer Data. A “clean desk policy” entails locking computer terminals when not sitting at your desk and removing all hard copy material from your desk that is related to the customer when not sitting at your desk.
- eScholar uses encryption (‘locker’) technology to allow for the temporary staging but not storing of these data on a workstation or laptop while these data are at rest.
- eScholar uses data scrubbing technology to remove any data artifacts left behind from the temporary staging of these data immediately after these data have been moved to a secure and dedicated server.
- eScholar provides all staff members who handle confidential customer data with the tools needed to encrypt, destroy and scrub those data files and data artifacts.
We comply.
In addition to all of the above, annually all staff and representatives of eScholar go through FERPA (Family Educational Rights and Privacy Act) training where we are reminded of all the rules pertaining to personally identifiable information and student data.
When we sign a contract with a state or local education agency, we are establishing a relationship with that customer. All good relationships are built on trust and understanding. The debate regarding student data privacy is complex, but at the root of it is trust. All of the measures we take here at eScholar is to ensure that the trust between us and our customers remain strong and that we are able to assist them with our products and the complex data issues they face. A relationship built on trust is priceless and worth the extra hoops that we have to jump through. Our customers are very satisfied with the help that we provide them and will continue to provide them as the topic of student privacy rages on. So the question presented at the outset was, is it possible for education technology companies to provide world class customer support and abide by strict student privacy laws? Absolutely, yes!