7.2 Ensuring Data Privacy and Security

It requires a significant amount of effort, consistency, and clarity to safeguard sensitive student information and maintain secure digital practices given the various staff, technology, and platforms utilized in tutoring a student. High-impact tutoring programs that establish strong data governance frameworks, train staff to follow them, and ensure the secure use of platforms earn families’ trust, protect students’ rights, and uphold legal compliance. Section 7.2 addresses building data privacy policies, training tutors in responsible data practices, ensuring secure virtual programming, and establishing ongoing monitoring systems.

Before You Begin
  • Review your partner district’s policies on student data privacy.
  • Ensure your partner district's technology department approves any platforms being used for high-impact tutoring.
Student Data Policy
Key RecommendationsCorresponding Resources
  • Build data privacy features into the online/blended platform, requiring all entities that collect or store sensitive student data to maintain a comprehensive security program protecting the privacy, confidentiality, and integrity of personally identifiable information.
Website: CoSN Student Data Privacy Guidelines
  • Document robust protocols that protect student data and outline clear procedures for maintaining data privacy and potential data breaches.
 
  • Establish systems to implement data privacy policies and practices with fidelity, using tools such as checklists, leadership reviews, or routine check-ins.

Toolkit: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats

Website: Cybersecurity Infrastructure and Security Agency

  • Train tutors in data privacy rules to ensure understanding and compliance. Consider having tutors sign a confidentiality agreement that outlines how they will keep student data and information private.
Reading: Security Guidance: Common Mistakes for Users to Avoid
Virtual Tutoring Sessions
Key RecommendationsCorresponding Resources
  • Establish agreements with physical sites to ensure on-site staff are trained in safety protocols and meet basic safety standards.
 
  • Outline and share core safety expectations with staff, even when deferring to the host organization or school for physical space management.
 
  • Develop safety policies specific to virtual programming, including guidance on computer ergonomics and screen breaks, and encourage students to advocate for their needs in the virtual environment.
 

Planning for the Long Term
  • Establish a recurring data privacy audit and training cycle that includes reviewing policies, testing platform security features, refreshing staff training, and updating protocols.
Tutoring Quality Standards and Self-Assessment Indicators

Take the free, 15-minute, and research-based Tutoring Organization Self-Assessment. This subsection addresses these tutoring quality standards and Self-Assessment indicators.

Safety
Data Privacy and Security		The program has reasonable data security infrastructure and data privacy policies and practices in place to keep student information safe.
5b.1 | Data privacy policies and practices to ensure confidentiality and security
5b.2 | Data privacy features built into any online/blended platform
5b.3 | System to ensure data privacy policies and practices are implemented with fidelity