Data Protection in Schools: Digitization, Microsoft Teams, Encryption, and More.
Schools are currently facing major challenges. On the one hand, they are expected to integrate digital media into the classroom and offer flexible alternation between face-to-face teaching and homeschooling. At the same time, however, they must also pay strict attention to data protection and — in the case of European schools — compliance with the General Data Protection Regulation (GDPR).
In this blog post, we take a closer look at data protection in schools and the use of cloud services, especially Microsoft Teams. We also provide information on the opportunity of using encryption to protect personal data.
Table of Contents
- Personal Data in Schools
- Schools and Digitization
- Schools and the Cloud: The Big, International Players vs. Smaller Specialized Providers
- Online Classes in Microsoft Teams?
- How Does Encryption Protect Personal School Data?
- Boxcryptor for Schools — Cloud Security Through End-to-End Encryption
Personal Data in Schools
Schools and the General Data Protection Regulation (GDPR) — somehow it seems to be a slow roll. But what exactly is the problem? Every day schools deal with a lot of personal data. What the term “personal data” means exactly, you will learn in this blog post. In schools you will find lots of data worth protecting: personal information such as the student’s name, address or date of birth, grades and proof of performance records, but also extremely sensitive information such as notifications of sickness.
Since the GDPR came into force in 2018, European schools, just like companies or organizations, have some additional obligations when it comes to this personal data. According to the website of the “Hessian Commissioner for Data Protection and Freedom of Information”, the school is responsible
that the processing of personal data of students, parents, and teachers is carried out lawfully and that the necessary measures for data protection and data security are taken.
On behalf of the entire school, the school administration assumes responsibility. In addition to this, public schools must appoint a data protection officer as well as a deputy.
Schools and Digitization
Digital media and virtual forms of teaching have already found their way into everyday school life. At the beginning of the year, the Coronavirus forced schools virtually overnight to switch to distance learning and — to make this possible - to rely on digital products and platforms. From one day to the next, documents and messages were exchanged between teachers and their students via platforms such as Microsoft Teams, OneNote, NextCloud, or Google Classroom.
To be available online at any time and from any location, all data exchanged through these platforms is uploaded and stored in the cloud storage of the respective providers. Therefore, let’s talk about schools and the cloud.
Schools and the Cloud: The Big, International Players vs. Smaller Specialized Providers
First of all, the cloud is not automatically bad. On the contrary, it offers numerous advantages such as easy collaboration in classes or teams — regardless of where the users are located, which devices are used, and whether it is day or night. The use of cloud solutions also saves costs, requires no local installation, and is available to schools quickly and flexibly.
However, there are concerns about data protection. With many cloud services, it is questionable to what extent they comply with data protection laws. In some cases, this is not even within the cloud provider’s control. US companies, for example, are obliged by the CLOUD Act to provide authorities access to stored customer data upon request.
Due to their national legal regulations, foreign providers cannot exclude the possibility that the data will also be analyzed by security authorities. Or the providers themselves reserve the right to analyze the data for their own purposes, for example, to place advertisements,
says Marit Hansen, the data protection commissioner of the state of Schleswig-Holstein.
European cloud providers, such as the ownCloud, Storegate, or the GAIA-X cloud project, which has been under discussion for some time now, offer a stronger focus on data protection. But these solutions are usually not as sophisticated as those of the large providers, may have less performance, or are not an option for schools in terms of price. As the year draws to a close, it is becoming increasingly clear that in 2020, Microsoft’s offerings, including Microsoft Teams, have established themselves in many schools.
Online Classes in Microsoft Teams?
Not only numerous companies but also more and more educational institutions are using Microsoft 365. One reason for this is certainly that Microsoft has created its own template specifically for schools, which is tailored to the needs of everyday school life. Under the name “Microsoft Education”, Microsoft offers educational institutions various EDU packages: Office 365 A1, A3 or A5. The basic A1 package, which includes Outlook, Word, Excel PowerPoint, and Microsoft Teams, is free. More information on education offerings.
In Microsoft Teams, schools or teachers can create virtual classrooms for their classes or specific school subjects by creating teams and channels. By assigning permissions that are different for each virtual room, groups can be created as desired, and media and files can be made available only to authorized individuals. Each channel has a chat (Posts), a place to store files, and — if required — additional tabs (more apps) that can be accessed via the menu.
However, Microsoft or the Microsoft services are regularly criticized. Points of criticism include the lack of sufficient transparency as to which user-related data is processed and how. It has also not been confirmed that Microsoft adequately protects users’ data. Furthermore, due to the company’s location in the USA, there are concerns about the possibility of access by US authorities based on legal orders.
How Does Encryption Protect Personal School Data?
Caesar already knew how to use encryption to his advantage by making important messages indecipherable to enemies by shifting letters by a certain number in the alphabet. If you would like to know more about this, your history teacher will certainly be happy to help you. Over 2000 years later, encryption has become much more complex. But the goal is still the same:
To transform your data from plaintext to ciphertext that can only be read by people who have the right key to decrypt it.
By encrypting personal data, you meet important security criteria of the EU General Data Protection Regulation. Article 32 of the GDPR lists encryption of personal data as an “appropriate technical and organizational measure to ensure a level of security appropriate to the risk.”
But encryption is not just encryption: only if end-to-end encryption — without the possibility for unauthorized third parties, including the encryption providers themselves, to access the data — is used, the key to the data stays exclusively in your hands. This is often referred to as zero-knowledge encryption. In this case, even the cloud storage provider has no copy of the key that could fall into the wrong hands. Only if you encrypt your data end-to-end before uploading it to the cloud storage of your choice and do not let the key out of your hand at any time, no one except authorized persons can access the files.
Benefits, by using end-to-end encryption:.
- Reducing the likelihood of a data breach.
- Protection of data in transit (between end device and data center or between different data centers).
- Protection of data at the point of storage (cloud storage, NAS, file server, or local).
- As a rule, no obligation to report loss of data that is encrypted according to the current state of the art.
- Positive impact in the event of a decision on a fine, as an appropriate technical and organizational measure has been taken (Art. 83(2)).
Boxcryptor for Schools — Cloud Security Through End-to-End Encryption
Boxcryptor helps schools use the cloud in a secure and privacy-compliant way thanks to end-to-end encryption. In practice, this means that you first encrypt your files on your laptop, tablet, or smartphone. Only then are the documents, images or videos uploaded to the cloud. For you as a user, this means either right-clicking and selecting the “encrypt” option or placing the new file in a folder that is already encrypted. The complex encryption of the file is done by the software for you in the background. Once the files are encrypted, only the people who have the necessary key can read the data in plain text.
If you use Microsoft Teams, there is a special encrypted area for storing sensitive data, which you can select from the menu bar at the top.
Screenshot: Boxcryptor for schools integration in Microsoft Teams:
The encryption software gives you flexibility in choosing the appropriate cloud storage. Whether it is Microsoft OneDrive, Microsoft Teams, NextCloud, or Google Drive, we support over 30 different cloud providers. Additionally, you can also encrypt network-attached storage, file servers, and locally stored data.
While teachers and students can work together on their encrypted data stored in the cloud, the administrator responsible for the school will find numerous setting options in the Boxcryptor web platform for a secure collaboration within the organization. You can create groups for classes or the teaching staff and to organize different levels of access to data. In addition, policies can be created and the activities of Boxcryptor users can be tracked.
If you want to learn more about these features in detail, our monthly live webinars are a great way to do so. During the webinar we explain exactly how to create and set up your organization and how to work successfully with Boxcryptor. If you prefer to test Boxcryptor in practice, you can try all the features of Boxcryptor for Schools 14 days for free.
We have decided to make our encryption software available to public primary and secondary schools as a special offer. This is because we believe that schools should take advantage of the cloud to make school operations and the delivery of digital lessons as efficient and timely as possible. At the same time, cloud security should not be neglected. That is why we offer the opportunity to purchase “Boxcryptor for Schools” with a special discount.
Cloud Security for a Small Budget — Boxcryptor for Schools
Work together in the cloud, inside as well as outside your school organization. Encrypt important schoolchildren's data and comply with data protection requirements.