Partner/Stakeholder Meeting
Baltimore County Public Schools
January 30, 2017
Bill Fitzgerald
@cs_privacy
School District Employees' Financial Data Compromised in Phishing Scam

In Texas

And Arizona

And At Least 126 More

We are only as secure as our least secure friend

The Promise of Tech

Is it Tech
OR
Is it Data

Increased Accuracy

More Depth of Insight

Greater knowledge about what works


Better support for every kid
Better support for every adult


Reduce duplication of effort

Reduce costs of learning materials
Increase the quality of learning materials

Reduce inefficiency
(not increase efficiency)

Measure

Track

Predict

Conundrum 1


Conundrum 2
Conundrum 3


How do we allow valid privacy and security concerns to inform a progressive academic program?
These questions and tensions are not unique

What happens after the wrong click?

-
Data minimization
-
Data sunsets
-
Documented access rules about who can access what
-
Audit trails


-
Avoid portable storage (from laptops to USB keys)
-
Training, training, training
-
Not on tech, but on pedagogy
-
Iterative - Start Somewhere, Figure Out What Else Is Needed

-
Breach response plan
-
Breach response training
-
Ongoing penetration testing
Good privacy practice is good pedagogy


Good privacy practice is good software design

Good privacy practice reinforces intentional, informed decisions

Good privacy practice brings a deeper understanding of the tools we use, and why we use them
Questions? Comments?
Bill Fitzgerald
bfitzgerald@commonsense.org
@cs_privacy (work)

https://www.commonsense.org/education/privacy
Baltimore County
By billfitzgerald