Protect Your Data

Manage Personal Data and Privacy During Data Privacy Week

As part of Burke Brown’s job as the Technology Coordinator for School District OR-1 in Palmyra, there are a handful of times a year he must go phishing within his district.

“I know this won’t make me any friends among our members but it’s a legal requirement as part of the district’s insurance. We have to mimic these phishing attempts to keep employees on alert for the real thing,” he explained.

Burke is a past NSEA leader and has previously represented District OR-1 as local president. He is currently the chief negotiator for District OR-1 and represented his local association as a delegate to the 2023 Delegate Assembly.

“The best way to protect yourself is to trust no one,” he said.

The sentiment is great online safety guidance and terrible interpersonal relationship advice.

Phishing for Data
Burke explains the point of his phishing expeditions is not to trick district employees into sharing their personal information but to train members to recognize suspicious emails, to practice secure online habits and to help protect the district—and employees—from potential fraud.

AI and Online Security
The days of struggling princes and princesses from overseas needing financial assistance are long gone. Urgent requests for gift cards are so last year. Instead, something much more sophisticated is lurking in the shadows: artificial intelligence or AI.

In his last district-wide phishing test, Burke used AI to formulate his message.

“I opened ChatGPT on my computer and typed in a few keywords. I asked the program to formulate a message from our administration requiring employees to pay fees out of our paychecks,” Burke said. “It spit out a one-page, really well-written email that looked like something that could have really come from administration.”

The fee changes were a ruse and not anything the district was considering but the message was sophisticated because the advanced technology used in ChatGPT has combed through human-generated text which allows it to learn the patterns, styles, and structures of language.

“Social engineering is going to go to a whole new level and it's just kind of scary,” Burke said. “Technology in AI is moving at such an unmanageable pace. I’m worried the companies that public schools rely on to keep our data safe are falling behind.”

Burke said his AI-generated message was tricky enough for at least one district employee to bite.

“I had one teacher click because he was so grumpy about the fake fees and because it was so well-written, he didn’t check to look closely at the email address it came from.”

Data Privacy Week
Data privacy as it intersects with AI is an evolving field and can easily overwhelm even the most technology-savvy people in education. Burke says there are some practical and easy steps that can empower educators to take control of their own data and online privacy. A new year is a great time to reassess one’s own digital environment and implement some changes. In 2021, the National Cybersecurity Alliance (NCA) expanded Data Privacy Day into Data Privacy Week which begins on Jan. 21 and concludes on Jan. 24. More than just raising awareness of data privacy, Burke sees the week as an opportunity to make a few key changes.

“If there are just a few things to consider during Data Privacy Week, I would say educators should update their software enabled two-factor authentication with texting and, when possible, change any vulnerable passwords to include 14 characters. It’s important to review what you’re sharing online and limit app tracking where you can,” Burke said.

Separation of  Work, Life and the Classroom
The increasing commonness of Google tech in the classrooms coupled with using the same tech in their personal lives makes it challenging for educators to separate their work life from their personal life. Burke emphasizes the separation of the two is increasingly important for employment protection.

“NSEA has always advocated that members have a personal email away from their work email. The same principles should apply to digital devices as well,” Burke said. “Avoid signing into work accounts from your personal cell phone and computer. Try to keep from signing into your personal accounts on your work computer. Teachers can unknowingly share an incredible amount of personal information with the district when the two are intermingled.”

NSEA Advocacy Director Jason Wiese agrees keeping the two separate is good practice but there may be instances when an administrator might ask to see your personal cell phone for any number of reasons. Wiese says for those instances it’s best to check with your local association before granting full access to your personal devices.

“Providing full access to personal devices may give a school district access to information unrelated to the specific information they’re looking to review. Even in instances you believe the administration has good intentions behind seeing your phone, there may be concerns about the overreach and the potential for the collection of irrelevant data,” Wiese explains. “In these situations, it’s always best to check with your organizational specialist.”

Local associations and NSEA work to ensure that educators' rights are protected. Advocating for privacy rights is a crucial part of promoting workplace safety, equal treatment, and job security. NSEA is ready and able to help members. Members can reach their NSEA Organizational Specialist at 1-800-742-0047 or 402-475-7611.