5-step data recovery plan for schools | Nov18 Newsletter
While big data continues to revolutionise the business world, schools are collecting and storing more personal data than ever before. This comes with the responsibility to protect that data in the event of a network malfunction or security breach and requires the capability to recover lost data in such a circumstance.
Australian schools must comply with the Privacy Act 1988 and the Australian Privacy Principles that call for the open and transparent management of personal information. In New Zealand the Privacy Act 1993 lays out 12 privacy principles covering the collection, storage, retention and use of private information.
To do so, it's imperative that schools have a data recovery plan that defines how data will be managed and protected, and how it will be recovered in the event of an IT disaster. This is especially important as local and global privacy regulations - like the EU's General Data Protection Regulation - impose additional responsibilities (and penalties) on organisations that handle personal data (like educational records).
Step 1: Identify and classify data
You must first understand what data the school holds and where it is stored. Then you can classify it into categories that are ranked in order of importance. You need to understand which data is critical to the operation of the school, and which data is most sensitive to outside eyes.
Step 2: Audit your backup process
How is the school currently backing up its data? You should have formal data backup procedures that set out whether your data is backed up to a cloud storage service or to an external server. Data backups should be carried out frequently and follow a regular schedule.
Step 3: Assess the risks
To properly protect your data, you must identify and understand the key threats to it. This could include software or hardware malfunctions, physical damage to your data servers, misuse by unauthorised users, and malicious viruses and malware. You should also consider how a network or power outage may affect your stored data.
Step 4: Reach out to your technology vendors
Your technology vendors can often help with your data recovery plan. Cloud-based administration software and data backup and storage services, for example, will often have built-in data security, protection and backup features in place. Speak to your vendors to clarify how they manage your data, and whether they can assist in protecting it against the risks you’ve identified.
Step 5: Implement recovery strategies
In the event of a major malfunction, network outage or cyberattack, taking fast, decisive action is the key to minimising data loss and maximising your data recovery efforts. For every threat you've set out, create a series of steps that need to be followed to neutralise the event and recover the lost data. This document should be shared with all relevant employees of the school to ensure all parties understand their role when disaster strikes.
In the digital age, all organisations – including schools – are fuelled by data. That data helps schools deliver the best possible student outcomes, but it also comes with the responsibility to protect sensitive information from misuse. A strong data recovery plan is the most effective way to achieve this and ensure your collected data is restricted to its intended use.