What does the alphabet soup have to do with cyber security?
OK, not a lot, but gosh darn here come more acronyms from IT.
So lets break it down.
PII = Personable Identifiable Information is any combination of 2 or more items that together can identify an individual. For example: a birth date alone would not be enough information to zoom in on 1 person in the world, but if you had home address and a birth date, now you can "zoom in" on a single person, despite the 7.8 billion people worldwide. Additional PII categories below.
Edlaw2D = New York’s Education Law Section 2-d, also referred to as "2D". It requires teachers, secretaries, administrators and school technology systems to protect student's identities (PII) much like HIPAA regulations protect an individual medical records.
Who is affected : Anyone who handles PII in your school: nurses, librarians, food service managers, PE and athletic directors. guidance staff, teachers and administrators and more.
What do we need to do? There will be various training's for each group of stakeholders. In the meantime start noting where you see PII, who you share it with and how (email, paper, website upload?).
Where do I get more information? NYSED's Data-Privacy-Security website
When ? 2D regulations are being phased in the first 1/2 of 2020, but much preliminary work is happening now.
Why ? Confidentiality of student information protects personal information from disclosure. This is particularly true where the wrongful release of information about children and families might also lead to discrimination, cause prejudicial treatment or result in identity theft. Also, the child abductors and online predators are a concern as well.
How can this be accomplished? New policies and secure practices of who PII is shared with and how it is shared.
That brings us to HTTPS.
HTTP (with no S) is a method of communication from your workstation, iPad or cell phone to a web site. Using HTTP is like driving down Interstate 81 in a car with clean clear windows. The other cars on that same road can see in your car as they go past you. They can see if your a man or woman, if you are traveling with children, if your traveling alone, what color your hair is, if your drinking a coffee. Depending on who is looking in that might make us quite uncomfortable. While you are online on http sites, good hackers could be seeing your web traffic.
HTTPS is equivalent to having very dark tinted windows so no one can see in your car. HTTPS is an added layer of security between you and the website your surfing. You should always check before you enter any PII (yours or other people's) on any site to verify that you see the "closed paddle lock icon". A closed lock is secure, an unlocked site is not secure. Take a moment and click the closed icon at the top of this page right before the words 'sites.google.com... You will see the "connection is secure and the certificate is valid" message. If either of these are ever missing, do not put your username or login or credit card information or any PII on that web page. Find another site if your casually shopping or surfing; or report it to the organization if you consider them a legitimate site. They may have been hacked or be unaware their security channel is down.
We must caution you however that while HTTPS does mean secure it does not automatically mean safe. If we back up to the car analogy, both the car with the clear windows and the car with the tinted windows can drive into the same bad neighborhood. There are plenty of criminals that are willing to purchase the inexpensive "S" certificates and use them on their bad or infected website or use them on their latest tablet or cell phone APPs. Just one more way the cyber criminals are trying to con us into providing them our private data, PII or credit card or banking information. If looks or feels off it probably isn't where you want to be. Trust your instinct.