(Maintaining Confidentiality of Student’s Records and Personal Data for School Counselors)
Counselors have an ethical obligation when obtaining informed consent to make sure confidentiality protections and limitations are explained and understood. While various ethical codes extensively address confidentiality, little is specifically mentioned regarding the security of electronically stored and transmitted counseling related information. The purpose of this resource is to further inform the practices of school counselors in the digital age.
Guideline #1 – Use a Secure Password
Use strong passwords for the email accounts and filing systems that you use to communicate about and store information regarding clients.
Guideline #2 – Still use the phone
Convey critical information to other schools/ practitioners through personal contact such as a face to face meeting or a phone call.
Guideline #3 – Ensure Untraceable Identity
Only transmit information electronically in a way that is untraceable to a students’ identity. It is often possible to communicate about students via email, for instance, in a manner that both facilitates communication and also protects the identify of the student. It is particularly critical not to include identifying information in the email subject line since this may be seen in an open email client window.
Guideline #4 – Understand File Sharing
Be very familiar with how the sharing/collaborative functions work in electronic file storage systems so you can take effective precautions to protect confidential information stored in that medium. Take the time to familiarize yourself with specific application security settings and select the most restrictive.
Guideline #5 – Check Service Provider Security
Be familiar with the security measures taken by your service provider to know you are working in an electronic environment that minimizes any risk of breach of confidentiality.
Guideline #6 – Beware of and do not open free virus scanning services.
If you grant access to these programs you may open your computer up to “spyware” or “adware” that may track your computer activity or worse record your passwords granting access to your accounts.
Guideline #7 – Don’t fall for “phishing” schemes.
These typically appear as legitimate or not so legitimate email or pop-ups that ask you to verify your account or update your account information. If you are concerned about missing a legitimate request you can always contact the service provider via their website. Do not reply to the original email but go through a separate and direct means of contacting the company.
Take this phishing awareness test (click) to see how attuned you are to these schemes.
Guideline #8 – Configure Automatic Password Managers
Be familiar with the automatic password manager of your individual operating system and configure it with a secure master password and to require automatic login when your computer is left unattended. Here are two useful resources about the keychain on Mac and Automatic Logon for Windows. Useful tip – Configure multiple keychains on a Mac to keep it generally user friendly but with increased security for certain applications and/or websites.
Guideline #9 – Habitually Log Out
Log out of your computer before you leave your computer unattended. This will require it to be logged back into before it can be used or applications opened. On a Mac this can be as simple as Shift-Command-Q or on Windows CRTL+ALT+DEL. You can also configure both operating systems with custom shortcuts to log out.
Useful Resource on Mac Shortcuts (click).
Guideline #10 – Beware of rogue USB thumb drives.
Malware or Spyware can be loaded onto the USB thumb drives that automatically launch when plugged into a computer. As Paul Zimsky from Lumension IT Security firm states, “If someone loads malware on a USB drive and drops it in a parking lot, it’s human nature to want to use this thing,” Zimski said. “You don’t think of it as a threat.” In reality, this could be the very thing that exposes your computer to a breach of confidentiality.
Well before the proliferation of digital storage, effective protocol was required so that student records and case notes would be kept secure and handled by school personnel in a manner that would maintain confidentiality. In today’s schools, electronic filing systems and correspondence of or about confidential matters related to school counseling have become more common and in the case of communication, nearly universal.
In addition to strategies ensuring the physical protection of computers and devices linked to electonic files, counselors will benefit from familiarity with recommendations regarding account password security, identity protection, security measures in place by service providers like Google or Evernote, and fundamental defensive awareness to keep client information secure. Arguably, only with an adequate understanding of these 21st century technological factors will counselors be able to recognize and explain the vulnerability of confidentiality and maintain it from a more informed perspective. – AC
Another Computer Age Nuisance: Spyware
APA – Code of Ethics
ASCA – Ethical Standards for School Counselors
CPA – Code of Ethics
SANS – Security Awarenes Tip of the Day
Familiy Education Rights and Privacy