Job Board for Data Governance & Management in the Education Sector
A Comprehensive Tool for Defining Essential Roles in Education Data Governance
Enhancing accountability, compliance, privacy, and security for improved quality and equity in learning systems
Data governance is crucial for responsible and effective management of education data. It establishes policies, standards, and practices to ensure data quality, security, privacy, and compliance with laws. Moreover, it safeguards learners’ rights, enhances education system efficiency, and maintains the integrity of data for informed decision-making.
This job board, created by the Broadband Commission Working Group on Data for Learning, provides a framework of roles and responsibilities across different levels of education data governance. It helps stakeholders self-reflect on their data governance structures, identify gaps, and promote transparent and ethical data use. The tool supports discussions, sparks investments in data skills and resources, and contributes to safe and equitable data-driven education.
The job board outlines roles at micro, meso, and macro levels of education data governance, providing guidance on skills and competencies needed. These roles are not specific to any country but serve as reference points. The tool fosters discussions, aids stakeholders in self-assessment, and encourages compliance with data protection and ethical considerations to enhance data-driven decision-making and educational outcomes.
Explore the Tool
Macro level
Responsibilities related to the design and management of data infrastructure and security policies at centralized level and/or a dedicated data governance team or steering committee
Chief Information Officer, Education Sector (CIO)
The CIO is a senior executive responsible for overseeing and managing IT infrastructure, including tech-enabled learning, across education management authorities at various levels. They define and approve data and IT policies, strategies, and budgets aligned with national learning goals. The CIO ensures a reliable, secure IT infrastructure and supports the management and data governance of the Education Management Information System (EMIS).
Strategic planning: The CIO collaborates with national education leaders, including ministers and vice-ministers and principal education decision-makers and administrators at different management and governance levels, to develop a strategic technology plan aligned with the sector’s goals and objectives (including integration with broader digital society and transformation policies). They identify technological needs at every level, assess capacity needs and potential risks, and formulate strategies to address them.
Technology infrastructure: The CIO oversees the design, implementation and maintenance of the sector’s comprehensive IT infrastructure, including:
- design and maintenance of EMIS hardware and software architectures (including databases)
- integration of emerging AI and machine learning (ML) with sector education goals, objectives and emerging opportunities, including the integration of AI- and ML-powered data management solutions and automated data quality measurement tools to support education data governance
- oversight of appropriate telecommunications systems, networks, servers, hardware and software
Data management, compliance and cybersecurity: The CIO works with the CISO and Data Officers to develop IT standards and procedures for managing and safeguarding sensitive data through robust security measures and privacy compliance. This includes compliance with relevant laws, regulations and data protection requirements.
Budgeting and resource allocation: The CIO has overall responsibility for managing the IT budget, ensuring that financial resources are allocated and managed appropriately, and regularly reviewed to support the sector’s technology needs. They assess technology investments, support negotiations around contracts with vendors, and identify cost-effective solutions to optimize the use of available funds.
Collaboration and stakeholder management: The CIO collaborates with various members of the IT and data teams and education stakeholders, including high-level decision-makers and administrators and external partners. They build relationships with technology providers and industry experts to stay updated on emerging trends and advancements in educational technology.
- Strategic thinking: Strong strategic thinking skills to assess the sector’s current technological landscape, identify future opportunities and challenges, and develop a long-term vision for technology integration in support of educational goals and targets.
- Leadership and management: Strong ability to guide and inspire IT teams at different levels and build a cohesive IT department, setting clear objectives, delegating responsibilities, and fostering a culture of innovation and continuous improvement.
- Data analysis and decision-making: Familiarity with complex data sets and leveraging analytics to interpret macro-level trends, inform strategic planning and measure the impact of technology initiatives.
- Technological expertise: Strong understanding of the latest technologies (cloud-to-edge, ML, generative AI etc.), data trends and innovations relevant to education data management and services.
- Software expertise: Well-versed in educational software, learning management systems, data analytics tools, cybersecurity practices, and emerging technologies such as AI and virtual reality.
- Experience in EMIS: Knowledge of management information systems (MIS), computer information systems (CIS), IT management and project management.
- Pedagogical insights: Knowledge of emerging trends in learning technologies, and ability to work with learning technology specialists.
- Change management: Expertise in change management around technology implementation, including foresight, assessing readiness, managing resistance, and effectively communicating with and supporting stakeholders through transitions.
- Adaptability and learning agility: Strong capacity to stay updated on emerging trends, new technologies and best practices.
- Capacity to analyse operations, identify risks and opportunities: Includes awareness of national legal standards for data privacy and security and experience in ensuring compliance with rules and regulations and administrative processes, and excellent understanding of technology management and monitoring.
- Strong financial management skills: Skills for developing and managing IT budgets effectively, including the ability to use and analyse cost-benefit ratios.
- Strong vendor and stakeholder management: Including skills to engage with external vendors, technology providers and industry experts, evaluate vendor offers, and negotiate contracts.
- Team management, collaboration and communication: Experience in leading, supervising, managing and motivating IT staff and teams, and ability to establish good working relationships with educational leaders, teachers, administrators, and external and internal partners, including with CIOs from other sectors of national government.
Chief Data Officer, Education Sector (CDO)
The CDO collaborates with the CIO to oversee education data management in the sector. This includes national data on learners, teachers, schools, academic data, financial data, research data, and operational data, as well as cross-national data flows. The CDO works closely with stakeholders to identify data needs and ensure data quality, integrity, and usability. They also collaborate with cross-sector departments to implement strategic data management practices and enable data-driven decision-making.
Data strategy and planning: Develops and implements a comprehensive education data strategy aligned with the sector’s strategic goals and security needs. This involves:
- identifying specific national, regional and international data needs, e.g. related to monitoring and reporting agreements around regional development frameworks and the Sustainable Development Goals (SDGs), or participation in international learning assessments such as the Programme for International Student Assessment (PISA)
- establishing data management policies and procedures
- generating data definitions, classifications and standards
- pushing for convergence in awareness around data across institutional functions at different governance levels
- providing support to application of data policies and governance frameworks, including around big data and cross-border data flows
Data integration, sharing and effective use for education decision–making purposes: Facilitates cross-functional and cross-department collaboration to ensure optimization of technologies, data management systems, and tools for data collection, integration, validation and storage. This includes the ability to exploit interoperability within cloud-to-edge technologies and AI to integrate and harmonize data from various sources and formats within cloud and edge environments.
Data standards: The CDO further supports the definition of data standards and guidelines to ensure data quality and consistency in the context of complex data interfaces and interoperability, and works with the CIO and CISO in developing policies for data governance, stewardship, ownership and access, including sharing rights and retention.
- Data management and analysis: Strong understanding of data management principles, data modelling and data analysis techniques. Proficiency in data management tools, databases and data visualization tools. Knowledge of statistical analysis and data-mining methods.
- Strategic thinking: Ability to align data initiatives with the organization’s strategic goals and objectives. Develop long-term data strategies that support educational outcomes and institutional effectiveness. Understand the value and potential of data-driven decision-making.
- Expertise in developing and implementing data policies: Deep understanding of data management and governance practices, and data strategy development. Ability to establish policies, procedures and guidelines to ensure consistent data quality, formats, security, privacy and compliance within the sector.
- Communication and collaboration: Ability to collaborate with different departments and build strong data management relationships with diverse stakeholders.
- Leadership and team management: Strong leadership skills and ability to build and manage a high-performing data management team. Provide direction, mentorship and support to staff members.
- Change management: Ability to navigate organizational change related to data management initiatives, drive cultural transformation towards a data-driven culture, help stakeholders understand the benefits of data-driven decision-making, and foster data literacy within the organization.
Chief Information Security Officer, Education Sector (CISO-ED)
The CISO collaborates with the CIO to safeguard sensitive data, mitigate security risks, and ensure compliance with privacy regulations and cybersecurity policies. Their responsibilities include protecting data assets, fostering security awareness, and maintaining a secure teaching and learning environment. They develop and implement a comprehensive cybersecurity strategy to ensure confidentiality, integrity, and availability of data while mitigating unauthorized access and cyber threats.
Information security strategy: The CISO develops and implements an overarching data security strategy for the education sector that covers EMIS systems, the deployment of complex databases and analytic platforms, use of cloud-to-edge technologies, learning management systems and generative AI. This includes defining security objectives, establishing policies, guidelines and procedures, and identifying security controls to protect data and information assets.
To do their job, the CISO collaborates with internal stakeholders, such as IT teams and the CDO (see below), senior leadership, and legal or compliance departments, to design and implement the security strategy, and regularly reviews and updates it to ensure its relevance in the face of changing technologies and emerging threats.
They also establish partnerships with external entities, such as compliance agencies, industry associations and information-sharing forums, to enhance security capabilities and respond to security challenges effectively.
Security architecture and infrastructure: The CISO collaborates with IT teams to design, implement and update secure data-sharing systems, networks and infrastructure. They ensure that security controls, such as firewalls, intrusion detection systems and encryption mechanisms, are effectively deployed to protect sensitive data. They work with stakeholders to establish data access controls and data stewardship practices. They also monitor security-related legal and regulatory developments to adapt policies and procedures accordingly.
Risk assessments and incident monitoring: The CISO stays informed about the latest threats and vulnerabilities posed by AI, ML, and cloud and edge technologies, by monitoring threat intelligence sources. They perform periodic security audits and assessments to evaluate the effectiveness of security controls, identify vulnerabilities, recommend improvements and oversee risk mitigation measures.
The CISO also investigate potential security breaches or incidents and restores normal operations. This includes the use of intrusion detection systems, log analysis, and security information and event management (SIEM) tools. They also develop incident response plans to handle security incidents effectively, and conduct post-incident analysis to learn from lessons and improve incident response procedures.
Staff awareness and training around security issues: The CISO promotes security awareness among institutional staff at different management levels, and among school leaders, teachers and students. They develop and deliver training programmes to educate individuals on best security practices, such as password management, phishing awareness and data protection.
Vendor and third–party risk management: The CISO works with data teams and legal and compliance departments to assess the security posture of third-party vendors and service providers. They establish guidelines for vendor selection, conduct security assessments and monitor the ongoing security practices of external entities that have access to the sector’s data or systems.
- Knowledge of relevant laws, regulations and standards in the education sector: Knowledge of data protection regulations (e.g. GDPR), industry frameworks (e.g. ISO 27001), and any specific compliance requirements for educational institutions.
- Strong leadership, team cooperation and communication skills: To articulate complex security concepts in a clear and concise manner, and effectively engage with stakeholders including decision-makers and education staff at all levels, about security best practices and collaborating with cross-sector departments to implement security initiatives.
- Security architecture expertise: A strong understanding of information security principles, practices and technologies, including knowledge of the technical aspects of network security, encryption, vulnerability management, access controls, incident response and regulatory compliance.
- Risk management: The ability to assess and manage risks, including identifying potential threats, evaluating their potential impact and implementing appropriate controls to mitigate those risks. A CISO should be skilled in risk assessment methodologies and have experience in developing risk management strategies.
- Continuous learning: The cybersecurity landscape is ever evolving, so a CISO must stay updated on the latest threats, vulnerabilities and security technologies. This involves participating in industry conferences, attending training sessions and engaging with professional networks to continually enhance knowledge and skills.
- Detect and respond to security incidents: A solid understanding of incident response processes, including containment, investigation and recovery. Knowledge of digital forensics and incident handling techniques is also valuable for conducting post-incident analysis.
- Training and education expertise: Solid understanding of adult learning principles and instructional design methodologies to develop and deliver effective security training programmes tailored to different roles and levels across the education sector, including engaging and interactive training materials for presentations, videos, quizzes and simulations.
- Vendor management skills: To assess the security posture of vendors, establish security requirements in contracts, and conduct regular audits or assessments to ensure compliance.
Learning technologies specialist
(LTS)
The Learning Technologies specialist works with the CIO in designing National Learning Management Systems (LMSs), Digital Learning Platforms (DLPs) and Digital Content Repositories, as well as integrating and implementing other technology tools and resources to enhance teaching and learning experiences.
Technology integration with teaching and learning processes: The LTS provides technical and pedagogical advice and support to the senior management team in leveraging technologies to support instructional practice and create innovative learning environments to improve education outcomes.
To this end, the LTS collaborates with the CIO and other LTSs and instructional designers to identify and implement technology tools, resources and platforms that enhance teaching methods, facilitate online learning, and promote digital literacy among students.
- Education insights: An understanding of the unique IT infrastructure needs and challenges of the education sector, including educational trends, pedagogy, and the evolving demands of students, teachers and administrators.
- Communication and collaboration: Excellent communication skills to understand technological needs and effectively communicate complex technological concepts to all stakeholders. Experience in translating teaching and data insights into actionable technology recommendations. Ability to collaborate with different departments and build strong relationships.
Data
Analysts
Data Analysts facilitate and enable data-driven decision-making, as well as generating meaningful insights on learning and teaching, by extracting data from databases and using data to identify trends, patterns, and correlations in educational data
Identifying trends and insights: The Data Analyst works with the CDO and other data analysts and researchers to:
- manage stakeholder requirements for management and reporting data across education departments and governance levels
- analyse and collate critical data related to learning and provide actionable insights to inform strategic planning, policy development and monitoring requirements
- develop and maintain procedures for monitoring database activity and optimizing databases to forecast education needs and establish trends
- Database proficiency: Understanding of education databases (enrolments, learning assessment results etc.), data storage, mining, retrieval, integration and governance practices. This includes proficiency in managing and organizing data in cloud– and edge-based environments, and ML-based data quality tools.
- Technical skills: Strong skills in data manipulation, data cleansing and data integration using tools such as SQL, Python, R or other programming languages commonly used in data analytics. Familiarity with data analytics platforms and tools for data visualization and reporting like Tableau, Power BI or Excel.
- Data pattern analysis and interpretation: Proficiency in statistical methods and data visualization tools. Includes predictive analytics to identify trends, patterns and correlations in educational data.
- Education domain knowledge: Knowledge of the education sector, including understanding of educational data, performance metrics and the factors that impact educational outcomes. Familiarity with academic data, student data, assessment data and institutional data in the context of the education sector.
- Continuous learning and adaptability: Keeping up with the latest trends, tools and methodologies in data analytics. Being adaptable to new technologies and evolving data practices in the education sector. Willingness to learn and explore new techniques to improve data analysis and insights generation.
Data Privacy and Protection Officer (DPPO)
The DDPO supports data governance and ensures compliance with data practices. While they play a crucial role as the “orchestra conductor” of personal data management and assist in monitoring compliance with personal data protection regulations, it is important to note that, at least in Europe, they are not personally responsible for non-compliance with General Data Protection Regulation (GDPR). The responsibility for data protection compliance lies with the controller or processor.
Data privacy and compliance: The DPPO assists the sector in monitoring compliance with data protection regulations (e.g. GDPR in Europe) and other relevant national privacy laws. Their main responsibilities include:
- Developing and implementing data privacy policies and procedures
- Assisting the organization to monitor compliance with national data protection laws and collaborating with internal teams, such as IT, legal, human resources and business units, to align data governance practices with privacy requirements
- Implementing data privacy training and awareness programmes
- Providing advice on privacy impact assessment and monitoring its performance¹
- Participating, in particular with the CISO, in the personal data breach management and incident management
- Monitoring and auditing data practices
- Cooperating with the supervisory authority and acting “as the contact point on issues relating to processing […] and to consult, where appropriate, with regard to any other matter.”²
The role requires a combination of technical knowledge, legal understanding and interpersonal skills, including knowledge of:
- Data protection laws: A solid understanding of relevant data protection and privacy laws, such as the GDPR in the European Union and the Family Educational Rights and Privacy Act (FERPA) in the United States of America.
- Education regulations: Familiarity with specific data regulations that apply to the education sector, such as the Children’s Online Privacy Protection Act (COPPA) or the Individuals with Disabilities Education Act (IDEA).
- Privacy by design principles: Knowledge of privacy by design principles and the ability to embed privacy safeguards into systems, processes and applications right from the design phase.
- Privacy impact assessments (PIAs): Ability to provide advice as regards the privacy impact assessments to identify potential risks and evaluate the impact of data processing activities on individuals’ privacy rights.
- Risk management: Skill in assessing risks related to data privacy and protection, and developing strategies to mitigate those risks effectively.
- Information security: Understanding of information security practices, including encryption, access controls, authentication, and secure data storage and transfer methods.
- Continuous learning: A commitment to staying updated with the evolving landscape of data privacy and protection laws, regulations and best practices through ongoing professional development and networking.
Meso level
Responsibilities at regional levels of public administration and education management
Regional IT
Specialist
The Regional IT Specialist is responsible for overseeing and managing the IT infrastructure for education management and tech-enabled learning in regional/district-level education offices, education authorities and schools, ensuring the smooth operation of technology systems, including hardware, software and network infrastructure. They address technical issues, provide user support, and implement IT policies and procedures, including data security policies.
The Regional Technology Specialist:
- provides guidance and support to education institutions and schools in implementing digital learning and data-collection initiatives
- supports the installation, maintenance and security of computer systems and networks
- troubleshoots and resolves technical LMS and cloud-to-edge technology issues
- provides training/guidance for education staff and teachers on technology integration
- engages with relevant stakeholders, such as teachers, principals, parents and students, to understand their IT needs, address concerns and gather feedback
- Excellent knowledge of latest technologies supporting data management and LMSs: Includes familiarity with the benefits and limitations of cloud-based solutions and cloud computing concepts including cloud storage, virtualization and cloud service models. Understanding of edge computing principles and technologies relating to processing and analysing data closer to the source (at the edge).
- Familiarity with LMSs and interfaces: Appropriate knowledge of DLPs and tools in order to provide technical support teachers in integrating technology in the classroom.
- Problem solving and troubleshooting: Capacity to identify and resolve technical issues related to connectivity, system failures or data inconsistencies.
- Continuous learning: A mindset of continuous learning to keep up with advancements in cloud-to-edge technologies, emerging technology trends and best practices.
- Communication and collaboration: Excellent communication, interpersonal and collaboration skills to engage with stakeholders at decentralized administration and school level, facilitate cooperation, and convey complex concepts to non-technical audiences.
Regional Data
Officer
The Regional Data Officer is responsible for managing and analysing data within a decentralized regional education office. They are charged with ensuring data quality and integrity while promoting secure data governance practices. They also collaborate with central management and school–level stakeholders to identify data needs, develop data-collection methods, and design reporting frameworks supporting school improvement and teacher professional development practices. As such, they play a crucial role in generating insights and providing actionable recommendations to support decision-making at the regional and national levels.
The Regional Data Officer:
- oversees the collection, storage and management of education data, and overall quality assurance for data submitted by the educational levels and institutions under their supervision
- contributes to the implementation of policies and guidelines related to education data governance at the regional or provincial level, including in relation to the use of cloud-to-edge technologies, ML tools and generative AI
- Strong project management skills and familiarity with data management and governance: To effectively plan, implement and monitor data management and governance initiatives at decentralized level. Familiarity with data management systems and emerging technologies requiring evolved practices in data governance. Capacity to address challenges and make informed decisions related to data governance and privacy issues.
Regional Data Privacy and Protection Officer
The Regional Data Privacy and Protection Officer assists the organization to monitor compliance with data privacy laws and regulations within a specific geographical region or area of an organization. When needed, they provide advice on PIAs, audits and risk analyses to identify vulnerabilities and mitigate potential data breaches. Additionally, they provide guidance and training to decentralized education staff and schools on data privacy best practices, and act as a point of contact for privacy-related concerns within the region.
The Regional Data Privacy and Protection Officer:
- Assists the sector in monitoring compliance with data protection and privacy laws, regulations and policies within the education sector
- Identifies and addresses potential risks related to education data governance, including data breaches, privacy violations and unauthorized access
- Provides training and support to education staff on data governance practices, data protection and privacy regulations
- Legal and regulatory knowledge: Understanding of relevant data protection and privacy laws, regulations and policies within the education sector.
- Data security:³ Understanding of information technologies and data security, including knowledge of encryption techniques, access controls, data privacy regulations and best practices for securing data in cloud-to-edge environments.
- Ethical considerations: Awareness of ethical considerations and a commitment to upholding data privacy, confidentiality and security.
Micro level ⁴
School-level and community-level responsibilities needed to responsibly unlock the potential of purposeful data use to improve the educational experiences
School Leaders
School leaders need to adeptly assess data quality, ensuring its reliability for effective management and instruction. They should grasp the societal impact of data use, communicate its benefits, and be able to interpret and apply data-driven insights for informed decision-making. Additionally, they should be aware of the environmental consequences of digital practices and influence procurement and usage patterns to minimize carbon emissions.
- Assessing data quality: School leaders need to understand how to assess the quality and reliability of the data they use (through assessments and engagement in digital environments) as part of their management. They should be able to critically evaluate education data, tools and research, and other sources to ensure data validity and make informed decisions, not only about school management and teacher instruction, but also about privacy, age-appropriateness, legal compliance, and procurement of digital tools and services. School leaders need to critically assess the added value of integrating new data-fueled digital tools into school communities, with particular consideration for its wider impact on school well-being and the responsible management of third-party data ownership.
- Awareness of data governance architecture and legal compliance: School leaders need to be aware of the main principles of data governance and ownership to inform and protect their teachers’ and learners’ privacy and human rights. School leaders should be able to identify both the positive and negative implications of the use of data, and weigh the benefits and risks before allowing third parties to process personal data from their school community. They should know the legal and policy frameworks applicable to their school contexts and how these implicate rights to informed consent, who has access to student data, whom it is safe to share data with, how access is monitored, how long data are retained, and how data can be deleted.
- Understanding the impact of data use on humans and human rights: School leaders should know how a given digital system addresses the different social objectives of education, and how data profiling can influence societal decision-making. School leaders should be able to consider the impact of data use on the school community, including carefully considering parents’ access to student and teacher data. School leaders should be able to article how a specific use of data can benefit all students, independent of their cognitive, cultural, economic or physical differences. School leaders should be able to consider the impact of data use (grading, taking attendance, monitoring student behaviour, using learning analytics, generating automated feedback and assessment, professional development, and school progress-monitoring) on the development of teacher and student workload, social engagement, self-efficiency, self-image, mindset, and self-regulation skills.
- Ethical data-driven decision-making: School leaders should also be able to interpret and analyse basic data gathered through classroom practice, LMSs, national– and school–based learning assessments, and other types of large-scale, tech-based data collection, to inform strategic school management decisions and other types of decision-making. Capacities are needed to responsibly leverage data outputs and insights to assess student performance, identify areas for school improvement, and allocate resources effectively. Across use cases, teachers should consider potential analytic biases caused by various data-related factors, including algorithms, censorship, or limitations in their own data literacies.
- Communicating data insights: School leaders need strong communication skills to effectively communicate data insights to various local stakeholders, including teachers, parents, governing bodies, and regional education authorities and school inspectorates. They should be able to present data in meaningful and accessible formats to facilitate understanding and support decision-making. They should be able to communicate how learner data was collected, used, stored and/or transferred in order to produce these insights.
- Environmental impact: School leaders should understand the environmental impact of everyday digital practices that rely on data transfer, which produces carbon emissions from devices, data centres and network infrastructures. In particular, they should understand the energy intensive processes that power digital learning environments which employ AI to operate, and this understanding should influence their procurement processes of certain tools and the time which they recommend teachers and students spend interacting with them.
Teachers
Teachers need to possess ethical data-informed instruction skills, encompassing data collection, analysis, and interpretation to tailor teaching methods to individual student needs. They should also understand the societal and human rights implications of data usage, promoting students’ data literacy and teaching them to safeguard personal data. Lastly, teachers should employ data-driven collaboration and understand the environmental impact of digital practices in education.
- Ethical data-informed instruction: Teachers should be aware of the various forms of personal data used in education and training. Teachers should be able to collect, analyse and interpret student data to inform their instructional practices. Teachers should be able to interpret the data and evidence available in order to better understand individual learners’ needs for support. This includes through classroom-based assessments, manual or tech-based tracking of student progress, identifying learning gaps, and adjusting teaching strategies accordingly to meet individual student needs. Across use cases, teachers should consider potential analytic biases caused by various data-related factors, including algorithms, censorship, or limitations in their own data literacies.
- Assessing data quality: Teachers need to understand how to assess the quality and reliability of data they use (through assessments and engagement in digital environments) as part of their teaching. They should be able to critically evaluate education data, educational tools and research, and other sources to ensure data validity and make informed decisions, not only about instruction, but also about privacy, age-appropriateness, and legal compliance. Teachers need to critically assess and discuss the value and validity of different data sources, as well as the appropriateness of established methods for data analysis.
- Awareness of data governance architecture and legal compliance: Teachers also need awareness around the main principles of data governance and ownership to inform and protect their learners’ privacy and rights. Teachers should be able to identify both the positive and negative implications of the use of data and weigh the benefits and risks before allowing third parties to process personal data. They should know the legal and policy frameworks applicable to their school contexts and how these implicate rights to informed consent, who has access to student data, whom it is safe to share data with, how access is monitored, how long data are retained, and how data can be deleted.
- Understanding the impact of data use on humans and human rights: Teachers should know how a given digital system addresses the different social objectives of education and how data profiling can influence societal decision-making. Teachers should be able to consider the impact of data use on the student community. Teachers should be able to explain how a specific use of data can benefit all students, independent of their cognitive, cultural, economic or physical differences. Teachers should be able to consider the impact of data use (learning analytics, automated feedback and assessment, and progress monitoring) on social engagement and the development of students’ self-efficiency, self-image, mindset, and self-regulation skills.
- Facilitating students’ data literacy: Students need skills to analyse and interpret data relevant to their learning. This includes understanding statistical graphs to understand their learning trajectory, and arguments for pursuing particular learning pathways. Students need to be aware that digital systems collect and process multiple types of their data (e.g. personal, behavioural and contextual data) to create user profiles. They should also support children to know how their data are then used, for example, to suggest learning paths or to predict their success (or failure) based on algorithms. Teachers should give students practical and experience-based advice on how to safeguard their personal data and mitigate risks related to safety and privacy in digital environments. Teachers should be able to use different activities and projects to help students learn about the ethics of data use in education, including how data systems can direct learning and impact human rights.
- Data-driven collaboration: Data literacy also enables teachers to collaborate effectively with colleagues by sharing best practices, analysing data collectively, comparing and critically evaluating the credibility and reliability of data from digital environments, and collaborating on interventions to improve learning experiences and foster student achievements. Teachers should be able to present data in meaningful and accessible formats to facilitate student, parent and leadership understanding of classroom activities.
- Environmental impact of data use: Like school leaders, teachers should understand the environmental impact of everyday digital practices that rely on data transfer, which produces carbon emissions from devices, data centres and network infrastructures. In particular, they should understand the energy intensive processes that power digital learning environments which employ AI to operate.
School IT and Cyber Security Officer
The responsibilities and skills of a School IT and Cybersecurity Officer can vary depending on the resources available to the institution and specific requirements of the post. Generally speaking, their responsibilities revolve around maintaining and securing the school’s technology infrastructure, advising staff on how to ensure data privacy and protection, and supporting the efficient use of technology for educational purposes. Some common responsibilities and skills associated with this role include:
- Network and systems administration: Managing the school’s network infrastructure, including servers, routers, switches and wireless access points.
- Security infrastructure management: Implementing and maintaining security measures such as firewalls, intrusion detection systems and antivirus software.
- Data privacy and protection: Ensuring compliance with data protection regulations and establishing protocols to safeguard student and staff information.
- Incident response: Developing and implementing strategies to respond to and mitigate cybersecurity incidents, such as malware infections or data breaches.
- User support and training: Assisting staff and students with technology-related issues, providing training on best practices for online safety and cybersecurity.
- Risk assessment and management: Identifying potential vulnerabilities, conducting risk assessments and implementing appropriate controls to mitigate risks.
- Security awareness programmes: Organizing and conducting initiatives to raise awareness about cybersecurity among staff, students and parents
- Strong knowledge of computer networks, operating systems and network protocols.
- Proficiency in network and system administration, including configuration and troubleshooting.
- Deep understanding of cybersecurity principles, best practices and industry standards, and knowledge of data protection regulations and compliance requirements (e.g. GDPR, COPPA).
- Experience with security tools and technologies such as firewalls, antivirus software, intrusion detection systems and encryption methods.
- Familiarity with risk assessment methodologies, and the ability to identify and prioritize potential risks.
- Excellent problem solving and analytical skills to respond effectively to cybersecurity incidents.
- Effective communication skills to educate and train users on cybersecurity practices and work collaboratively with diverse stakeholders, including administrators, teachers, students and external vendors.
- Continuous learning and keeping up to date with the latest cybersecurity trends and threats.
- According to Article 35(1) of the GDPR, it is the task of the controller, not the DPPO, to carry out, when necessary, a data protection impact assessment. Article 39(1) (c) tasks the DPPO with the duty to “provide advice where requested as regards the [DPIA] and monitor its performance.”
- According to Article 39(1)(d) and (e) of the GDPR, the DPPO should “cooperate with the supervisory authority” and “act as a contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.”
- Article 29 of the Guidelines on Data Protection Officers published by the EDPB notes that understanding of data security in general (not specific to data security on the cloud) is one of the professional qualities that the DPPO should have.
- The micro-level competencies, especially for teachers, students, and school leaders, were predominantly sourced from Vuorikari (2022) DigComp 2.2, The Digital Competence Framework for Citizens and its subsequent analysis by Kivinen et al. (2022), ßDigital Information Literacy Guide.
