I was watching the news last night and they broadcast a story about an elementary school burglary where a couple of file servers were stolen. The principal, Kim Roper, said:
We lost two file servers and it was really more damaging to the school that we lost the date than the computers; all of the school information is gone.
All of the work completed by the school staff this summer, including which classes students are going to be in, is gone. The last back-up of the data on the school file servers was done in May.
Of course, anyone who's worked around computers much knows that bad things happen to disks all the time and I'm sure this principal and his staff knew that they should be backing data up more frequently. The fact of the matter is, most people ignore these warnings until its too late. Well managed IT departments don't rely on users to safeguard sensitive or valuable enterprise data---they put policies and systems into place that make sure data is safe.
Utah's schools do not have a CIO. The State CIO is explicitly barred from acting in public and higher education. School districts love their independence and each manages their own IT systems. The elementary school in question is part of the Alpine School district the third largest in the state. Do they have the resources to hire competent IT staff and put systems in place that would prevent this loss? Sure, but other priorities compete for those dollars.
What boggles my mind is that school officials and the legislature will just shake their head at this and say "that's too bad" instead of being outraged that sensitive, private, valuable data is now lost and in unknown hands. We're running a multi-billion dollar enterprise like a mom and pop shop and no one sees the problem with that.
I'll bet there's at least one elementary school that will be more conscientious about back-ups this fall. But they'll be doing it on their own, with little expertise, and no systematic help. Consequently, they'll soon tire of it and be back to business as usual. What's needed are consistent IT policies across public education, an infrastructure that supports their use, and accountability for protecting sensitive, valuable data.
Its only too hard or too expensive if everyone insists on doing it on their own. UEN already has a network connection in every school district and most schools in the State. For very little additional money, they could operate a centrally managed storage array network (SAN) and sensitive and valuable files could be automatically backed up to this repository. Of course, to make this happen, someone would have to be able to set IT policy and enforce compliance for public education and right now the only group that can do that is the legislature.