The education sector now outpaces both healthcare and government as a target for data security threats. In one recent year, ransomware attacks on K-12 districts more than doubled — with data stolen from nearly 1,900 schools. NEA
The new Division-Managed AIS laws require Virginia school divisions to sign vendor agreements prohibiting student data from being used to train external AI models. That’s the right requirement. But it assumes the vendor honors the contract and that cloud-based tools can actually be configured to keep data contained.
There’s a harder question nobody in the legislation is asking yet: what if the safest option isn’t a better vendor agreement — it’s keeping the AI local in the first place?
On-premise AI deployment — running AI tools on hardware the school division controls, with data that never leaves the building — is technically available right now. It’s not on most school administrators’ radar. It will be.
Watch this space for solutions to these issues – The PFLA will be one of them