
Loading summary
A
You're listening to asbo international's school business insider. I'm your host, john brucato. Each week on School Business Insider, I sit down with school business officials and industry experts from around the world to share their stories and explore the topics that matter most to you. Find out what it means to be a school business official and get your insider pass on all things school business. Hello everyone, and welcome back to School Business Insider. School districts partner with dozens of companies every year to provide services that support students and families. Whether it's technology platforms, transportation providers, food service companies, or school photography, every partnership requires trust and in many cases, access to sensitive student information. Today, I am joined by Ken Murphy, CEO of LifeTouch, to discuss what trust looks like from both the district and the vendor perspectives. We'll explore how organizations can protect student information, why data privacy has become a shared responsibility, and what school leaders should expect from companies that serve their communities. We'll also discuss how innovation artificial intelligence in evolving cybersecurity expectations are changing the way schools evaluate vendor partnerships. Ken, welcome to the podcast. I'm happy to have you today.
B
John, thanks so much for the invite. It's a pleasure to be with you and your listeners.
A
I'm excited to explore just really what you are doing at LifeTouch and how you prioritize student data privacy. So that being said, it's become really one of the largest responsibilities for school districts. It's something that we have to constantly keep our minds on and, and ensure that our systems are robust enough to protect that personally identifiable information. Can you just kind of open this conversation with explaining why has this issue become so important in recent years?
B
Absolutely, John. You know, I think in sort of reflecting on this, I think perhaps the conversation has maybe been mislabeled a bit for the last several years. It's referred to so often as sort of a cybersecurity discussion, and I don't think that's quite right. I think really it's more of a trust discussion. And our view would be that technology is simply where that trust gets tested today. And so, you know, if you, if you think about yourself as a parent dropping off your second grader at school, I don't know that FERPA and the intricate components of that regulation are what's in your mind? What's in your mind is, is my children child going to be safe? Is their data going to be safe? Am I as a parent able to trust what my school is doing? You know, families trust their schools with their children every day, and when a school Chooses a vendor, that vendor then receives a portion of that trust. I guess what I would tell you is that because of that, data protection really is a leadership responsibility, not just an IT responsibility. Parents are much more informed today. Boards are asking better questions today. Districts are using more and more third party partners today. And so that accountability has expanded. And frankly, I think that's healthy. Where trust used to be assumed, today it's examined. And I think that's a really encouraging development, actually.
A
So how do you approach that relationship of trust from your standpoint as a third party? I mean, you know, with LifeTouch, you have access to sensitive data, student photos and things like that. But proving a negative is awfully difficult. So how do you prove that you haven't been compromised or something like that right out of the gate? How do you actually start building the trust with not only the school districts, but with the families as well?
B
Well, maybe to even elevate it beyond LifeTouch. What I would, what I would suggest or offer up is that school business officials should expect proof, not promises. You know, any vendor handling student information should be able to explain what data do they collect, why do they collect it, who can access it, how do they secure it, how long do they keep it, and what happens when the relationship ends. And I would submit that schools and districts should expect strong access controls, clear retention and deletion practices, incident response plans, vendor oversight, employee training, independent validation where appropriate. Those are some of the things that LifeTouch has incorporated into our policies and practices over the last several years. I think maybe for your listeners, the broad takeaway would be to ask for evidence, not adjectives. Does the investment match the rhetoric? And for us, we've spent over $20 million or almost $20 million just in the last six years alone, investing in not just our own controls, but third party audits, things like a SOC 2 type 2, which is a bit of a technical term, but that's something that effectively shows an organization's controls over a long period of time. I think asking for, as I said, asking for evidence, not adjectives and understanding. Does, does, does a, does a third party vendor put their money where their mouth is? For us, it manifests itself in a data privacy team in, in an information security team. It manifests itself in background checks for all of our photographer employees, or all employees for that matter. It manifests itself in a variety of those sorts of things. I would imagine that standard of sort of putting your money where your mouth is is true across services, not just school photography. And I think that's for us. It's one of the advantages that comes with our size and scale, if that makes sense.
A
Yeah. So you've outlined some really important expectations I think school business officials should really be considering. But when it comes down to what is actually happening in the field, what trends are you seeing and how districts are really approaching vendor security today?
B
Well, I think it is. It has become an increased area of consideration when it comes to procurement. I think that that trust and data privacy is now becoming a procurement criterion is a certainly for organizations like ours. But more importantly, it's a win for schools, it's a win for parents, it's a win for children. And so I think again, for districts or school officials to be able to ask for policies to understand the technical side of a vendor's commitment to data privacy and in our case, image protection, but also being able to explain that in plain English for parents and for community members, I think is really, really important.
A
That's great. So I think choosing the right partner is critically important when entering into a potential new relationship with a third party. So what questions should school districts really be asking before entering into any kind of contract with a third party that could potentially be handling some sensitive information?
B
Yeah, it's a great question. And it is that exact framing, John, that's so important. As a third party vendor, you are effectively an extension of, of the trust that a family places in the school. If a school or district chooses their vendors well, then the school gets the credit for it. But if there's a problem, the school owns the headline. And that's a really, I think, important dynamic to appreciate and ultimately should underpin the level of rigor that you're referencing or alluding to in selecting partners. For me, I would encourage school officials to ask five questions. Number one, what data do you need? Number two, why do you need it? Number three, who can access it? Number four, how is it protected? And number five, when is it deleted? Those five questions, I think are really important. I would probably go one level deeper. I would be inclined to ask around. Do you have a privacy agreement? Do you limit the use to authorized services? Do you prohibit the sale or unrelated use of student data? Things like that, that can ultimately, they may not sound like, you know, super sexy privacy descriptors, but they are important and they ultimately, what we're trying to assure here is peace of mind for the school, peace of mind for the families in a way that makes sense. Understanding what a vendor's approach will be if something goes wrong, and understanding what documentation that could be shared with our board or our school community. The point here is not for our school officials necessarily to make procurement harder. I think it's to make trust easier to defend. And that is, I think, just good business for all parties.
A
I wonder too, I mean, you being a nationwide company, you're dealing with many different state and local laws and regulations. One that I'm very familiar with in New York is Education Law 2D, which is relatively new in the last five or six years. How do you approach just those varying expectations, regulations and laws from state to state to ensure that you're delivering a quality product? But you know, maybe not hampering on your deliverables too much just because maybe one state is a little bit more rigorous on their security protocols than others.
B
It's a really good question. And I think navigating the nuances of individual state regulations is an important consideration for third party vendors. I can tell you from LifeTouch's perspective, we think that Ferpa, which certainly your listeners would be quite familiar with, it should shape the relationship from the beginning. It should be something that is not stapled onto the contract at the end. But we sort of view that as a floor that is sort of table stakes, if you will. And our, our general approach is to frankly try to lean into the more rigorous, some might say restrictive, some might say comprehensive state level regulations that are, that are out there. So you're in the New York area going all the way left. Our friends out in California certainly have, through ccpa, some pretty rigorous standards as well. And that is a philosophy, at least at LifeTouch, that we hold ourselves to as a national provider is we do want to look for rigor, we want to try to help shape the conversation and make sure that we can be compliant in all 50 states with the most comprehensive of policies. And so I think from an agreement perspective, you know, certainly, certainly school leaders want to make sure that the service is defined, that the data needed to provide that service is understood, that there are a clear understanding of authorized users and the like. And maybe just to reiterate, I think using something like FERPA really as the floor, not the ceiling, it should establish the foundation. But trust really goes, in our experience and in my experience as a leader, it requires going beyond minimum compliance into transparency, governance, and really operational discipline.
A
That makes sense. I mean, ferpa, I think most listeners are probably familiar with what that is. But what other certifications, policies and security standards really demonstrate that a vendor takes data protection seriously? You had mentioned SOC2 type 2. I'm personally familiar with that. But that probably isn't just standard nomenclature among school business officials.
B
What is that?
A
What are some of the things that school business officials should be looking out for? And is there really just kind of an industry standard that should be just taken very seriously in terms of even considering entering a relationship before that starts?
B
Well, I would tell you, sort of looking over the horizon, I think vendors in our space being able to attest and ultimately receive the third party certification or audit that is associated with SOC 2, I think that is, that is a certification that looks at an organization's commitment to privacy and control over an extended period of time. You know, from a public company perspective. Just to put sort of my business hat on, the value that the common investor might have if they choose to place their money into a publicly traded security is they know that those companies are going to go through public audits. And in the same way for our school officials, I think something like a SOC 2 type 2 allows that it is a public attestation to this, this organization's not only policies and procedures, but their ability to effectuate those over the long run. We at LifeTouch have not only a SoC2 Type 2, which we don't believe is all that common in the industry, we actually have a SoC3 as well. Again, I referenced earlier just the, the, the importance of, of investment matching. The rhetoric, and this is one of the, I would say privileges, but also responsibilities of being the industry's largest is that we have to provide the most rigorous protections available. And there is a narrative, I know it to be true in school photography. I'm sure it's true in other services as well. About local is better and, and, and we want to support the kind of local operator. As someone who employs 8,000 folks who live in local communities, I can appreciate that. But there is value in making sure that really schools can choose the best possible partner, not just the local partner. Schools don't hire teachers just because they live close to the school. Schools don't choose SIS systems just because a local coder can is up to speed and building things. And so I would encourage school officials to really have rigor to look for not just the words, but the evidence and those things. And something like a Soc 2 is a great starting place. If you believe or agree with the notion that FERPA should be the floor, not the ceiling, then you would look for something that is a more comprehensive and demonstrated evidence of that commitment to data privacy.
A
That's great. You've talked to this a little bit already, but I just want to drill down into how districts can really distinguish between vendors that I think make the claims and simply state that security is a priority for them versus those that have really built it into their operations. It sounds like LifeTouch is one of those and the latter, that it's just part of your culture and your business model. But being on the outside looking at potentially entering into a relationship with a vendor, what can school business officials do to kind of bifurcate those two? Someone who's stating security is important versus those who actually walk the walk.
B
Great question, John. I would say at a very high level, a good vendor welcomes difficult questions. The notion that inviting scrutiny into policies and procedures for looking as a school official for where does security show up? Is it a checklist item so that you can get in the door? Or is it part of the cultural commitment that an organization has? Does it show up in the contract? Is it in employee training? Is it in access management? Is it in vendor oversight? Is it independently audited? How does a vendor respond to these sorts of questions? The strongest vendors don't treat privacy as a slide in a sales deck. They build it into their operating disciplines. And my advice would be very simple. Ask for evidence, not adjectives. A vendor that truly takes this seriously is not going to be offended by tough questions. They'll welcome them and they'll lean into them.
A
That's great. And then what's beyond ferpa, again, have talked to this already a little bit, but are there other privacy expectations that districts should be considering? Maybe something that federally mandated, but are there other pieces that privacy and compliance should be coming to the forefront and school business officials should be asking those tough questions of vendors, like you said?
B
Yeah, I think the way I would answer that is that is that understanding and having empathy for parental concern, but knowing that parents shouldn't have to become cybersecurity experts themselves to feel confident Again, I drop one of my many kids off at school. I want to be able to have an overwhelming sense of confidence that my school or my school district has asked the tough questions of the vendors that they invite into the community. I would submit that districts should think more broadly about the trust, the entire trust environment. So that includes student data privacy laws, breach notification requirements, payment security if payments are involved, AI governance, data retention and deletion, sub processor oversight and communication with families. Things that certainly CISOs and IT experts are super focused on. But maybe historically the broader universe of school administration officials maybe weren't. And to go back to an earlier comment, I think security and Privacy is evolving out of the server room and into the boardroom. And that's a good thing because in the light of day and in the light of scrutiny, organizations that can hold up ultimately help provide a sense of confidence. And those that can't, they either get their act together or they move on into another line of work. But this is. Is serious stuff. So for me, I, I would be sort of less interested in whether a vendor simply says we're compliant. I'm interested in whether they can explain their security and privacy program in a way that a superintendent, a board member, or a parent can understand. And those aren't always the same thing.
A
Sure. I want to go back to something you had mentioned prior, where one of your priorities is hiring your employees, your photographers directly, especially those in the community. Has that help establish the trust factor in those communities? Because I'm, you know, they're, they're probably faces that everybody sees every day. So has that helped kind of just allowed you as a vendor to build those trusting relationships maybe a little bit more fully and more quickly than otherwise if you were maybe subcontracting or just, you know, flying people in from, you know, other parts of the country to, you know, snap photos?
B
I think it certainly has. John. The, the. This has been a long standing practice of LifeTouch. We are today certainly the nation's largest by, by, by many measures. But this business started in with sort of one school customer at a time and one community at time. And being able to preserve that communal relationship is really important to us. The LifeTouch position is let the individual communities benefit from some of the investments we've made in national scale vis a vis things like security and privacy and for that matter, pricing and service and our systems to be able to select and retain the best possible members of the community. But, but we also think it's incredibly important to have the local name, the local face. I think for us, you know, a lot of, a lot of, a lot of our competitors or a lot of others in the school photography business may just use contractors. We think it's important that they're employees. We think it's important that they go through not only extensive training, but background screening that happens annually, every year, and on a variety of things. Because ultimately our position is that we really are stewards of the district's trust and that districts and schools are stewards of a parent's trust. And so looking for proof points at whatever moment you can find them, I think, goes a long way.
A
Stretching your school budget is tough, but smarter purchasing can help. That's why schools across the US turn to KPN and peppm. These programs created by an educational service agency in Pennsylvania give you pre bid contracts with nationwide vendor access and ready to use discounts. No extra bids, no extra work, just real savings for schools from schools. Learn more at www.thekpn.org and www.peppm.org. great. Great. So when entering into a relationship, a school district and a vendor is, is entering into just that, a partnership, a relationship, whatever you want to call it, I think there is shared responsibility on both ends. So can you kind of, in broad strokes, I'm sure it's obviously different depending on the individual vendor and school district. But what responsibilities belong to the district and what responsibilities belong to the vendor when it comes to privacy compliance and everything that falls under that?
B
Well, it's a really important question and I don't know that there is a single answer to that. I think in broad terms. My advice to districts is to try to make the invisible visible. And what I mean by that is that parents aren't going to see audits and access controls and encryption or incident response plans. They're going to see a district's decision and ask, can I trust this? Districts build confidence in our experience and observation by doing strong diligence on the front end and then translating that diligence into plain language. What information is collected? Why is it needed? Who can see it? You know, one of the things that our best partnerships, school partnerships, have one dynamic, is where districts or schools will share parents email addresses. And not knowing any better, you might say, well geez, that's a further risk to privacy. Or that represents a potential, you know, am I going to get bombarded with, you know, promotional collateral and the like? The answer is absolutely not. In our case, the reason that we request that is because it ensures that only the right people can see the right images at the right time. It happens to make life easier for the schools as well because we can notify parents of upcoming dates and things like that. But, but without the benefit of using plain language to explain that, that might be difficult for a school to understand or even, even parents. So I think understanding that while parents maybe don't need every technical detail, what they do need is clarity and they need confidence and they need a sense that responsible adults are paying attention to these things.
A
Is that typically met with hesitancy if there's a request from a vendor to share out apparent personal emails? I mean, I think just the knee jerk reaction would be like, well, who am I giving my information out to. I think LifeTouch is a very much a trusted company, but that, you know, maybe a startup or an up and coming company who doesn't have the name recognition could be met with opposition. I mean, is that something you have seen in the industry?
B
Yeah, John, it's a good insight that you make and I think that is maybe to the point I was trying to make earlier of explaining in plain English the rationale or what that is. So understanding the universe of a vendor's approaches and policies maybe makes it easy to understand it. The majority of the schools that we do business with do participate in what we call parent notification, but it's. But they didn't always. I mean maybe it's taken a bit of time to understand that here's what this means and just as importantly, here's what this doesn't mean. It isn't that, you know, we're going to feed this in or sell this to some marketing list. This is a pretty structured set of use cases primarily centered around image authentication or access to see the images, making sure that that's authenticated and that those images aren't out running sort of in the wild. That is a ultimately, I think why we've seen a pretty material increase in the number of schools that choose ultimately to provide that information. It's once they understand it actually makes not only their lives easier but more importantly their, their students data more secure.
A
So we've talked a lot about the preliminary measures that school districts should take in terms of what to look out for when potentially entering into a relationship with a vendor. But how important is it ongoing communication after the contract is signed? Because I think that's just really the start of the relationship. What does that should in your view, what does that look like or what should that look like in terms of ongoing communication between the school and the vendor once all the paperwork is done and actually the work begins?
B
That is such a good question and it is one of the things that for LifeTouch anyways we try to put our money where our mouth is. The notion that just a signing a contract and moving on to the next account, I've got to go close. That's not a philosophical view we have that we don't think that's good business. And so you know, whether it's in school photography or any services that schools might be considering, I think understanding what is the depth of the relationship pre contract signing and post is, is a really important consideration through a variety of different lenses. Certainly from a security perspective, but from Resources that would be made available to the schoolhouse or to the district to continue to answer ongoing questions to make sure that folks are abreast of new policies and new approaches. Things are moving so quickly in the world of AI and technology in general. I think having, in our case we have a national sales team that liaisons with superintendents and district offices on a regularly recurring basis. In two weeks time we're hosting as an example a webinar for chief information officers and security officers and IT folks to talk about that. It's not a life touch facing thing. It's just about these are some trends, these are some changes, these are some, some questions that you might want to make sure that you're asking. And I think the value of partnering with someone who's been doing it for as long as in our case we have or other vendors as well is again you get to see if that's is that lip service or is that culture is an organization committed to having teams that don't have anything to do with signing business, but it's really focused on servicing and supporting and educating and informing. So it's a brilliant question and I think unfortunately sometimes one that gets asked only too late, which is okay, great, I've chosen this new partner, but now I feel alone. Now it feels like a commercial relationship instead of a strategic partnership. And that's really what we try to run our business in the latter, not the former.
A
Yeah, I think you make a good point, I mean to what you said, identifying it when it's too late. There's been many times that I've personally experienced this earlier on in my career and some of my colleagues where you wonder how you got to the point you're at. Because it's just the communication wasn't there and you're maybe a year or two into a contract and it's not what you had expected and it's frustrating and it's just kind of hindsight is 20 20. But I think you make some really good points and insights that you need to really just make sure that communication is there from the jump, not just waiting for something to crop up or an issue to kind of blow up before you start communicating with a vendor or vice versa.
B
Well said, John. And you know, at a pre contract signing stage, it's not a question that a lot of folks maybe would ask or a lot of schools might be inclined to ask, but I would encourage folks to what is, you know, just as you've asked me today, what is your ongoing support? How are you going to handle Issues when they come up, how am I as a school official going to be kept abreast of what's happening in the world around us and that sort of thing? I think asking for, you know, for evidence, not rhetoric, is just generally a pretty good practice for folks out in education.
A
Sure. So you've obviously emphasized the importance that you hold with just trusting relationships with your clients. What role does transparency play in maintaining those trusting relationships?
B
Well, I think it's ultimately just central to any good relationship. And let's step aside for a moment from the universe we're talking about in terms of even schools or relationships with third party vendors. But I think experts the world over would tell you that transparency is central to any productive and sustaining and enduring relationship. And certainly we try to adopt that philosophy in our practice. I think transparency at its root, it's how you prevent a question from becoming a rumor. It doesn't mean that you have to overwhelm families with technical detail, but it means answering the questions that are most likely to present themselves before they have to ask them again. I go back to what data is collected, why is it sold? Is it used for AI training? Who has access? How long is it kept? If districts and vendors can answer those questions clearly, they create trust before it's tested. And that is the overarching benefit in my experience of transparency. It builds trust before it's tested and called into question.
A
So do you have any examples of districts that are really doing this particularly well, whether it's communicating privacy protections or student, how student information is being used to families? Are there any examples that you can glean on that? You're like, you know what, this, this district has been through it, they figured it out. And this is kind of the model in terms of how to communicate and how to message all of these important facets that we've talked about in the last 30 minutes already?
B
Well, we have the, we have the privilege of, of serving, you know, close to 25,000 K through 12 districts and another, almost 20,000 preschools. I think yes is the short answer to your question. We see a lot of examples, particularly in, call it the more recent past, where I think there has been a rising level of awareness and for the increasing importance that this conversation holds. I think the common pattern that I would point to is that the strongest districts don't wait for a problem to communicate. They build privacy and vendor governance into their normal rhythms. They ask tough questions, they document the answers. They involve the right people. So it's the business office, it's technology, it's legal, it's communications. And then they calmly and in a perfect world proactively communicate with families. That's really important. I think the notion that trust is built in ordinary moments, not just during moments of concern, is an important takeaway for districts. I think that's how I would answer that question. Those are the patterns for the districts that seem to be doing it really well. They recognize and appreciate trust being built in the ordinary moments, if you will.
A
Yeah. So not waiting until a crisis to try and damage control. Right. Getting those trusting relationships out of the gate.
B
Yep. And that's a lesson or an opportunity for. For all of us. It's an opportunity for vendors and it's an opportunity for. For schools and districts as well.
A
Sure. So I'm sure we can all agree that technology seems to really be evolving at an exponential rate, especially in the last three to four years. What new considerations should districts really be preparing for when we're considering everything we've talked about from vendor relationships to ferpa, Privacy, compliance and trust?
B
Yeah, it's the million dollar question. I would say probably my counsel to districts would be to prepare for three things. First, I think more AI questions from parents and boards. Secondly, more scrutiny of vendor data practices, especially around retention and reuse and sub processors and the like. And then third, I think just a higher expectation for transparency, which is, you know, a lot of what we've been talking about today. I think the technology is going to keep moving quickly. Captain obvious insight there. But I think fair to say that the leadership challenge is that we have to make sure that governance moves with it. In my view, the winners in K through 12 partnerships are the organizations that combine innovation with verifiable trust. And I think this notion of having innovation and responsibility growing synchronously and in parallel, I think that's where the winners will emerge in whatever way you might define winning in this context.
A
Sure. So let's talk a little bit about artificial intelligence. It just seems to be in on the top of everyone's mind and a part of all conversations. So how is AI really changing conversations around student data and vendor responsibility? I mean, just when I think back to 2023 when ChatGPT really kind of hit the mainstream, it was kind of goofy and seemed kind of cool, but now has just been an exponential evolution to what it is today and just really seems to be utilized from anyone in school districts to just your everyday parent communicating with. With schools. So in, in from your take, where are those conversations headed with student data and, and really the responsibility of Vendors?
B
Yeah, I. I would maybe sound like a broken record, so I apologize in advance. But I. I think in this context, AI changes the tools. It doesn't change the responsibility. And what I mean by that is that vendors and schools still have a responsibility to be very explicit around where things are being used and for what purpose. They have a responsibility. Vendors have that certainly with schools, and I think schools have it with parents. AI is, as you just alluded to, John, it's becoming more and more pervasive in sort of seemingly all walks of life. I think it raises the stakes because it expands what people imagine could happen with data. It doesn't mean that AI is bad. I certainly don't think it is. But it does mean that governance has to be very clear. Student information should only be used for the purposes that a district authorizes. And vendors, I think they have to be explicit about whether that data is used for model training or for analytics or profiling or facial recognition or any secondary purpose. Again, the core principle here is still trust. The tools may be changing, but I think the notion of having a foundation and an ongoing and ever evolving commitment to trust remains unchanged.
A
Sure. So, Ken, if you could give every school business official one piece of advice when evaluating vendors, what would that be for me?
B
Plain and simple. Four words. Follow the data journey. Don't. Don't buy the service until you understand the data journey. Follow the student information from the moment it's collected to the moment it's deleted. Again, ask what's collected, why is it collected, who can access it, where does it live, how's it protected, how long is it retained, and how is it deleted? If a vendor can explain that clearly and prove it with documentation, you're in a much better position as a school administrator. And if they can't, you've got to keep asking. I made the comment earlier, but good vendors invite scrutiny. They welcome the tough questions. And I can speak to that, certainly from LifeTouch's vantage point. We have been for the last several years engineering our approach to not only withstand the tough questions, it's not about that. It's about making sure that we can convey as stewards of trust a peace of mind that is founded not in optimism, but in realism. And that's the reason that the level of investment has to match the level of rhetoric. And so this is not in any way to besmirch smaller providers, but this is really the important stuff. And I think parents are recognizing that and appreciating that. And certainly schools and school boards are, and ultimately the vendors who have the privilege of playing this special role in the school year in whatever that that means, whether it's school photography, otherwise, they have to be willing to invest to be able to honor that commitment.
A
So as we wind down here, what do you see as the future of privacy and security when it comes to K12 partnerships?
B
Well, I'm really excited about it. I think ultimately the future probably belongs to verifiable trust. And to me this is a great opportunity. I think the future belongs to partners that treat privacy as a core part of the service, not just an add on. Districts will not simply ask, you know, can you do the job? They should be asking, can you do the job safely, transparently, in a way that I can explain to my board and my families? And that's a good future. Certainly price will always remain important. Service standards will always remain important. Reliability will always remain important. I know that the jobs of our school administrators are tough. They're balancing so many things and yet it's not an a la carte menu. The future of partnerships are those who can provide that in an all inclusive fashion. Good and equitable pricing, consistent, reliable service, a high degree of execution, a delivery of the service that doesn't come with a lot of headaches in the moment or leading up to the moment. And that's, I think probably been what's most important in the past. What's most important in the future is still delivering those things, but also layering that on with privacy as a core part of the service and as part of the culture. It's a good future. It raises the bar for vendors and it gives districts better ways to protect the trust that families place in our schools. And that's a win all the way around.
A
Great. Well said. Well Ken, thank you so much for joining me today on School Business Insider and sharing all your insights on data protection and privacy. We appreciate it, John.
B
I appreciate the opportunity. It was wonderful to meet you and really appreciate your listeners for tuning in.
A
Thank you for tuning in to School Business Insider. Make sure to check back each week for your favorite topics on school business. Sam.
School Business Insider
Episode: What School Leaders Should Expect from Their Vendors
Host: John Brucato
Guest: Ken Murphy, CEO of LifeTouch
Date: June 2, 2026
In this episode, John Brucato sits down with Ken Murphy, CEO of LifeTouch, to discuss the evolving expectations school leaders should have from their vendors, especially regarding student data privacy, cybersecurity, and trust. The conversation explores best practices for vendor partnerships, how innovation and new technologies like artificial intelligence (AI) are shifting the landscape, and practical advice for balancing compliance, transparency, and community trust.
Data Privacy as a Procurement Criterion:
Questions Schools Should Ask Vendors [07:24]:
Meaning of SOC 2 Type 2 and More [12:10]:
Value of Large-scale Providers:
Top Upcoming Considerations [33:19]:
AI’s Impact:
This episode delivers a thorough and practical guide on what school leaders should expect from their vendors—emphasizing a shift from mere compliance and technical promises to a culture of openness, investment in proof, and shared responsibility for student trust. Ken Murphy offers memorable advice, actionable questions, and a vision for future-ready partnerships in the rapidly evolving landscape of school business and technology.
Listeners come away with a strong blueprint for vetting vendors, understanding modern privacy standards, and positioning their districts for security, community confidence, and innovation.