Education Case Study

IT Department at a Colombian Technical InstituteAccountability for Faculty & Staff Who Handle Student Data

When the director of a Colombian technical institute was asked which faculty member had accessed and copied student grade records, their USB blocklist showed nothing. PrivateDLP's AI screen auditing gave them screenshot evidence — proving who was at the keyboard when grades were accessed from shared faculty workstations.

~250
Faculty & Admin Workstations
Faculty & Staff
Self-Funded Deployment
Data Access Audit
Screenshots When Grades Are Accessed

Executive Summary

A Colombian technical institute — offering 2-year technical degrees in manufacturing, IT, and hospitality — manages student grade records through shared Excel spreadsheets on a shared drive, accessed by faculty and administrative staff from their office workstations. When the director received reports that certain students had received unexpectedly high grades from a specific professor, he asked the IT department: which faculty member accessed and copied that grade record, and when?

The institute's USB blocklist couldn't answer the question. It only showed that a USB device had been plugged in — not that a grade spreadsheet had been opened and copied. The IT department self-funded a PrivateDLP deployment covering ~250 faculty and administrative workstations. The key capability: AI screen auditing that could see when a grade spreadsheet was being accessed — providing screenshot evidence of who was at the keyboard.

AI detects when grade spreadsheets are open and being accessed — regardless of whether a USB device is plugged in
Screenshot evidence links screen activity to specific faculty or staff members on shared workstations
USB write controls still block unauthorized copying, but AI auditing provides the investigation capability USB controls alone cannot
Audit trail for student data access: who opened which spreadsheet, when — meeting LEY 1581 compliance requirements

Client Profile

The client is the IT department of a Colombian technical institute (instituto técnico) — a 2-year post-secondary institution offering technical degrees in manufacturing, IT systems, hospitality, and business administration. Student grade records are stored as Excel spreadsheets on a shared network drive, accessible to faculty members and administrative staff from their office workstations. The institute operates ~250 Windows workstations across faculty offices and administrative departments.

Institution Type

Colombian Technical Institute (Instituto Técnico) — ~2,000 students, ~150 faculty and administrative staff

Deployment Scope

~250 Windows workstations in faculty offices and administrative departments — IT department self-funded

User Base

Faculty members and administrative staff accessing grade spreadsheets from their office workstations

Data at Risk

Student grade records in shared Excel spreadsheets — accessible from faculty and admin workstations

The Challenges

A Colombian technical institute IT department asking: "which faculty member accessed and copied student grades?" — and finding their USB blocklist couldn't answer

When Grades Are Accessed Inappropriately, USB Blocklists Can't Tell You Who

The institute's director received reports that certain students had received unexpectedly favorable grades from a specific professor. He asked the IT department to investigate: which faculty member accessed and copied that grade record? The USB blocklist showed that a USB device had been used on one of the admin computers — but not that a grade spreadsheet had been opened, let alone who was at the keyboard. They needed to know who touched the spreadsheet, not just whether a USB was plugged in.

Faculty Workstations Are Shared — Multiple People, One Computer, No Accountability

In the administrative department, it's common for multiple staff members to share the same workstation — the registrar's office has two administrative assistants who use the same computer for enrollment and grade management. When something goes wrong, there's no way to distinguish who was at the keyboard without additional tooling. The institute needed user-level accountability without restructuring how their office worked.

Colombian LEY 1581 Requires Demonstrating Who Accessed Student Data — And When

Under Colombia's personal data protection law (LEY 1581 de 2012), the institute is responsible for protecting student personal data — including grades. When a student challenges their grade, or when a regulator audits the institution, they need to demonstrate who accessed each student's records and when. Their previous tools couldn't provide this: only a USB blocklist log showing device connections, not actual data access.

The Solution: PrivateDLP

The IT director evaluated PrivateDLP because it could answer the question their USB blocklist couldn't: not just "was a USB device used?" but "was a grade spreadsheet being accessed, and who was at the keyboard?"

AI That Sees Grade Spreadsheets on Screen

Instead of just blocking USB devices, the IT director wrote rules in plain English describing the behavior he cared about: "alert when the grade spreadsheet is open and being saved to an external location" or "alert when the grade file is being printed." The AI understands these rules by analyzing what's actually on the screen — not just device events. This lets them detect unauthorized grade access even when USB isn't involved.

Screenshot Evidence — Who Was at the Keyboard

When the AI detects that a grade spreadsheet is being accessed with suspicious behavior, it captures the screen at that moment and notifies the IT director. On shared faculty and admin workstations, this gives them visual proof of who was at the keyboard — essential for investigations and for demonstrating LEY 1581 compliance when required.

Deployment Details: ~250 Pro licenses deployed across faculty office workstations and administrative terminals. The IT department self-funded the deployment. Existing USB write restrictions were kept in place — PrivateDLP was added specifically to provide the investigation capability they were missing: knowing who was at the keyboard when student data was accessed.

What the Institute Deployed

AI screen auditing layered on top of existing USB controls — giving the IT department investigation capability they never had before

Natural Language Rules — 'Alert When the Grade Spreadsheet Is Being Accessed Improperly'

The IT director needed rules that could detect unauthorized grade access — not just USB device connections. He wrote rules in plain English describing the behavior he wanted to catch. The AI understands these rules by analyzing what's on the screen, not just file operations.

  • Rule example: 'alert when the grade spreadsheet is being saved to a personal USB drive or external location' — the AI recognizes the spreadsheet content, not just file names
  • Rule example: 'alert when the grade spreadsheet is being printed' — useful for catching unauthorized printing of grade records
  • Rule example: 'alert when the grade file is being copied to a personal cloud drive' — detecting exfiltration even without USB involvement
  • No complex regex or configuration — just describe the suspicious behavior in plain language

Screenshot Evidence — Who Was at the Keyboard on Shared Workstations

When the AI detects that a grade spreadsheet is being accessed with suspicious behavior, it captures a screenshot at that moment. On shared faculty and admin workstations, this is the only way to know who was at the keyboard — closing the accountability gap when multiple people use the same machine.

  • Screenshot captured at the exact moment of suspicious activity, showing which spreadsheet was on screen and what action was being taken
  • Evidence includes timestamp and user context — essential for investigating who accessed grades inappropriately
  • Screenshots stored to the institute's own storage or PrivateDLP's secure storage (Pro feature)
  • This closes the accountability gap on shared workstations: multiple staff can use the same computer, but the institute now knows who was at the keyboard when grades were accessed

USB Controls That Complement AI Auditing — Prevention Plus Investigation

The institute already had USB write controls in place. PrivateDLP didn't replace those controls — it added an investigation layer on top. Now when something goes wrong, they can answer who was at the keyboard, not just whether a USB was plugged in.

  • USB write controls remain active for prevention — blocking unauthorized copying of student data to USB drives
  • AI auditing layer added on top — providing investigation capability that USB controls alone cannot deliver
  • The combination means: prevention works automatically, but when something happens, the IT department has screenshot evidence
  • Web console provides unified view of both USB events and AI-detected screen activity

Student Data Access Audit Trail — LEY 1581 Compliance Built In

Under Colombia's personal data protection law, the institute must be able to demonstrate who accessed student records and when. PrivateDLP's audit trail provides this — not just for USB events, but for actual screen activity involving student data.

  • AI-generated audit logs for all screen activity involving sensitive student data — not just device connection events
  • Logs include: which workstation, which user account was logged in, what was on screen, what action triggered the alert
  • Exportable reports for demonstrating LEY 1581 compliance when requested by students or regulators
  • Web console centrally manages all policies and provides unified access to audit logs and alert history across all faculty and admin workstations

Business Results & Impact

From zero accountability on shared faculty workstations to real investigation capability — what the institute gained after deploying PrivateDLP

Metric / ObjectiveBefore DeploymentAfter Deployment
Grade Access Investigation
When the director asked 'who accessed and copied the grade records?', the USB blocklist showed nothing useful — only that a USB device had been usedAI screen auditing provides screenshot evidence of who was at the keyboard when grades were accessed — the institute can now investigate incidents properly
Shared Workstation Accountability
Multiple faculty and administrative staff used shared workstations — no way to distinguish who was at the keyboard when grades were accessedScreenshot evidence links screen activity to the investigation timeline — knowing who was at the keyboard on shared workstations
LEY 1581 Compliance
Could not demonstrate who accessed student records and when — compliance risk when students or regulators request evidenceAI-generated audit logs provide compliance evidence for student data access — exportable reports for regulators
Prevention + Investigation
USB controls provided prevention but no investigation capability — when something happened, they were blindPrevention remains in place (USB write controls), but now when something happens, the IT department has screenshot evidence
Grade Access Investigation
Investigation Ready
Shared Workstation Accountability
User Accountability
LEY 1581 Compliance
Compliance Evidence
Prevention + Investigation
Full Coverage

"When the director asked us which faculty member had accessed and copied student grade records, our USB blocklist couldn't tell him anything. It knew a USB device had been used — but it couldn't tell us that a grade spreadsheet had been opened, let alone who was at the keyboard. What we needed was someone who could see what was on the screen. PrivateDLP gives us that. Now when something happens, we have the screenshot."

— IT Director, Colombian Technical Institute

Technical institutes in Latin America face a common data protection challenge: sensitive student data — grades, enrollment records, personal information — is managed by faculty and administrative staff using simple tools like shared Excel spreadsheets on shared office workstations. There's no sophisticated database with access logs. There's just a file, accessible to anyone with access.

A USB blocklist protects against the obvious route — copying a file to a USB drive. But when the director asks "who accessed the grade records?", a USB blocklist is useless. PrivateDLP's AI screen auditing answers that question. When a grade spreadsheet is being accessed suspiciously, the institute gets the screenshot. ~250 faculty and administrative workstations covered — giving the IT department investigation capability they never had before.