IT Department at a Colombian Technical InstituteAccountability for Faculty & Staff Who Handle Student Data
When the director of a Colombian technical institute was asked which faculty member had accessed and copied student grade records, their USB blocklist showed nothing. PrivateDLP's AI screen auditing gave them screenshot evidence — proving who was at the keyboard when grades were accessed from shared faculty workstations.
Executive Summary
A Colombian technical institute — offering 2-year technical degrees in manufacturing, IT, and hospitality — manages student grade records through shared Excel spreadsheets on a shared drive, accessed by faculty and administrative staff from their office workstations. When the director received reports that certain students had received unexpectedly high grades from a specific professor, he asked the IT department: which faculty member accessed and copied that grade record, and when?
The institute's USB blocklist couldn't answer the question. It only showed that a USB device had been plugged in — not that a grade spreadsheet had been opened and copied. The IT department self-funded a PrivateDLP deployment covering ~250 faculty and administrative workstations. The key capability: AI screen auditing that could see when a grade spreadsheet was being accessed — providing screenshot evidence of who was at the keyboard.
Client Profile
The client is the IT department of a Colombian technical institute (instituto técnico) — a 2-year post-secondary institution offering technical degrees in manufacturing, IT systems, hospitality, and business administration. Student grade records are stored as Excel spreadsheets on a shared network drive, accessible to faculty members and administrative staff from their office workstations. The institute operates ~250 Windows workstations across faculty offices and administrative departments.
Institution Type
Colombian Technical Institute (Instituto Técnico) — ~2,000 students, ~150 faculty and administrative staff
Deployment Scope
~250 Windows workstations in faculty offices and administrative departments — IT department self-funded
User Base
Faculty members and administrative staff accessing grade spreadsheets from their office workstations
Data at Risk
Student grade records in shared Excel spreadsheets — accessible from faculty and admin workstations
The Challenges
A Colombian technical institute IT department asking: "which faculty member accessed and copied student grades?" — and finding their USB blocklist couldn't answer
When Grades Are Accessed Inappropriately, USB Blocklists Can't Tell You Who
The institute's director received reports that certain students had received unexpectedly favorable grades from a specific professor. He asked the IT department to investigate: which faculty member accessed and copied that grade record? The USB blocklist showed that a USB device had been used on one of the admin computers — but not that a grade spreadsheet had been opened, let alone who was at the keyboard. They needed to know who touched the spreadsheet, not just whether a USB was plugged in.
Faculty Workstations Are Shared — Multiple People, One Computer, No Accountability
In the administrative department, it's common for multiple staff members to share the same workstation — the registrar's office has two administrative assistants who use the same computer for enrollment and grade management. When something goes wrong, there's no way to distinguish who was at the keyboard without additional tooling. The institute needed user-level accountability without restructuring how their office worked.
Colombian LEY 1581 Requires Demonstrating Who Accessed Student Data — And When
Under Colombia's personal data protection law (LEY 1581 de 2012), the institute is responsible for protecting student personal data — including grades. When a student challenges their grade, or when a regulator audits the institution, they need to demonstrate who accessed each student's records and when. Their previous tools couldn't provide this: only a USB blocklist log showing device connections, not actual data access.
The Solution: PrivateDLP
The IT director evaluated PrivateDLP because it could answer the question their USB blocklist couldn't: not just "was a USB device used?" but "was a grade spreadsheet being accessed, and who was at the keyboard?"
AI That Sees Grade Spreadsheets on Screen
Instead of just blocking USB devices, the IT director wrote rules in plain English describing the behavior he cared about: "alert when the grade spreadsheet is open and being saved to an external location" or "alert when the grade file is being printed." The AI understands these rules by analyzing what's actually on the screen — not just device events. This lets them detect unauthorized grade access even when USB isn't involved.
Screenshot Evidence — Who Was at the Keyboard
When the AI detects that a grade spreadsheet is being accessed with suspicious behavior, it captures the screen at that moment and notifies the IT director. On shared faculty and admin workstations, this gives them visual proof of who was at the keyboard — essential for investigations and for demonstrating LEY 1581 compliance when required.
Deployment Details: ~250 Pro licenses deployed across faculty office workstations and administrative terminals. The IT department self-funded the deployment. Existing USB write restrictions were kept in place — PrivateDLP was added specifically to provide the investigation capability they were missing: knowing who was at the keyboard when student data was accessed.
What the Institute Deployed
AI screen auditing layered on top of existing USB controls — giving the IT department investigation capability they never had before
Natural Language Rules — 'Alert When the Grade Spreadsheet Is Being Accessed Improperly'
The IT director needed rules that could detect unauthorized grade access — not just USB device connections. He wrote rules in plain English describing the behavior he wanted to catch. The AI understands these rules by analyzing what's on the screen, not just file operations.
- Rule example: 'alert when the grade spreadsheet is being saved to a personal USB drive or external location' — the AI recognizes the spreadsheet content, not just file names
- Rule example: 'alert when the grade spreadsheet is being printed' — useful for catching unauthorized printing of grade records
- Rule example: 'alert when the grade file is being copied to a personal cloud drive' — detecting exfiltration even without USB involvement
- No complex regex or configuration — just describe the suspicious behavior in plain language
Screenshot Evidence — Who Was at the Keyboard on Shared Workstations
When the AI detects that a grade spreadsheet is being accessed with suspicious behavior, it captures a screenshot at that moment. On shared faculty and admin workstations, this is the only way to know who was at the keyboard — closing the accountability gap when multiple people use the same machine.
- Screenshot captured at the exact moment of suspicious activity, showing which spreadsheet was on screen and what action was being taken
- Evidence includes timestamp and user context — essential for investigating who accessed grades inappropriately
- Screenshots stored to the institute's own storage or PrivateDLP's secure storage (Pro feature)
- This closes the accountability gap on shared workstations: multiple staff can use the same computer, but the institute now knows who was at the keyboard when grades were accessed
USB Controls That Complement AI Auditing — Prevention Plus Investigation
The institute already had USB write controls in place. PrivateDLP didn't replace those controls — it added an investigation layer on top. Now when something goes wrong, they can answer who was at the keyboard, not just whether a USB was plugged in.
- USB write controls remain active for prevention — blocking unauthorized copying of student data to USB drives
- AI auditing layer added on top — providing investigation capability that USB controls alone cannot deliver
- The combination means: prevention works automatically, but when something happens, the IT department has screenshot evidence
- Web console provides unified view of both USB events and AI-detected screen activity
Student Data Access Audit Trail — LEY 1581 Compliance Built In
Under Colombia's personal data protection law, the institute must be able to demonstrate who accessed student records and when. PrivateDLP's audit trail provides this — not just for USB events, but for actual screen activity involving student data.
- AI-generated audit logs for all screen activity involving sensitive student data — not just device connection events
- Logs include: which workstation, which user account was logged in, what was on screen, what action triggered the alert
- Exportable reports for demonstrating LEY 1581 compliance when requested by students or regulators
- Web console centrally manages all policies and provides unified access to audit logs and alert history across all faculty and admin workstations
Business Results & Impact
From zero accountability on shared faculty workstations to real investigation capability — what the institute gained after deploying PrivateDLP
| Metric / Objective | Before Deployment | After Deployment |
|---|---|---|
Grade Access Investigation | When the director asked 'who accessed and copied the grade records?', the USB blocklist showed nothing useful — only that a USB device had been used | AI screen auditing provides screenshot evidence of who was at the keyboard when grades were accessed — the institute can now investigate incidents properly |
Shared Workstation Accountability | Multiple faculty and administrative staff used shared workstations — no way to distinguish who was at the keyboard when grades were accessed | Screenshot evidence links screen activity to the investigation timeline — knowing who was at the keyboard on shared workstations |
LEY 1581 Compliance | Could not demonstrate who accessed student records and when — compliance risk when students or regulators request evidence | AI-generated audit logs provide compliance evidence for student data access — exportable reports for regulators |
Prevention + Investigation | USB controls provided prevention but no investigation capability — when something happened, they were blind | Prevention remains in place (USB write controls), but now when something happens, the IT department has screenshot evidence |
"When the director asked us which faculty member had accessed and copied student grade records, our USB blocklist couldn't tell him anything. It knew a USB device had been used — but it couldn't tell us that a grade spreadsheet had been opened, let alone who was at the keyboard. What we needed was someone who could see what was on the screen. PrivateDLP gives us that. Now when something happens, we have the screenshot."
— IT Director, Colombian Technical Institute
Technical institutes in Latin America face a common data protection challenge: sensitive student data — grades, enrollment records, personal information — is managed by faculty and administrative staff using simple tools like shared Excel spreadsheets on shared office workstations. There's no sophisticated database with access logs. There's just a file, accessible to anyone with access.
A USB blocklist protects against the obvious route — copying a file to a USB drive. But when the director asks "who accessed the grade records?", a USB blocklist is useless. PrivateDLP's AI screen auditing answers that question. When a grade spreadsheet is being accessed suspiciously, the institute gets the screenshot. ~250 faculty and administrative workstations covered — giving the IT department investigation capability they never had before.