The deliberations and decisions of school system leaders reflect an understanding of data privacy and security.
The school system has up to date policies and regulations addressing data privacy compliance requirements.
The school system’s policies and regulations set clear expectations for the protection of student data privacy and security, as well as the transparent use of data.
A school system executive leader is identified as the person responsible for development and implementation of data privacy and security policies and practices.
School system leaders provide transparent, updated and accessible communications regarding the collection, management and use of student data to their community.
School system leaders ensure adequate resources are available to meet data privacy and security needs.
The school system has implemented a process for vetting online services for data privacy and security.
The school system regularly educates its employees about the importance of, and expectations for, the use of the established vetting process for online services.
The school system implements contract language and data sharing agreements addressing student data privacy and data security.
The school system ensures that all business processes associated with student data include enforceable data privacy and security requirements.
Data Security Practice
The school system website includes its data privacy and security policies and practices which are updated as-needed, but at least on an annual basis.
The school system data privacy and security procedures includes information about data retention periods for student records, data transmission technical protocols, data at-rest and methods and controls limiting access to electronic data.
The school system has enforceable policies regarding storage of data on local computers, mobile devices, storage devices and cloud file-sharing and storage services.
The school system utilizes a documented, role-based process when granting access rights to educators, staff, and contractors to data and technology systems.
The school system has a process in place to communicate data incidents to appropriate stakeholders, in accordance with state law and school system policies.
The school system has a business continuity and disaster recovery plan which is verified and tested on an established, regular basis.
The school system performs an audit of data privacy and security practices on an established, regular basis.
Professional Development Practice
Privacy and security of student data is embedded into training and professional development in all areas of school operations and academics.
The school system provides employees with up-to-date, easily accessible resources and documented processes, including exemplars and templates that facilitate student data privacy and security.
Parents are offered appropriate awareness training and resources about student data privacy and security.
All staff members participate in annual student data privacy training related to applicable federal and/or state laws.
Teachers implement a curriculum to promote student information literacy, digital citizenship and Internet safety.
Teachers are aware of and regularly use the school system’s established process for vetting and procuring online services.
Teachers model appropriate use and protection of student data for their students.
Teacher communications to parents include clear information about the collection, use and protection of student data.