District AUP, Data Transparency & Model Policy Overview

1. District AUP, Data Transparency & Model Policy Overview

2. What is this about? • District Acceptable Use Policies • Student Data Accessibility, Transparency & Accountability Act of 2014 • District Data Policy – Model Policy Overview • Best Practices • Data Transparency • What to Communicate • How to Communicate Data Practices

3. District Acceptable Use Policies • What if any changes have been made in Federal Law • When was the district’s Acceptable Use Policy (AUP) last reviewed • Are there policies in place to have all students and staff sign the plan • What should be included in an AUP • Who should review and approve your District’s AUP

4. Student Data PolicySB1372 (33-133) • Known as “Student Data Accessibility, Transparency and Accountability Act of 2014 • Legislative Intent • Definitions • Actions • Publish data elements • State the reason the data is collected • Review data elements collected at least annually • Develop, publish and make publically available policies

5. Student Data PolicySB1372 (33-133) • Perform compliance audits • Develop criteria for the approval of any research & data requests from state and local agencies, legislators, etc. • Ensure that any contracts require destruction dates and policies • Ensure that any contracts contain specific use restrictions – prohibits secondary uses of student data • Develop a “Model Policy” • Inform/provide awareness training for the districts

6. Student Data PolicySB1372 (33-133) Requirements • Federal reports provided by the state (with the exception of Migrant data) must be reported in the aggregate • Provide notification to students and parents of their rights under the federal and state laws • Protect student data from data breaches • Any person determined to have violated the law and released unauthorized student level data is subject to a civil penalty not to exceed $50,000

7. Model Policy Overview What is the Model Student Data Privacy & Security Policy • Provides a model for school district to use • Required by the Idaho Data Accountability Act • Provides guidance regarding: • Collection of education data • Access to educational data • Security of educational data • Addresses appropriate use of education data to protect student privacy • Provides links to valuable resources

8. Best Practices How to keep your data safe Not the law, but………. • Do not send student level data via email • Password protect files • Do not share passwords • Single Sign-on • Every user has there own login and password • Roles based • Lock your computer

9. Data Transparency • Why is transparency important • Required Privacy Rights Notifications (FERPA and PPPA • FERPA – Family Education Rights and Privacy Act • Annual notification of their rights under FERPA • Disclosure of what the district deems directory information • PPRA – Protection of Pupil Rights Amendment • Applies only to elementary and secondary school • Must develop and adopt certain policies • Annual notification (beginning of school year)

10. What to Communicate • All mandatory notifications • The data you collect • Purpose of the collected data • Data protection methods • Sharing of information with any third party (other than the State Department of Education)

11. How to Communicate Data Practices • Use your website & other forms of communication • Part of a multi-layered approach to communication • Website, newsletters, blog posts, announcements and student/parent handbooks • Post electronic copies of your required FERPA, PPRA and Idaho Data Policy to your website • Link to other resources • Be clear, concise and consistent in messaging • Use plain language whenever possible • Include a glossary with definitions

12. Questions? Joyce Popp jpopp@sde.idaho.gov (208) 332-6970