Code No. 712

Page 1 of 2

TECHNOLOGY AND DATA SECURITY

 

The School District recognizes the increasingly vital role technology plays in society.  It is the intent of the district to support secure data systems in the district, including security for all personally identifiable information (PII) that is stored digitally on district-maintained devices, computers, and networks.  The purpose of this policy is to ensure the secure use and handling of all district data computer systems, devices, and technology equipment by district students, employees, and data users.

The district may use third-party vendors to perform necessary education functions for the district.  Utilizing third party vendors to outsource functions the district would traditionally perform provides a cost-effective means to deliver high quality educational opportunities to all students.  However, it is paramount that third party vendors with access to sensitive data and PII of district students, employees, and data users be h eld to the highest standards of data privacy and security.

The selection of third-party vendors shall be in accordance with appropriate law and policy.  Third-party vendors with access to PII shall meet all qualifications to be designated as a School Official under the Family Educational Rights and Privacy Act (FERPA).  The Superintendent or designee shall recommend to the Board that any approved contract with a third-arty vendor will require that the vendor comply with all applicable state and federal laws, rules, or regulations, regarding the privacy of PII.

It is the responsibility of the Superintendent or designee to develop procedures for the district to enhance the security of data and the learning environment.  The procedures shall address, but not be limited to, the following topics:

Access Control:  Access control governs who may access what information within the district and the way users may access the information.  It is the responsibility of the Superintendent or designee to determine which individuals will have access to district networks, devices, and data; and to what extent such access will be granted.  System and network access will be granted based upon a need-to-have requirement, with the least amount of access to data and programs by the user as possible.

Security Management:  Security management addresses protections and security measures used to protect digital data.  These include measures related to audits and remediation, as well as security plans for responding to, reporting, and remediating security incidents.  It is the responsibility of the superintendent or designee to develop procedures to govern the secure creation, storage, and transmission of any sensitive data and personally identifiable information (PII). The Superintendent or designee shall implement appropriate controls to regulate data moving between trusted internal resources to external entities.

Technology and Data Use Training:  Technology and data use training addresses acceptable use best practices to safeguard data for students, employees, and staff.  It is the responsibility of the Superintendent or designee to help ensure appropriate training on proper data and technology use.  

 

 

Legal Reference:  20 U.S.C. 1232g; 34 C.F.R. Part 99

                             47 U.S.C. 254

                             20 U.S.C. 6777

                             Iowa Code 279.70; 715C

 

Cross Reference:  401.13  Staff Technology Use/Social Networking

                              506.1  Student Records Access

                               605.4  Technology and Instructional Materials

 

Approved:  9/01/21

Reviewed:  7/11/24

Revised: