Skip Navigation
Monday, 07 November 2022 10:51

Select Health News

Written by

Seven Tips to Keep Healthcare Costs Low 11024 1

Tellica Flyer 20221024 1

Tuesday, 19 July 2022 14:28

DELL Education Purchase Program

Written by

Students using Dell ComputersWe are excited to announce our participation in Dell’s Education Purchase Program (EPP)!
EPP is a discount program that allows all employees, students, and friends to receive member
only pricing on all personal purchases from Dell. Dell has created a dedicated website that we
can shop 24/7. www.Dell.com/mpp/WeberSchools. Program discounts are automatically applied
at checkout.

  • Exclusive monthly offers & best price guarantee on consumer PCs from Dell
  • Free enrollment in Dell Rewards: 3% back + free expedited shipping
  • Executive Sales Team available to assist with all consumer-grade + personal purchases
  • Electronics and Accessories 10% coupon available on home page of program website

Dedicated URL

  • Your URL (link to your store): www.Dell.com/mpp/WeberSchools
  • Member ID (Required ONLY when calling in): GS141668398
  • Account Manager:

A Product Line Over 40K Strong

  • Up to 30% off Dell PCs, Electronics, and Accessories
  • Exclusive monthly offers (e.g., doorbusters, pre-sales, and more)
  • Best Price Guarantee on Consumer PCs from Dell
  • A dedicated team/point of contact—Direct Phone # and Email (Your own Dell team in Round Rock, TX)
  • Free Delivery and Easy Returns
  • Free enrollment in Dell Advantage Loyalty Program (offers-up to 3% Dell cash-back for future savings)
  • Bring Your Own Device and Student Laptop Program Support
  • eSports Lab Support

Premier Service and Support

  • Premium Support
  • Dedicated account team for all K12 community members
  • Unique Payment Solutions
  • Personal Financing with Dell Preferred Account
  • Gift Cards
  • Major Credit Cards
  • Purchase direct – online, email, or by phone

Have questions, need a technology consult, or custom quote?
Email me or Call my team at 1-888-693-9448.

**Available to employees, staff, students, parents, and friends & family**
(For all: Govt., K12 & Higher Edu., Medical, Community Services, and Non-Profits.)

Thursday, 26 May 2022 14:02

Account Retention Information

Written by

As of October 1, 2022, retiree WSD accounts will be terminated. This includes Employee Online. 

What does this mean?

You will no longer be able to access information housed in Employee Online (paycheck stubs, W-2’s,etc.) If you need to access information from Employee Online after October 1, 2022, contact Human Resources at 801-476-7886.

Will I have access to my WSD email account or information on Google Drive?

If you are not actively working for WSD, your WSD email account and Google Drive will no longer be available. Please provide the district with a personal email address by September 30, 2022, in order continue receiving communication regarding your health insurance benefits.  

How do I provide the district with a personal email address?

  1. Log into Employee Online
  2. Click “Menu” (top left hand corner)
  3. Click “Personal Information”
  4. Click “Personal Information” under Employee column
  5. In the Personal Email Box- type your personal email address

How do I move documents or information saved from my email and Google Drive?

While you may be leaving, your files stay here, but there is a way to take them with you! You can download or transfer your emails, files, notes, and more with Google Takeout. Follow along with Ryan in the video below:

 

 

Protection of Pupil Rights Amendment (PPRA) and UT FERPA Policy

Policy Statement

Weber School District shall ensure that parental involvement occurs in cases where information collected from a student would generally raise privacy concerns in accordance with 20 USC 1232h and UCA 53E-9-203.

Procedures

  1. Third party surveys. 
    1. Before the administration or distribution of any survey created by a third party, Weber School District shall provide notice to parents and the opportunity to inspect the survey within a reasonable time of receiving the request. 
  2. Collection of sensitive information. 
    1. Restrictions on collecting sensitive information. Written parental consent shall be required before students are administered a psychological or psychiatric examination, test, or treatment, or any survey, analysis, or evaluation in which the evident intended effect is to cause the student to reveal information concerning one or more of the following sensitive areas about the student or any family member: 
  • Political affiliations or beliefs or, except as provided under UCA 53G-10-202 or rules of the state board, political philosophies; 
  • Mental or psychological problems; 
  • Sex behavior, orientation, or attitudes; 
  • Illegal, anti-social, self-incriminating, or demeaning behavior; 
  • Critical appraisals of others with whom the student or family member has close family relationships;
  • Legally recognized privileged relationships, such as with lawyers, medical personnel, or ministers; 
  • Religious practices, affiliations, or beliefs of the student or student’s parent; or 
  • Income, other than as required by law to determine program eligibility.
  1. Scope of written consent requirement. Prior written consent shall be required:
  • in all grades, kindergarten through grade 12;
  • within the curriculum and other school activities; and
  • whether the information collected is personally identifiable or not.
  1. Validity of written consent. The following procedures dictate the validity of written consent:
  • Written consent shall be considered valid only if notice was given in accordance with the notification requirements of this policy; 
  • The authorization shall only be valid for the activity for which it was granted;
  • A written withdrawal of authorization submitted to the school principal by the authorizing parent terminates the authorization;
  • A general consent used to approve admission to school or involvement in special education, remedial education, or a school activity does not constitute written consent under this section.
  1. Exceptions. Prior written consent shall not be required:
  • as part of a suicide prevention program as described in UCA 53G-9-702 where the parent has received notification and the ability to opt out of the process in accordance with the notification section of this policy; or 
  • if there is a reasonable belief that there is an emergency, child abuse, neglect, or a serious threat to the wellbeing of the student in accordance with the Emergency Situations section of this policy.
  1. Data disclosure Sensitive information collected under this policy may be shared in accordance with the Family Educational Rights and Privacy Act (FERPA), 20 USC 1232g, and UCA 53E-9-308.
  2. Data storage restriction. Sensitive information collected from a survey may not be stored in a student’s Student Achievement Backpack as defined in UCA 53E-3-511.
  3. Expressions of belief. This policy does not limit the ability of a student to, under UCA 53G-10-203, spontaneously express sentiments or opinions otherwise protected against disclosure under this policy.
  4. Inspection of instructional materials. 

Weber School District shall provide notice and an opportunity to a parent to inspect any instructional content that is provided to a student, regardless of its format, including printed or representational materials, audio-visual materials, and materials in electronic or digital formats (such as materials accessible through the Internet) used as part of the educational curriculum for the student. 

  1. Exclusion for academic tests or academic assessments. The opportunity to inspect instructional materials shall not extend to academic tests or academic assessments.
  1. Nonemergency, invasive physical examinations. 

Weber School District shall provide notification to parents and the opportunity to opt out of nonemergency, invasive physical examination that is:

  • Required as a condition of attendance;
  • Administered by the school and scheduled in advance; and
  • Not necessary to protect the immediate health and safety of the student, or of other students. 
  1. Definition. The term “invasive physical examination” means any medical examination that involves the exposure of private body parts, or any act during such examination that includes incision, insertion, or injection into the body, but does not include a hearing, vision, or scoliosis screening.
  2. Exception. This policy does not apply to any physical examination or screening that is permitted or required by an applicable Utah law, including physical examinations or screenings that are permitted without parental notification.
  1. Marketing surveys. 

Weber School District shall provide notice of and an opportunity to opt out of activities involving collection, disclosure, or use of personal information collected from students for marketing or to sell or otherwise distribute the information to others. 

  1. Exceptions. The requirement to provide notice and the opportunity to opt out does not apply to the collection, disclosure, or use of personal information collected from students for the exclusive purpose of developing, evaluating, or providing educational products or services for, or to, students or educational institutions, such as the following:
  • College or other postsecondary education recruitment, or military recruitment.
  • Book clubs, magazines, and programs providing access to low-cost literary products.
  • Curriculum and instructional materials used by elementary schools and secondary schools.
  • Tests and assessments used by elementary schools and secondary schools to provide cognitive, evaluative, diagnostic, clinical, aptitude, or achievement information about students (or to generate other statistically useful data for the purpose of securing such tests and assessments) and the subsequent analysis and public release of the aggregate data from such tests and assessments.
  • The sale by students of products or services to raise funds for school-related or education-related activities.
  • Student recognition programs.

Weber School District shall provide notification to parents of this policy as follows:

  1. Required notifications. Weber School District shall provide the following notifications:
  1. notification at the beginning of each school year regarding this policy and within a reasonable period of time after any substantive changes to this policy;
  2. notification at the beginning of each school year of any planned third-party surveys;
  3. direct notification annually at the beginning of the school year by postal mail, hand, or email, including the specific or approximate dates, of any 
  • marketing survey; or 
  • nonemergency, invasive physical examination;
  1. direct notification by postal mail, hand, or email, including the specific or approximate dates, annually at the beginning of the school year and at least two weeks prior to the administration of any collection of sensitive information. This notice shall also include:
  • an internet address where the parent can view the exact survey to be administered to the parent’s student, and a notice that a copy of the survey questions will also be made available at the school. 
  • notice that a parent has a reasonable opportunity to obtain in writing the following information concerning the survey:
  • records or information, including information about relationships, that may be examined or requested;
  • the means by which the records or information shall be examined or reviewed;
  • the means by which the information is to be obtained;
  • the purposes for which the records or information are needed;
  • the entities or persons, regardless of affiliation, who will have access to the personally identifiable information; and
  • a method by which a parent of a student can grant permission to access or examine the personally identifiable information
  1. Waiver of two-week’s notice requirement. The two-week’s notice requirement for a collection of sensitive information may be waived in the following circumstances:
  • In response to a situation which a school employee reasonably believes to be an emergency, or as authorized under UCA 62A-4a-4, Child Abuse or Neglect Reporting Requirements;
  • By order of a court; or
  • After receiving notice of a collection of sensitive information protected by this policy, a parent may waive the two-week’s notice requirement.  

Weber School District shall provide training for teachers and administrators on the implementation of this policy.

  1. Emergency situations. 

If a school employee, agent, or school resource officer believes a student is at-risk of attempting suicide, physical self-harm, or harming others, the school employee, agent, or school resource officer may intervene and ask a student questions regarding the student's suicidal thoughts, physically self-harming behavior, or thoughts of harming others for the purposes of:

  • Referring the student to the appropriate prevention services; and
  • Informing the student’s parent without delay.
  1. Exception to notifying parents of an emergency situation. If the matter has been reported to the Division of Child and Family Services within the Department of Human Services, it is the responsibility of the division to notify the student's parent of any possible investigation, prior to the student's return home from school.
  2. Minimum degree of intervention. School employees, agents, or school resource officers shall use the minimum degree of intervention to accomplish the goals of this policy.
  1. Students who have turned 18 and emancipated minors. 

The rights to notification and opt out shall transfer to the student when the student turns 18 years old or is an emancipated minor. 

  1. Exception. The notification shall be given to and written consent required from the parent in all grades, kindergarten through 12, regardless of the student’s age, before a collection of sensitive information shall be administered.

 

 

update 9/13/2021

Wednesday, 11 September 2019 10:09

Student Data Collection Notice

Written by

STUDENT DATA COLLECTION NOTICE

Necessary Student Data

Necessary student data means data required by state statute or federal law to conduct the regular activities of the school.

  • Student Name, Date of birth, and Sex
  • Parent and student contact information and Custodial parent information
  • A student identification number (including the student’s school ID number and the state-assigned student identifier, or SSID)
  • Local, state, and national assessment results or an exception from taking a local, state, or national assessment (click here for more information on assessments)
  • Courses taken and completed, credits earned, and other transcript information
  • Course grades and grade point average
  • Grade level and expected graduation date or graduation cohort
  • Degree, diploma, credential attainment, and other school information
  • Attendance and mobility
  • Drop-out data
  • Immunization record or an exception from an immunization record
  • Race, Ethnicity, or Tribal affiliation
  • Remediation efforts
  • An exception from a vision screening required under Section 53G-9-404 or information collected from a vision screening described in Utah Code Section 53G-9-404
  • Information related to the Utah Registry of Autism and Development Disabilities (URADD), described in Utah Code Section 26-7-4
  • Student injury information
  • A disciplinary record created and maintained as described in Utah Code Section 53E-9-306
  • Juvenile delinquency records
  • English language learner status
  • Child find and special education evaluation data related to initiation of an IEP

Optional Student Data

We may only collect optional student data with written consent from the student’s parent or from a student who has turned 18.

  • Information related to an IEP or needed to provide special needs services
  • Biometric information used to identify the student
  • Information required for a student to participate in an optional federal or state program (e.g., information related to applying for free or reduced lunch)

Certain sensitive information on students collected via a psychological or psychiatric examination, test, or treatment, or any survey, analysis, or evaluation will only be collected with parental consent. You will receive a separate consent form in these cases. See our Protection of Pupil Rights Act (PPRA) notice for more information.

Prohibited Collections

We will not collect a student’s social security number or criminal record, except as required by Utah Code Section 78A-6-112(3).

Data Sharing

We will only share student data in accordance with the Family Educational Rights and Privacy Act (FERPA), which generally requires written parental consent before sharing student data. FERPA includes several exceptions to this rule, where we may share student data without parental consent. For more information on third parties receiving student information from us, see our Metadata Dictionary.

Student data will be shared with the Utah State Board of Education via the Utah Transcript and Records Exchange (UTREx). For more information about UTREx and how it is used, please visit the Utah State Board of Education’s Information Technology website.

Benefits, Risks, and Parent Choices

The collection, use, and sharing of student data has both benefits and risks. Parents and students should learn about these benefits and risks and make choices regarding student data accordingly. Parents are given the following choices regarding student data:

  • Choice to request to review education records of their children and request an explanation or interpretation of the records (see our annual FERPA notice for more information)
  • Choice to contest the accuracy of certain records (see our annual FERPA notice for more information), potentially leading to the correction, expungement, or deletion of the record
  • Choice to opt into certain data collections (see the section above on optional data collections)
  • Choice to opt out of certain data exchanges
    • Information that has been classified as directory information (see our directory information notice for more information)
    • Parents of students with an IEP may have their information shared with the Utah Registry of Autism and Developmental Disabilities (URADD). If included in this data exchange, parents will receive a separate notice within 30 days of the exchange, informing them of their right to opt out, per Utah Code Section 53E-9-308(6)(b)
  • Choice to file a complaint if you believe the school or its agents are violating your rights under FERPA or Utah’s Student Data Protection Act. If you have a complaint or concern, we recommend starting locally and then escalating to the state and US Department of Education

Your local school district or charter school

Tanya Miller

The Utah State Board of Education

Report your concern with the USBE hotline

The US Department of Education

Report your concern here

Storage and Security

In accordance with Board Rule R277-487-3(14), we have adopted a cybersecurity framework called the CIS Controls.  

 

 

updated 9/13/2021

Directory information

 

The Family Educational Rights and Privacy Act (FERPA), a Federal law, requires that Weber School District, with certain exceptions, obtain your written consent prior to the disclosure of personally identifiable information from your child’s education records.  However, Weber School District may disclose appropriately designated “directory information” without written consent, unless you have advised the Weber School District to the contrary in accordance with Weber School District procedures.  



Purpose of directory information

 

The primary purpose of directory information is to allow the Weber School District to include information from your child’s education records in certain school publications.  Examples include:

 

  • A playbill, showing your student’s role in a drama production;
  • The annual yearbook;
  • Honor roll or other recognition lists;
  • Graduation programs; and
  • Sports activity sheets, such as for wrestling, showing the weight and height of team members.

 

Directory information, which is information that is generally not considered harmful or an invasion of privacy if released, can also be disclosed to outside organizations without a parent’s prior written consent.  Outside organizations include, but are not limited to, companies that manufacture class rings or publish yearbooks.  



Military recruiters and institutions of higher education

 

In addition, two federal laws require local educational agencies (LEAs) receiving assistance under the Elementary and Secondary Education Act of 1965, as amended (ESEA) to provide military recruiters or institutions of higher education, upon request, with the following information – names, addresses and telephone listings – unless parents have advised the LEA that they do not want their student’s information disclosed without their prior written consent.  [Note:  These laws are Section 9528 of the ESEA (20 U.S.C. § 7908) and 10 U.S.C. § 503(c).]  



Opting out

 

If you do not want Weber School District to disclose any or all of the types of information designated below as directory information from your child’s education records without your prior written consent, you must notify the Weber School District in writing by the last day of September.  



What information is designated directory information?

 

Weber School District has designated the following information as directory information:

  • Student's name
  • Address
  • Telephone listing
  • Electronic mail address
  • Photograph
  • Date and place of birth
  • Major field of study
  • Dates of attendance
  • Grade level
  • Participation in officially recognized activities and sports
  • Weight and height of members of athletic teams
  • Degrees, honors, and awards received
  • The most recent educational agency or institution attended
  • Student ID number, user ID, or other unique personal identifier used to communicate in electronic systems but only if the identifier cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user’s identity, such as a PIN, password, or other factor known or possessed only by the authorized user
  • A student ID number or other unique personal identifier that is displayed on a student ID badge, but only if the identifier cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user's identity, such as a PIN, password, or other factor known or possessed only by the authorized user.  

 

 

updated 9/07/2022

Wednesday, 11 September 2019 08:58

Notification of Rights under FERPA for Schools

Written by

The Family Educational Rights and Privacy Act (FERPA) affords parents and students who are 18 years of age or older ("eligible students") certain rights with respect to the student's education records.  These rights are:

  1. The right to inspect and review the student's education records within 45 days after the day the Weber School District (“WSD”) receives a request for access.

Parents or eligible students who wish to inspect their child’s or their education records should submit to the school principal a written request that identifies the records they wish to inspect.  The school official will make arrangements for access and notify the parent or eligible student of the time and place where the records may be inspected.

  1. The right to request the amendment of the student’s education records that the parent or eligible student believes are inaccurate, misleading, or otherwise in violation of the student’s privacy rights under FERPA.

Parents or eligible students who wish to ask WSD to amend their child’s or their education record should write the school principal, clearly identify the part of the record they want changed, and specify why it should be changed.  If the school decides not to amend the record as requested by the parent or eligible student, the school will notify the parent or eligible student of the decision and of their right to a hearing regarding the request for amendment.  Additional information regarding the hearing procedures will be provided to the parent or eligible student when notified of the right to a hearing.

  1. The right to provide written consent before the school discloses personally identifiable information (PII) from the student's education records, except to the extent that FERPA authorizes disclosure without consent.

One exception, which permits disclosure without consent, is disclosure to school officials with legitimate educational interests.  The criteria for determining who constitutes a school official and what constitutes a legitimate educational interest must be set forth in the school’s or school district’s annual notification for FERPA rights.  A school official typically includes a person employed by the school or school district as an administrator, supervisor, instructor, or support staff member (including health or medical staff and law enforcement unit personnel) or a person serving on the school board.  A school official also may include a volunteer,  contractor, or consultant who, while not employed by the school, performs an institutional service or function for which the school would otherwise use its own employees and who is under the direct control of the school with respect to the use and maintenance of PII from education records, such as an attorney, auditor, medical consultant, or therapist; a parent or student volunteering to serve on an official committee, such as a disciplinary or grievance committee; or a parent, student, or other volunteer assisting another school official in performing his or her tasks.  A school official typically has a legitimate educational interest if the official needs to review an education record in order to fulfill his or her professional responsibility.

Upon request, the school discloses education records without consent to officials of another school or school district in which a student seeks or intends to enroll, or is already enrolled if the disclosure is for purposes of the student’s enrollment or transfer. 

  1. The right to file a complaint with the U.S. Department of Education concerning alleged failures by WSD to comply with the requirements of FERPA. The name and address of the Office that administers FERPA are:

Student Privacy Policy Office

U.S. Department of Education

400 Maryland Avenue, SW

Washington, DC  20202

 

See the list below of the disclosures that elementary and secondary schools may make without consent.

FERPA permits the disclosure of PII from students’ education records without the consent of the parent or eligible student if the disclosure meets certain conditions found in § 99.31 of the FERPA regulations.  Except for disclosures to school officials, disclosures related to some judicial orders or lawfully issued subpoenas, disclosures of directory information, and disclosures to the parent or eligible student, § 99.32 of the FERPA regulations requires the school to record the disclosure.  Parents and eligible students have a right to inspect and review the record of disclosures.  A school may disclose PII from the education records of a student without obtaining prior written consent of the parents or the eligible student –

  • To other school officials, including teachers, within the educational agency or institution whom the school has determined to have legitimate educational interests. This includes contractors, consultants, volunteers, or other parties to whom the school has outsourced institutional services or functions, provided that the conditions listed in § 99.31(a)(1)(i)(B)(1) - (a)(1)(i)(B)(3) are met. (§ 99.31(a)(1))
  • To officials of another school, school system, or institution of postsecondary education where the student seeks or intends to enroll, or where the student is already enrolled if the disclosure is for purposes related to the student’s enrollment or transfer, subject to the requirements of § 99.34. (§ 99.31(a)(2))
  • To authorized representatives of the U. S. Comptroller General, the U. S. Attorney General, the U.S. Secretary of Education, or State and local educational authorities, such as the State educational agency (SEA) in the parent or eligible student’s State. Disclosures under this provision may be made, subject to the requirements of § 99.35, in connection with an audit or evaluation of Federal- or State-supported education programs, or for the enforcement of or compliance with Federal legal requirements that relate to those programs. These entities may make further disclosures of PII to outside entities that are designated by them as their authorized representatives to conduct any audit, evaluation, or enforcement or compliance activity on their behalf, if applicable requirements are met.  (§§ 99.31(a)(3) and 99.35)
  • In connection with financial aid for which the student has applied or which the student has received, if the information is necessary for such purposes as to determine eligibility for the aid, determine the amount of the aid, determine the conditions of the aid, or enforce the terms and conditions of the aid. (§ 99.31(a)(4))
  • To State and local officials or authorities to whom information is specifically allowed to be reported or disclosed by a State statute that concerns the juvenile justice system and the system’s ability to effectively serve, prior to adjudication, the student whose records were released, subject to § 99.38. (§ 99.31(a)(5))
  • To organizations conducting studies for, or on behalf of, the school, in order to: (a) develop, validate, or administer predictive tests; (b)  administer student aid programs; or (c)  improve instruction, if applicable requirements are met.  (§ 99.31(a)(6))
  • To accrediting organizations to carry out their accrediting functions. (§ 99.31(a)(7))
  • To parents of an eligible student if the student is a dependent for IRS tax purposes. (§ 99.31(a)(8))
  • To comply with a judicial order or lawfully issued subpoena if applicable requirements are met. (§ 99.31(a)(9))
  • To appropriate officials in connection with a health or safety emergency, subject to § 99.36. (§ 99.31(a)(10))
  • Information the school has designated as “directory information” if applicable requirements under § 99.37 are met. (§ 99.31(a)(11))
  • To an agency caseworker or other representative of a State or local child welfare agency or tribal organization who is authorized to access a student’s case plan when such agency or organization is legally responsible, in accordance with State or tribal law, for the care and protection of the student in foster care placement. (20 U.S.C. § 1232g(b)(1)(L))
  • To the Secretary of Agriculture or authorized representatives of the Food and Nutrition Service for purposes of conducting program monitoring, evaluations, and performance measurements of programs authorized under the Richard B. Russell National School Lunch Act or the Child Nutrition Act of 1966, under certain conditions. (20 U.S.C. § 1232g(b)(1)(K))

 

(Updated 9/6/2022)

Friday, 22 February 2019 12:28

No Blog / Moved Blog

Written by

Thanks for letting us no you do not need our help to complete this task.  If you have any other concerns not related to blogs feel free to create a ticket today so one of our Technical Services employees can assist you.

 

help ticket

 

 

 

Tuesday, 19 February 2019 10:18

Blog Move Training

Written by

We realize that this puts some undue stress on those of you that have used blogs regularly. Rest assured, we have trained EdTech coaches in your buildings on viable replacements for your blogs and they are ready and willing to help you migrate content over to those options. Please understand that after March 15th, whatever content you have on those blogs will no longer be available, so please begin migrating content as soon as possible.

We anticipate that some of you might be wondering if blogs will be coming back at some point. The answer to that is no. Again, we have some viable alternatives that we think will take blogs’ place and will work better. For example, some teachers used blogs as a way to have an online calendar with daily updates. Both Canvas and Google Classroom have this ability built in and is more streamlined to send out announcement to students and parents--again, great alternatives to blogs.

Additionally, we encourage you to please subscribe to our new Training Channel on YouTube. We have uploaded a couple applicable videos that can help as you migrate your content and we will be uploading training videos frequently going forward.

 

Monday, 13 November 2017 10:26

Data Governance Plan

Written by

LEA Data Governance Plan

1. Governing Principles

Weber School District (referred to as the LEA throughout) takes its responsibility toward student data seriously. This governance plan incorporates the following Generally Accepted Information Principles (GAIP):

  • Risk: There is risk associated with data and content. The risk must be formally recognized, either as a liability or through incurring costs to manage and reduce the inherent risk.
  • Due Diligence: If a risk is known, it must be reported. If a risk is possible, it must be confirmed.
  • Audit: The accuracy of data and content is subject to periodic audit by an independent body.
  • Accountability: An organization must identify parties which are ultimately responsible for data and content assets.
  • Liability: The risks in information means there is a financial liability inherent in all data or content that is based on regulatory and ethical misuse or mismanagement.

2. Data Maintenance and Protection Policy

The LEA recognizes that there is risk and liability in maintaining student data and other education-related data and will incorporate reasonable data industry best practices to mitigate this risk.

2.1 Process

In accordance with R277-487, the LEA shall do the following:

  • Designate an individual as an Information Security Officer
  • Adopt the CIS Controls or comparable
  • Report to the USBE by October 1 each year regarding the status of the adoption of the CIS controls or comparable and future plans for improvement.

 

3. Roles and Responsibilities Policy

The LEA acknowledges the need to identify parties who are ultimately responsible and accountable for data and content assets. These individuals and their responsibilities are as follows:

3.1 Data Manager roles and responsibilities

  • authorize and manage the sharing, outside of the student data manager's education entity, of personally identifiable student data for the education entity as described in this section
  • provide for necessary technical assistance, training, and support
  • act as the primary local point of contact for the state student data officer
  • ensure that the following notices are available to parents:

3.2 Information Security Officer

  • Oversee adoption of the CIS controls
  • Provide for necessary technical assistance, training, and support as it relates to IT security

4. Training and Support Policy

The LEA recognizes that training and supporting educators and staff regarding federal and state data privacy laws is a necessary control to ensure legal compliance.

4.1 Procedure

  1. The data manager will ensure that educators who have access to student records will receive an annual training on confidentiality of student data to all employees with access to student data. The content of this training will be based on the Data Sharing Policy.
  2. By October 1 each year, the data manager will report to USBE the completion status of the annual confidentiality training and provide a copy of the training materials used.
  3. The data manager shall keep a list of all employees who are authorized to access student education records after having completed a training that meets the requirements of 53E-9-204.

5. Audit Policy

In accordance with the risk management priorities of the LEA, the LEA will conduct an audit of:

  • The effectiveness of the controls used to follow this data governance plan; and
  • Third-party contractors, as permitted by the contract described in 53E-9-309(2).

6. Data Sharing Policy

There is a risk of redisclosure whenever student data are shared. The LEA shall follow appropriate controls to mitigate the risk of redisclosure and to ensure compliance with federal and state law.

6.1 Procedure

  1. The data manager shall approve all data sharing or designate other individuals who have been trained on compliance requirements with FERPA.
  2. For external research, the data manager shall ensure that the study follows the requirements of FERPA’s study exception described in 34 CFR 99.31(a)(6).
  3. After sharing from student records, the data manager shall ensure that an entry is made in the LEA Metadata Dictionary to record that the exchange happened.
  4. After sharing from student records, the data manager shall make a note in the student record of the exchange in accordance with 34 CFR 99.32.

7. Expungement Request Policy

The LEA recognizes the risk associated with data following a student year after year that could be used to mistreat the student. The LEA shall review all requests for records expungement from parents and make a determination based on the following procedure.

7.1 Procedure

The following records may not be expunged: grades, transcripts, a record of the student’s enrollment, assessment information.

The procedure for expungement shall match the record amendment procedure found in 34 CFR 99, Subpart C of FERPA.

  1. If a parent believes that a record is misleading, inaccurate, or in violation of the student’s privacy, they may request that the record be expunged.
  2. The LEA shall decide whether to expunge the data within a reasonable time after the request.
  3. If the LEA decides not to expunge the record, they will inform the parent of their decision as well as the right to an appeal hearing.
  4. The LEA shall hold the hearing within a reasonable time after receiving the request for a hearing.
  5. The LEA shall provide the parent notice of the date, time, and place in advance of the hearing.
  6. The hearing shall be conducted by any individual that does not have a direct interest in the outcome of the hearing.
  7. The LEA shall give the parent a full and fair opportunity to present relevant evidence. At the parents’ expense and choice, they may be represented by an individual of their choice, including an attorney.
  8. The LEA shall make its decision in writing within a reasonable time following the hearing.
  9. The decision must be based exclusively on evidence presented at the hearing and include a summary of the evidence and reasons for the decision.
  10. If the decision is to expunge the record, the LEA will seal it or make it otherwise unavailable to other staff and educators.

8. Data Breach Response Policy

The LEA shall follow industry best practices to protect information and data. In the event of a data breach or inadvertent disclosure of personally identifiable information, the LEA staff shall follow industry best practices for responding to the breach.

8.1 Procedures

  1. The Superintendent will work with the information security officer to designate individuals to be members of the cyber incident response team (CIRT)
  2. At the beginning of an investigation, the information security officer will begin tracking the incident and log all information and evidence related to the investigation.
  3. The information security officer will call the CIRT into action once there is reasonable evidence that an incident or breach has occurred.
  4. The information security officer will coordinate with other IT staff to determine the root cause of the breach and close the breach.
  5. The CIRT will coordinate with legal counsel to determine if the incident is meets the legal definition of a significant breach as defined in R277-487 and determine which entities and individuals need to be notified.
  6. If law enforcement is notified and begins an investigation, the CIRT will consult with them before notifying parents or the public so as to not interfere with the law enforcement investigation.

9. Publication Policy

The LEA recognizes the importance of transparency and will post this policy on the LEA website.

 

 

updated 9/13/2021

Page 1 of 2