Wayne School District (WSD) supports secure network systems, including security for all personally identifiable information that is stored on paper or stored digitally on WSD-maintained computers and networks. This policy supports efforts to mitigate threats that may cause harm to the district, schools, students, or employees at WSD.

WSD will ensure reasonable efforts will be made to maintain network security. Data loss can be caused by human error, hardware malfunction, natural disaster, security breach, etc., and may not be preventable.

All persons who are granted access to the WSD network and other technology resources are expected to be careful and aware of suspicious communications and unauthorized use of devices on the network. When an employee or other user becomes aware of suspicious activity, he/she is to immediately contact the network administrator with the relevant information.

This policy also covers third party vendors/contractors that contain or have access to WSD critically sensitive data. All third party entities will be required to sign the Restriction on Use of Confidential Information Agreement before accessing our systems or receiving information.

It is the policy of WSD to fully conform with all federal and state privacy and data governance laws.  Including the Family Educational Rights and privacy Act, 20  U.S. Code §1232g and 34 CFR Part 99 (hereinafter “FERPA”), the Government Records and Management Act  U.C.A. §62G-2 (hereinafter “GRAMA”), U.C.A. §53A-1-1401 et seq. and Utah Administrative Code R277-487.

The board directs the WSD IT Director to develop procedures to support this policy. Employees are required to follow the procedures developed by the IT Director. Professional development for staff regarding the importance of network security and best practices is to be included in the procedures. Students are also required to follow the procedures as applicable. The procedures associated with this policy are consistent with guidelines provided by cyber security professionals worldwide and in accordance with Utah Education Network. The board supports the development, implementation and ongoing improvements for a robust security system of hardware and software that is designed to protect data, users, and electronic assets.

WSD Security Procedures

Definitions

Access: Directly or indirectly use, attempt to use, instruct, communicate with, cause input to, cause output from, or otherwise make use of any resources of a computer, computer system, computer network, or any means of communication with any of them.

Authorization: Having the express or implied consent or permission of the owner, or of the person authorized by the owner to give consent or permission to access a computer, computer system, or computer network in a manner not exceeding the consent or permission.

Computer: Any electronic device or communication facility that stores, retrieves, processes, or transmits data.

Computer system: A set of related, connected or unconnected, devices, software, or other related computer equipment.

Computer network: The interconnection of communication or telecommunication lines between: computers; or computers and remote terminals; or the interconnection by wireless technology between: computers; or computers and remote terminals.

Computer property: Includes electronic impulses, electronically produced data, information, financial instruments, software, or programs, in either machine or human readable form, any other tangible or intangible item relating to a computer, computer system, computer network, and copies of any of them.

Confidential: Data, text, or computer property that is protected by a security system that clearly evidences that the owner or custodian intends that it not be available to others without the owner's or custodian's permission.

Encryption or encrypted data:  The most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.

Personally Identifiable Information (PII):  Any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered Protected data

Security system: A computer, computer system, network, or computer property that has some form of access control technology implemented, such as encryption, password protection, other forced authentication, or access control designed to keep out unauthorized persons.

Sensitive data:  Data that contains personally identifiable information.

System level:  Access to the system that is considered full administrative access.  Includes operating system access and hosted application access.

Security Responsibility

District IT security shall be the primary responsibility of the District IT Department, led by the IT Director. The IT Department shall be responsible for the development of policies and adherence to the standards defined in this document.

Employee Security Awareness Training

1.     Overview

WSD, led by the IT Director, shall ensure that all employees having access to sensitive information undergo annual IT security training which emphasizes their personal responsibility for protecting student and employee information. Training resources will be provided to all employees.

2.     Purpose

These methods help ensure employees have a solid understanding of our security policy, procedures, and best practices. Employees shall also have a basic understanding of the following security related topics: social engineering tactics, email and messaging security, safely browsing the internet, social networking threats, mobile device security, password best practices, data classification, data transmission and encryption, data destruction, WiFi security, working remotely, insider threats from students and staff, physical security issues, protecting personal/work computers, copyright infringements, malware and virus protection, sharing files with local and state entities, and workspace security.

3.     Procedure

All WSD employees shall receive security specific trainings Annually.

Security for Workstations

1.     Overview

The workstations at WSD contain sensitive information and data. WSD IT Department will implement procedures to ensure that this information will be secure.

2.     Purpose

WSD shall ensure that any user’s computer must not be left unattended and unlocked, especially when logged into sensitive systems or data including student or employee information. Automatic log off, locks and password screen savers should be used to enforce this requirement.

3.     Procedure

Appropriate measures must be taken when using workstations to ensure the confidentiality, integrity and availability of sensitive information; including personally identifiable information (PII) and that access to sensitive information is restricted to authorized users.

• WSD employees using controlled workstations shall consider the sensitivity of the information, including personally identifiable information (PII) that may be accessed and minimize the possibility of unauthorized access.
• WSD will implement physical and technical safeguards for all workstations that access electronic personally identifiable information (PII) to restrict access to authorized users.
• Appropriate measures include:

○      Restricting physical access to workstations to only authorized personnel.

○      Securing workstations (screen lock or logout) prior to leaving area to prevent unauthorized access.

○      Enabling a password protected screensaver with a 15 minutes or less to ensure that workstations that were left unsecured will be protected. The password must comply with WSD Password Procedure.

○      Complying with all applicable password policies and procedures. See WSD Password Procedure.

○      Ensuring controlled workstations are used for authorized business purposes only.  Never installing unauthorized software on controlled workstations.

○      Storing all sensitive information, including personally identifiable information (PII) on secured network servers

○      Securing laptops that contain sensitive information by locking laptops up in drawers, cabinets or in a classroom/office.

○      Enable Workstation Encryption

○      Users are not set up as computer administrators

Network Security

1.     Overview

Network security entails protecting the usability, reliability, integrity, and safety of network and data. Effective network security defeats a variety of threats from entering or spreading on a network. The primary goals of network security are Confidentiality, Integrity, Availability and Accountability.

2.     Purpose

The minimal security configuration required for all routers and switches connecting to a production network or used in a production capacity at or on behalf of WSD. WSD shall ensure that all untrusted and public access computer networks are separated from main computer networks and utilize security policies to ensure the integrity of those computer networks. WSD will utilize industry standards and current best practices to segment internal computer networks based on the data they contain. This will be done to prevent unauthorized users from accessing services unrelated to their job duties and minimize potential damage from other compromised systems.

3.     Procedure

Network perimeter controls will be implemented to regulate traffic moving between trusted internal (WSD) resources and external, untrusted (Internet) entities. All network transmission of sensitive data should enforce encryption where technologically feasible.

Wireless Network Security

1.     Purpose

Network security entails protecting the usability, reliability, integrity, and safety of network and data. Effective network security defeats a variety of threats from entering or spreading on a network. The primary goals of network security are Confidentiality, Integrity, and Availability.

2.     Purpose

No wireless access point shall be installed on WSD computer network that does not conform to current network standards as defined by the IT Department.  WSD shall scan for and remove or disable any rogue wireless devices on a regular basis. All wireless access networks shall conform to current best practices and shall utilize at minimal WPA2 encryption for any connections.  Open access networks are not permitted with the exception of a managed guest network.

3.     Procedure

Wireless Network controls will be implemented to regulate traffic moving between trusted internal (WSD) resources and external, untrusted (Internet) entities. All network transmission of sensitive data should enforce encryption where technologically feasible.

Remote Access Procedure

1.     Overview

Remote access allows a user to connect from outside the WSD organization network. This procedure applies to all WSD employees, contractors, vendors and agents with a WSD owned or personally owned computer or workstation used to connect to the WSD network. This procedure applies to remote access connections used to do work on behalf of WSD

2.     Purpose

The purpose of this procedure is to define standards for connecting to WSD network from any host. These standards are designed to minimize the potential exposure to WSD from damages, which may result from unauthorized use of WSD resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical WSD internal systems, etc.  Remote access implementations that are covered by this procedure include, but are not limited to DSL, VPN, and SSH.

3.     Procedure

It is the responsibility of WSD employees, contractors, vendors and agents with remote access privileges to WSD network to ensure that their remote access connection is given the same consideration as the user’s on-site connection to WSD.

Please review the following procedures to ensure protection of information when accessing the WSD network via remote access methods, and acceptable use of WSD network:

• Encryption Procedures
• Wireless Infrastructure Communications Procedure
• Acceptable Use Procedure

Requirements

• Secure remote access must be strictly controlled. Control will be enforced via one-time password authentication or public/private keys with strong pass phrases. For information on creating a strong pass phrase see the Password Procedures.
• At no time should any WSD employee provide his or her login or email password to anyone, not even family members.
• WSD employees with remote access privileges must ensure that their WSD owned or personal computer or workstation, which is remotely connected to WSD network, is not connected to any other network at the same time, with the exception of personal networks that are under the complete control of the user.
• The WSD director must approve non-standard hardware configurations. Security configurations for access to hardware must also be approved.
• All hosts that are connected to WSD internal networks via remote access technologies, must use the most up-to-date anti-virus software, this includes personal computers.
• Personal equipment that is used to connect to WSD networks must meet the requirements of WSD owned equipment for remote access.
• Organizations or individuals who wish to implement non-standard Remote Access solutions to the WSD production network must obtain prior approval from WSD director.

Password Procedure

1.     Overview

Passwords are a critical component of information security. Passwords serve to protect user accounts; however, a poorly constructed password may result in the compromise of individual systems, data, or the entire network. This guideline provides best practices for creating secure passwords.

2.     Purpose

The purpose of this procedure is to establish a standard for the creation of strong passwords, the protection of those passwords, and the frequency of change.  This procedure applies to all personnel and entities working on behalf of WSD, who have or are responsible for any account (or any form of access that supports or requires a password) on any system that resides at or is connected to WSD.

3.     Procedure

To minimize the possibility of unauthorized access, all passwords should meet or exceed the guidelines for creating strong passwords.

Password Characteristics

Strong passwords

• Contain at least 10 alphanumeric characters
• Contain both upper and lower case letters
• Contain at least one number (for example, 0-9)
• Contain at least one special character (for example,!$%^&*()_+|~-=\`{}[]:”;'<>?,/)

Protection of passwords

• Users must not use the same password for WSD accounts as for other non-WSD access (for example, personal email accounts, shopping sites, social media, and so on
• Where possible, users must not use the same password for various WSD access needs or user accounts that have system-level privileges granted through group memberships or programs such as FileMaker must have a unique password from all other accounts held by that user to access system-level privileges; unless account has 2-factor authentication enabled
• All system-level passwords (for example, root, enable, NT admin, application administration accounts, and so on) must be changed on at least a quarterly basis
• All user-level passwords (for example, email, web, desktop computer, and so on) must be changed at least annually.
• Password cracking or guessing may be performed on a periodic or random basis by the UETN team or its delegates. If a password is guessed or cracked during one of these scans, the user will be required to change it
• Default passwords must be changed during initial setup and configuration
• Passwords must not be shared with anyone. All passwords are to be treated as sensitive, confidential information
• Passwords must not be inserted along with the username into email messages or other forms of electronic communication
• Do not reveal a password on questionnaires or security forms
• Do not share your WSD passwords with anyone, including administrative assistants, secretaries, managers, co-workers while on vacation, and family members
• Do not write passwords down and store them anywhere in your office. Do not store passwords in a file on a computer system or mobile devices (phone, tablet) without encryption
• Never use the “Remember Password” feature of applications (for example, web browsers)
• Any user suspecting that his/her password may have been compromised must report the incident to their supervisor and change all passwords immediately

Access Control

1.     Overview

Access control is the process of authorizing users, groups, and computers to access objects on the network or computer. It is a good practice to assign permissions to groups because it improves system performance when verifying access to an object.

2.     Purpose

The purpose for setting access control in the WSD organization provides system and application access based upon the least amount of access to data and programs required by the user in accordance with a business need-to-have requirement.

3.     Procedure

This procedure is directed to the IT Management Staff who is accountable to ensure proper access is given to individual employees.

• WSD shall ensure that user access shall be limited to only those specific access requirements necessary to perform their jobs. Where possible, segregation of duties will be utilized to control authorization access.
• WSD shall ensure that user access should be granted and/or terminated upon timely receipt, and management’s approval, of a documented access request/termination.
• WSD shall ensure that audit and log files are maintained for at least ninety days for all critical security-relevant events such as: invalid logon attempts, changes to the security policy/ configuration, and failed attempts to access objects by unauthorized users, etc.
• WSD shall limit IT administrator privileges (operating system, database, and applications) to the minimum number of staff required to perform these sensitive duties.

Security Response Plan Procedure

1.     Overview

A Security Response Plan (SRP) provides the impetus for security and operational groups to integrate their efforts from the perspective of awareness and communication, as well as coordinated response in times of crisis (security vulnerability identified or exploited). Specifically, an SRP defines a product description, contact information, escalation paths, expected service level agreements (SLA), severity and impact classification, and mitigation/remediation timelines.

2.     Purpose

The purpose of this procedure is to establish the requirement that all operational groups supported develop and maintain a security response plan. This ensures that the security incident response team has all the necessary information to formulate a successful response should a specific security incident occur. This procedure applies any established and defined operational group or entity within the WSD.

3.     Procedure

The development, implementation, and execution of a Security Response Plan (SRP) are the primary responsibility of the WSD director and network administrator.

Service or Product Description

The product description in an SRP must clearly define the service or application to be deployed with additional attention to data flows, logical diagrams, architecture considered highly useful.

Contact Information

The SRP must include contact information for dedicated team members to be available during non-business hours should an incident occur and escalation be required. This may be a 24/7 requirement depending on the defined business value of the service or product, coupled with the impact to customer. The SRP document must include all phone numbers and email addresses for the dedicated team member(s).

Triage

The SRP must define triage steps to be implemented with the intended goal of swift security vulnerability mitigation. This step typically includes validating the reported vulnerability or compromise.

Identified Mitigations and Testing

The SRP must include a defined process for identifying and testing mitigations prior to deployment. These details should include both short-term mitigations as well as the remediation process.

Mitigation and Remediation Timelines

The SRP must include levels of response to identified vulnerabilities that define the expected timelines for repair based on severity and impact.

Disaster Recovery Plan Procedure

1.     Overview

Since disasters happen so rarely, management often ignores the disaster recovery planning process. It is important to realize that having a contingency plan in the event of a disaster gives WSD an advantage. This procedure requires management to financially support and diligently attend to disaster contingency planning efforts. Disasters include, but are not limited to adverse weather conditions. Any event that could likely cause an extended delay of service should be considered.

2.     Purpose

This procedure defines the requirement for a baseline disaster recovery plan to be developed and implemented by WSD that will describe the process to recover IT Systems, Applications and Data from any type of disaster that causes a major outage.

3.     Procedure

This procedure is directed to the IT Management Staff who is accountable to ensure the plan is developed, tested and kept up to date. This procedure is solely to state the requirement to have a disaster recovery plan, it does not provide requirement around what goes into the plan or sub plans. The WSD director and IT director will develop the following contingency plans.

The following contingency plans must be created:

• Data Study: Detail the data stored on the systems, its criticality, and its confidentiality.
• Data Backup: Procedures for performing routine daily/weekly/monthly backups and storing backup media at a secured location other than the server room or adjacent facilities. As a minimum, backup media must be stored off-site a reasonably safe distance from the primary server room.
• Restoration Plan: Describes how the backups are restored.
• Equipment Replacement Plan: Describe what equipment is required for providing services
• Critical Systems Instructions: Documentation must include:

○      Location of installation software

○      Backup frequency and storage locations

○      Username and passwords

○      Support phone numbers

○      Steps to restart, reconfigure, and recover the system

○      Power up and power down procedures

○      Equipment age

○      Model and serial numbers

○      Warranty and maintenance contract information

○      Software licensing information and storage location

○      IP and MAC addresses

○      Supplier contacts for sources of expertise to recover systems. These might include vendors that sell/support the products, or the manufacturers themselves

○      Website username and password

○      Server username and password

○      Assigned computer username and password

Malicious Software Procedure

1.     Overview

Malicious Software is any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. It may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge.

2.     Purpose

The purpose of the procedure is to ensure that malicious software protection will include frequent update downloads (minimum weekly), frequent scanning (minimum weekly), and that malicious software protection is in active state (real time) on all operating servers/workstations.

3.     Procedure

This procedure is directed to the IT Management Staff who is accountable to ensure the security of district networks and data.

• Server and workstation protection software will be deployed to identify and eradicate malicious software attacks such as viruses, spyware, and malware.
• WSD shall install, distribute, and maintain spyware and virus protection software on all WSD-owned equipment, i.e. servers, workstations, and laptops.
• WSD shall ensure that all security-relevant software patches (workstations and servers) are applied within thirty days and critical patches shall be applied as soon as possible.
• All computers must use the District approved anti-virus solution.
• Any exceptions to malicious software procedure must be approved by the Security Information Officer.

Internet Content Filtering Procedure

1.     Overview

Internet content filtering is the use of a program or hardware to screen and exclude from access or availability Web pages or e-mail that is deemed objectionable.

2.     Purpose

The purpose of Internet content filtering is to provide best effort to protect students, teachers, and school employees from objectionable material.

3.     Procedure

This procedure is directed to the IT Management Staff who is accountable to ensure that Internet content filtering best practices are implemented.

• In accordance with Federal and State Law, WSD shall filter internet traffic for content defined in law that is deemed harmful to minors.
• WSD acknowledges that technology based filters are not always effective at eliminating harmful content and due to this, WSD uses a combination of technological means and supervisory means to protect students from harmful online content.
• In the event that employees take devices home, WSD will provide a technology based filtering solution for those devices.  However, the District will rely on parents to provide the supervision necessary to fully protect students from accessing harmful online content. WSD[1]  will cut because we do not provide direct access to students.
• Students shall be supervised when accessing the internet and using district owned devices on school property. WSD[2]  will cut because we do not provide direct access to students.

Data Privacy Procedure

1.     Overview

Data can be used to facilitate change and improvement, there is however a need to balance the usefulness of this data with the privacy of who the data is about.

2.     Purpose

The purpose of protecting data is to provide best effort to ensure that data breaches do not happen and to place into training and procedure steps to protect individuals.

3.     Procedure

This procedure is directed to the IT Management Staff who is accountable to ensure that Privacy and data protection best practices are implemented. Data privacy within the district shall be in accordance with the district’s Data Governance Plan.

• WSD recognizes its responsibility as the steward for all confidential information maintained within the district.
• WSD considers the protection of the data it collects on students, employees and their families to be of the utmost importance.
• WSD protects student data in compliance with the Family Educational Rights and privacy Act, 20 U.S. Code §1232g and 34 CFR Part 99 ( “FERPA”), the Government Records and Management Act  U.C.A. §62G-2 ( “GRAMA”), U.C.A. §53A-1-1401 et seq, 15 U.S. Code §§ 6501–6506 (“COPPA”) and Utah Administrative Code R277-487 (“Student Data Protection Act”).
• WSD shall ensure that employee records access shall be limited to only those individuals who have specific access requirements necessary to perform their jobs. Where possible, segregation of duties will be utilized to control authorization access.
• WSD shall designate Data Stewards to oversee the collection, storage and maintenance of confidential information within the district. Data Stewards shall manage confidential information/data in accordance with the district’s Data Governance Plan.
• All WSD board members, employees, contractors and volunteers shall undergo annual privacy training and shall be required to comply with the district’s security policy.

Audit Procedures

1.     Overview

Planned and random security audits are important in order to mitigate risk and evaluate our preparedness for a security incident. WSD contracts with UETN to conduct periodic security penetration tests using the CIS Critical Security Controls on devices and networks.

2.     Purpose

The purpose of this procedure is to ensure all devices and network are configured according to the WSD security policy. All devices connected to the WSD network are subject to audit at any time. Audits may be conducted to:

• Ensure integrity, confidentiality and availability of information and resources
• Ensure conformance to the WSD security policy

3.     Procedure

WSD hereby provides its consent to allow the UETN security audit team or an external auditor to access its devices to the extent necessary, within a predetermined scope; which will be written and approved by the UETN team to allow the auditor to perform scheduled and random audits of any/all devices at WSD.

• Specific Concerns
• WSD devices may support critical business functions and store sensitive information. Improper configuration of devices could lead to the loss of confidentiality, availability or integrity of these systems
• Guidelines
• Approved and standard configuration templates shall be used when deploying devices:

○      Host security agents such as antivirus and malware protection shall be installed and updated

○      Perform network scans to verify only required network ports and network shares are in use

○      Verify administrative group membership

○      Conduct baselines when systems are deployed and upon significant system changes

○      Changes to configuration template shall be coordinated with WSD network administrator

○      Must follow all other applicable procedures for deployed new devices

4.     Responsibility

The UETN Team or an external auditor shall conduct audits of all devices owned or operated by WSD. Device owners are encouraged to audit their own devices as needed; this does not allow a device owner to perform an audit of the WSD network or on any device not owned by the employee

5.     Relevant Findings

All relevant findings discovered as a result of an audit shall be listed in the UETN report to WSD to ensure prompt resolution and/or appropriate mitigating controls

6.     Ownership of Audit Report

All results and findings generated by the UETN team or an external auditor must be provided to appropriate WSD management within one month of project completion. This report will become the property of WSD and be considered confidential

Clean Desk Procedure

1.     Overview

The purpose of this procedure is to establish a culture of security for all WSD employees. An effective clean desk effort, involving the participation and support of all employees, will protect paper documents that contain personally identifiable and other sensitive information.

2.     Purpose

The primary reasons for a clean desk procedure are:

• A clean desk reduces the threat of a security incident since confidential information will be locked away when unattended.
• Sensitive documents left in the open can be viewed and/or stolen by a malicious entity.

3.     Procedure

Appropriate measures must be taken to ensure the confidentiality, integrity and availability of sensitive information, including but not limited to Personally Identifiable Information (PII) or sensitive personal information(SPI).

Appropriate measures include:

• Restricting physical access to devices.
• Ensuring that all sensitive/confidential information in hardcopy or electronic form is secure in the work area at the end of each day.
• Securing workstations (screen lock or logout) prior to leaving an area to prevent unauthorized access.
• Enabling a password-­‐protected screen saver with a short timeout period to ensure that devices left unsecured will be protected.
• Complying with all applicable password policies and procedures. See WSD Password Procedure.
• Ensuring devices are used for authorized educational/business purposes only.
• Never sending personally identifiable information (PII) or sensitive personal information(SPI) via email to anyone, including forwarding a message.
• Storing all sensitive information on password-­‐protected drives or secure, restricted, network servers.
• Securing laptops that contain sensitive information by using cable locks, locking laptops up in drawers or cabinets, and/or by locking the door behind you.
• Sensitive working papers should be placed in locked drawers whenever a user is away from their desk.
• At the end of the work-­‐day the employee is expected to tidy their desk by locking up all sensitive papers and devices.

Email Procedure

1.     Overview

Electronic email is used pervasively, and is often the primary communication and awareness method within an organization. Misuse of email, however, can pose many legal, privacy and security risks, thus it is important for users to understand the appropriate use of electronic communications.

2.     Purpose

The purpose of this email procedure is to ensure the proper use of the WSD email system and make users aware of what WSD deems as acceptable and unacceptable use of its email system. This procedure outlines the minimum requirements for use of email within the WSD network.

3.     Procedure

• All use of email must be consistent with WSD policies and procedures of ethical conduct, safety, compliance with applicable laws and proper business practices
• WSD email account should be used primarily for WSD business related purposes; personal communication is permitted on a limited basis, but non‐WSD related commercial uses are prohibited
• The WSD email system shall not to be used for the creation or distribution of any disruptive or offensive messages; including offensive comments about race, gender, disabilities, age, sexual orientation, pornography, religious beliefs and practice, political beliefs, or national origin. Employees who receive any emails with this content from any WSD employee should report the matter to their supervisor immediately
• Users are prohibited from automatically forwarding WSD email to a third party email system. 
• Using a reasonable amount of WSD resources for personal emails is acceptable. Sending chain letters or inappropriate joke emails from a WSD email account is prohibited
• WSD employees shall have no expectation of privacy in anything they store, send or receive
• WSD may monitor messages without prior notice. WSD is not obligated to monitor email messages

EMPLOYEE TECHNOLOGY ACCEPTABLE USE

Every WSD employee will be required to sign this acceptable use policy.

All employees are responsible for following WSD policy and procedures.

1.     INTERNET & INTERNET USE:

WSD has access to the Internet, which is governed and supported by the Utah Education Network.

Use of the electronic information resources in WSD shall be to improve and support the educational process by providing access to global information and improving communication between our districts, employees of WSD, and community members. WSD desires to provide electronic mail service, electronic conferencing, global information resources via the World Wide Web, to employees of WSD at no cost.

2.     ACCEPTABLE INTERNET USE

All Internet or computer equipment use shall be consistent with the purposes, goals, and policies of WSD. It is imperative that users of the Internet or computer equipment conduct themselves in a responsible, ethical, moral, and polite manner. All participants must abide by all local, state, and federal laws. The Internet user accepts the responsibility of adhering to high standards of conduct and the terms and conditions set forth in all parts of this policy.

3.     IMPERMISSIBLE INTERNET & COMPUTER EQUIPMENT USES

The following uses of the Internet & computer equipment are prohibited:

• Any violation of applicable WSD policy or public law by such use;
• Any activity that is immoral or contrary to the high moral standards which must be maintained in an educational setting;
• Any attempt to bypass state, WSD, district, or school security (e.g. bypassing proxies or hacking servers or work stations) is forbidden;
• Accessing or transmitting of immoral, obscene, pornographic, profane, lewd, vulgar, rude, defaming, harassing, threatening, disrespectful, or otherwise inappropriate images or information, or receiving such information from others;
• Any commercial use, product advertisement, display of private information, or promotion of political candidates;
• Any violation of copyright, trade secret or trademark laws;
• Any attempt to damage, disrupt or interfere with the use of any computer electronic information resource;
• Any attempt to access information beyond the users authorized access to any electronic information resource;
• Any destruction, defacement, theft, or altering of WSD equipment;
• Any storing or accessing of illegal, inappropriate, or obscene material on WSD owned electronic equipment;
• Excessive non-work related computer use during work hours;

4.  PRIVILEGE

The use of the Internet and computer equipment within WSD is a privilege. The information produced from Internet access or computer use shall be deemed the property of WSD, this is confidential information to the user unless it is transmitted to others with the user’s permission. Violation of this policy can result in the loss of computer access privileges.

5.  MONITORING

WSD reserves the right to monitor and review any material on any machine at anytime in order for the service center to determine any inappropriate use of network services.

6.  DISCLAIMER OF ALL WARRANTIES

WSD makes no warranties of any kind, whether expressed or implied, for the services provided in connection with use of the Internet or any and all computer equipment. Neither WSD nor any supporting Internet services will be responsible for any damages that an computer or Internet user suffers. WSD expressly disclaims any liability in connection with the loss of data resulting from delays, failure to deliver data, mistaken deliveries, viruses, backup device failure, or service interruptions caused by WSD or the Internet provider or by the users error or omissions. Use of any information obtained via the Internet is at the user’s own risk. WSD expressly denies any responsibility for the accuracy or quality of information obtained through any Internet service. All users must consider the source of any information they obtain and evaluate the validity of that information.

7.   SECURITY

WSD will implement security procedures on Internet access to protect against unacceptable use. Employees are responsible for the security of their computer equipment, files and passwords. Employees with access to student records may not use, release, or share these records except as authorized by Federal, State, or Local laws. Employees are responsible for any accounts they may have. Sharing of any usernames or passwords to anyone is not permissible and may result in the loss of account privileges. Employees will be held accountable for any activity under their user account. Any security violations by employees must be reported to Technology Specialist and Director.

8.   ENCOUNTER OF CONTROVERSIAL MATERIAL

Internet users may encounter material that is controversial which the user or administrator may consider inappropriate or offensive. WSD has taken precautions to restrict access to inappropriate materials through a filtering and monitoring system. However, it is impossible on a global Internet, to control access to all data which a user may discover. It is the user’s responsibility not to initiate access to such material. Any site or material that is deemed controversial should be reported immediately to the appropriate administrator. WSD expressly disclaims any obligation to discover all violations of inappropriate internet access.

9.   TERMS OF USE

a.     Only registered employees of WSD and Board of Directors members qualify for Internet access under this policy.

b.     Only the authorized users who have signed the user agreement shall have computer access. Users are ultimately responsible for all activity while using the Internet and all computer equipment.

c.      All Internet or computer equipment access by an employee or Board member is automatically terminated upon retirement, resignation, or termination of employment.

d.     All student computer use must be supervised. Employees who supervise students with access to computer equipment must be familiar with the district's Student Computer Acceptable Use Policy and be willing to enforce it. Employees must appropriately secure rooms and areas where school computer equipment is housed.

10.  PENALTIES FOR IMPROPER USE

Any violation of this policy or applicable state and federal laws may result in disciplinary action (including the possibility of termination) and/or referral to legal authorities. The Technology Specialist may limit, suspend, or revoke access to electronic resources at any time.

WSD INTERNET USER AGREEMENT

I understand and will abide by the WSD Employee Computer Acceptable Use Policy. I further understand that any violations of the above Computer Acceptable Use Policy, when using WSD electronic information resources, may result in the loss of my access privileges and/or other disciplinary or legal action. This action may include, but not limited to, suspension, probation, or termination of employment. I, therefore, agree to maintain professional standards and to report any misuse of the electronic information resources to the Technology Specialist or Director.

_________________________________________

^{Employee Name (Please Print)}

____________________________________

^{Employee Signature and Date}

1 Purpose

Data governance is an organizational approach to data and information management that is formalized as a set of policies and procedures that encompass the full life cycle of data; from acquisition, to use, to disposal. The Wayne County School District takes seriously its moral and legal responsibility to protect student privacy and ensure data security. Utah’s Student Data Protection Act (SDPA), U.C.A §53A-1-1401 requires that Wayne County School District adopt a Data Governance Plan.

2 Scope and Applicability

This policy is applicable to all employees, temporary employees, and contractors of the Agency. The policy must be used to assess agreements made to disclose data to third-parties. This policy must also be used to assess the risk of conducting business. In accordance with Agency policy and procedures, this policy will be reviewed and adjusted on an annual basis or more frequently, as needed. This policy is designed to ensure only authorized disclosure of confidential information. The following 8 subsections provide data governance policies and processes for Wayne County School District:

1. Data Advisory Groups
2. Non-Disclosure Assurances for Employees
3. Data Security and Privacy Training for Employees
4. Data Disclosure
5. Data Breach
6. Record Retention and Expungement
7. Data Quality
8. Transparency

Furthermore, this Wayne County School District Data Governance Plan works in conjunction with the Agency Information Security Policy, which:

• Designates Wayne County School District as the steward for all confidential information maintained within Wayne County School District.
• Designates Data Stewards access for all confidential information.
• Requires Data Stewards to maintain a record of all confidential information that they are responsible for.
• Requires Data Stewards to manage confidential information according to this policy and all other applicable policies, standards and plans.

• Complies with all legal, regulatory, and contractual obligations regarding privacy of Agency data. Where such requirements exceed the specific stipulation of this policy, the legal, regulatory, or contractual obligation shall take precedence.
• Provides the authority to design, implement, and maintain privacy procedures meeting Wayne County School District standards concerning the privacy of data in motion, at rest and processed by related information systems.
• Ensures that all Wayne County School District board members, employees, contractors, and volunteers comply with the policy and undergo annual privacy training.
• Provides policies and process for

• Systems administration,
• Network security,
• Application security,
• Endpoint, server, and device Security
• Identity, authentication, and access management,
• Data protection and cryptography
• Monitoring, vulnerability, and patch management
• High availability, disaster recovery, and physical protection
• Incident Responses
• Acquisition and asset management, and
• Policy, audit, e-discovery, and training.

3 Data Advisory Groups

3.1 Structure

Wayne County School District has a three-tiered data governance structure to ensure that data is protected at all levels of Utah’s educational system.

3.2 Group Membership

Membership in the groups require board approval. Group membership is for two years. If individual members exit the group prior to fulfilling their two-year appointment, the board may authorize Wayne County School District’s Chief Officer to appoint a replacement member.

3.3 Indivivual and Group Responsibilities

The following outlines individual Wayne County School District staff and advisory group responsibilities.

LEA STUDENT DATA MANAGER RESPONSIBILITIES

1. Authorize and manage the sharing, outside of the education entity, of personally identifilable student data from a cumulative record for the education entity.

2. Act as the primary local point of contact for the state student data officer.

3. A student data manager may share personally identifiable student data that are:

  a.of a student with the student and the student's parent

 b. required by state or federal law

 c. in an aggregate form with appropriate data redaction techniques applied

d. for a school official

e. for an authorized caseworker or other representative of the Department of Human Services or the Juvenile Court.

f. in response to a subpoena issued by a court.

g. directory information

h. submitted data requests from external researchers or evaluators,

4. A student data manager may not share personally identifiable student data for the purpose of external research or evaluation.

5. Create and maintain a list of all LEA staff that have access to personally identifiabe student data.

6. Ensure annual LEA leveltraining on data privacy to all staff members, including volunteers. Document all staff names, roles, and training dates, times, locations, and agendas.

IT Systems Security Manager

1. Act as the primary point of contact for state student data seurity aministration in assisting the board to adminster this part;

2. Ensures compliance with security systems laws throughout the public ediucation system, including:

  a. providing training and support to applicable Wayne County School District employees; and

  b. producing resource material, model plans, and nodel forms for LEA systems security;

3. Investigates complaints of alleged violations of systems breaches;

4. Provides an anual report to the board on Wayne County School District's systems seurity needs.

4 Employee Non-Disclosure Assurance

Employee non-disclosure assurances are intended to minimize the risk of human error and misuse of information.

4.1 Scope

All Wayne County School District board members, employees, contractors and volunteers must sign and obey the Wayne County School District Employee Non-Disclosure Agreement (See Appendix A), which describes the permissible uses of state technology and information

4.2 Non-Compliance

Non-compliance with the agreements shall result in consequences up to and including removal of access to Wayne County School District network; if this access is required for employment, employees and contractors may be subject to dismissal.

4.3 Non-Disclosure Assurances

All student data utilized by Wayne County School District is protected as defined by the Family Educational Rights and Privacy Act (FERPA) and Utah statute. This policy outlines the way Wayne County School District staff is to utilize data and protect personally identifiable and confidential information. A signed agreement form is required from all Wayne County School District staff to verify agreement to adhere to/abide by these practices and will be maintained in Wayne County School District Human Resources. All Wayne County School District employees (including contract or temporary) will:

1. Complete a Security and Privacy Fundamentals Training.
2. Complete a Security and Privacy Training for Researchers and Evaluators, if your position is a research analyst or if requested by the Chief Privacy Officer.
3. Consult with Wayne County School District internal data owners when creating or disseminating reports containing data.
4. Use password-protected state-authorized computers when accessing any student-level or staff-level records.
5. NOT share individual passwords for personal computers or data systems with anyone.
6. Log out of any data system/portal and close the browser after each use.
7. Store sensitive data on appropriate-secured location.       Unsecured access and flash drives, DVD, CD-ROM or other removable media, or personally owned computers or devices are not deemed appropriate for storage of sensitive, confidential or student data.
8. Keep printed reports with personally identifiable information in a locked location while unattended, and use the secure document destruction service provided at Wayne County School District when disposing of such records.
9. NOT share personally identifying data during public presentations, webinars, etc. If users need to demonstrate child/staff level data, demo records should be used for such presentations.
10. Redact any personally identifiable information when sharing sample reports with general audiences, in accordance with guidance provided by the student data manager, found in Appendix B (Protecting PII in Public Reporting).
11. Take steps to avoid disclosure of personally identifiable information in reports, such as aggregating, data suppression, rounding, recoding, blurring, perturbation, etc.
12. Delete files containing sensitive data after using them on computers, or move them to secured servers or personal folders accessible only by authorized parties.
13. NOT use email to send screenshots, text, or attachments that contain personally identifiable or other sensitive information. If users receive an email containing such information, they will delete the screenshots/text when forwarding or replying to these messages. If there is any doubt about the sensitivity of the data the Student Data Privacy Manager should be consulted..
14. Use secure methods when sharing or transmitting sensitive data. The approved method is Wayne County School District ’s Secure File Transfer Protocol (SFTP) website. Also, sharing within secured server folders is appropriate for Wayne County School District internal file transfer.
15. NOT transmit child/staff-level data externally unless expressly authorized in writing by the data owner and then only transmit data via approved methods such as described in item ten.
16. Limit use of individual data to the purposes which have been authorized within the scope of job responsibilities.

4.4 Data Security and Privavy Training

4.4.1 Purpose

Wayne County School District will provide a range of training opportunities for all Wayne County School District staff, including volunteers, contractors and temporary employees with access to student educational data or confidential educator records in order to minimize the risk of human error and misuse of information.

4.4.2 Scope

All Wayne County School District board members, employees, and contracted partners.

4.4.3 Compliance

New employees that do not comply may not be able to use Wayne County School District networks or technology.

4.4.4 Policy

1. Within the first week of employment, all Wayne County School District board members, employees, and contracted partners must sign and follow the Wayne County School District Employee Acceptable Use Policy, which describes the permissible uses of state technology and information.
2. New employees that do not comply may not be able to use Wayne County School District networks or technology. Within the first week of employment, all Wayne County School District board members, employees, and contracted partners also must sign and obey the Wayne County School District Employee Non-Disclosure Agreement, which describes appropriate uses and the safeguarding of student and educator data.
3. All current Wayne County School District board members, employees, and contracted partners are required to participate in an annual Security and Privacy Fundamentals Training Curriculum within 60 days of the adoption of this rule.
4. Wayne County School District requires a targeted Security and Privacy Training for Data Stewards and IT staff for other specific groups within the agency that collect, store, or disclose data. The Chief Privacy Officer will identify these groups. Data and Statistics Coordinator will determine the annual training topics for these targeted groups based on Wayne County School District training needs.
5. Participation in the training as well as a signed copy of the Employee Non-Disclosure Agreement will be annually monitored by supervisors. Supervisors and the board secretary will annually report all Wayne County School District board members, employees, and contracted partners who do not have these requirements completed to the IT Security Manager.

5 Data Discloure

5.1 Purpose

Providing data to persons and entities outside of the Wayne County School District increases transparency, promotes education in Utah, and increases knowledge about Utah public education. This policy establishes the protocols and procedures for sharing data maintained by {INSERT LEA NAME HERE}. It is intended to be consistent with the disclosure provisions of the federal Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. 1232g, 34 CFR Part 99 and Utah’s Student Data Protection Act (SDPA), U.C.A §53A-1-1401.

5.2 Policy For Disclouse of Personally Identifiable Information (PII)

5.2.1 Student or Student's Parent/Guardian Access

Parents are advised that the records maintained by Wayne County School District are provided to Wayne County School District by the school district in which their student is/was enrolled, and access to their student’s record can be obtained from the student’s school district. In accordance with FERPA regulations 20 U.S.C. § 1232g (a)(1) (A) (B) (C) and (D), LEAs will provide parents with access to their child’s education records, or an eligible student access to his or her own education records (excluding information on other students, the financial records of parents, and confidential letters of recommendation if the student has waived the right to access), within 45 days of receiving an official request. LEAs and Wayne County School District is not required to provide data that it does not maintain, nor is Wayne County School District required to create education records in response to an eligible student's request.

5.2.2 Third Party Vendor

Third party vendors may have access to students’ personally identifiable information if the vendor is designated as a “school official” as defined in FERPA, 34 CFR §§ 99.31(a)(1) and 99.7(a)(3)(iii). A school official may include parties such as: professors, instructors, administrators, health staff, counselors, attorneys, clerical staff, trustees, members of committees and disciplinary boards, and a contractor, consultant, volunteer or other party to whom the school has outsourced institutional services or functions.

All third-party vendors contracting with Wayne County School District must be compliant with Utah’s Student Data Protection Act (SDPA), U.C.A §53A-1-1401. Vendors determined not to be compliant may not be allowed to enter into future contracts with Wayne County School District without third-party verification that they are compliant with federal and state law, and board rule.

5.2.3 Internal Partmer Requests

Internal partners to Wayne County School District include LEA and school officials that are determined to have a legitimate educational interest in the information. All requests shall be documented in Wayne School District’s data request ticketing system

5.2.4 Governmental Agency Requests

Wayne County School District may not disclosepersonallyidentifiable informationofstudentsto external persons or organizations to conduct research or evaluation that is not directly related to a state or federal program reporting requirement, audit, or evaluation. The requesting governmental agency must provide evidence the federal or state requirements to share data in order to satisfy FERPA disclosure exceptions to data without consent in the case of a federal or state

1. reporting requirement
2. audit
3. evaluation

The Coordinator of Data and Statistics will ensure the proper data disclosure avoidance are included if necessary. An Interagency Agreement must be reviewed by legal staff and must include “FERPA-Student Level Data Protection Standard Terms and Conditions or Required Attachment Language.”

5.3 Policy for External Disclosure of Non-Personally Identigiable Information (PII)

5.3.1 Scope

External data requests from individuals or organizations that are not intending on conducting external research or are not fulfilling a state or federal reporting requirement, audit, or evaluation.

5.3.2 Student Data Disclosure Risk Levels

Wayne County School District has determined four levels of data requests with corresponding policies and procedures for appropriately protecting data based on risk: Low, Medium, and High. The Coordinator of Data and Statistics will make final determinations on classification of student data requests risk level.

5.3.2.1 Low-Risk Data Request Process

Definition: High-level aggregate data

Examples:

• Graduation rate by year for the state
• Percent of third-graders scoring proficient on the SAGE ELA assessment

                 

Process: Requester creates a ticket, Data Request forwarded to appropriate Data Steward. Data Steward fulfills request and saves the dataset in a secure folder managed by the Coordinator of Data and Statistics. The Data Steward closes the ticket.

5.3.2.2 High-Risk Data Request Process

Definition: High-level aggregate data

Examples:

• Graduation rate by year for the state
• Percent of third-graders scoring proficient on the SAGE ELA assessment

                 

Process: Requester creates a ticket, Data Request forwarded to Data and Statistic Coordinator for review. If the request is approved, an MOA is drafted and sent to legal, placed on the board consent calendar, reviewed by the Superintendent, sent to the Purchasing/Contract Manager, sent to Coordinator or Data and Statistics, appropriate Data Steward fulfills request, de-identifies data as appropriate, and sends to another Data Steward for Quality Assurance (ensuring student data protection). If it passes QA, data are sent to requester and saves the dataset in a secure folder managed by the Coordinator of Data and Statistics. The Data Steward closes the ticket. If it does not pass QA, the data are sent back to the Data Steward for modification.

5.4 Data Dislosure to a Requesting External Researcher or Evaluator

Responsibility: The Coordinator of Data and Statistics will ensure the proper data are shared with external researcher or evaluator to comply with federal, state, and board rules.

Wayne County School District may not disclose personallyidentifiable informationofstudents to external persons or organizations to conduct research or evaluation that is not directly related to a state or federal program audit or evaluation. Data that do not disclose PII may be shared with external researcher or evaluators for projects unrelated to federal or state requirements if:

1. A Wayne County School District Director, Superintendent, or board member sponsors an external researcher or evaluator request.
2. Student data are not PII and are de-identified through disclosure avoidance techniques and other pertinent techniques as determined by the Coordinator of Data and Statistics.
3. Researchers and evaluators supply the Wayne County School District a copy of any publication or presentation that uses Wayne County School District data 10 business days prior to any publication or presentation.

Process: Research Proposal must be submitted using this form: http://www.schools.utah.gov/data/Data-Request/ResearcherProposal.aspx. Research proposals are sent directly to the Coordinator of Data and Statistics for review. If the request is approved, an MOA is drafted and sent to legal, placed on the board consent calendar, reviewed by the Superintendent, sent to the Purchasing/Contract Manager, sent to Coordinator or Data and Statistics, appropriate Data Steward fulfills request, de-identifies data as appropriate, and sends to another Data Steward for Quality Assurance (ensuring student data protection). If it passes QA, data are sent to requester and saves the dataset in a secure folder managed by the Coordinator of Data and Statistics. The Data Steward closes the ticket. If it does not pass QA, the data are sent back to the Data Steward for modification.

6 Data Breach

6.1 Purpose

Establishing a plan for responding to a data breach, complete with clearly defined roles and responsibilities, will promote better response coordination and help educational organizations shorten their incident response time. Prompt response is essential for minimizing the risk of any further data loss and, therefore, plays an important role in mitigating any negative consequences of the breach, including potential harm to affected individuals.

6.2 Policy

Wayne County School District shall follow industry best practices to protect information and data. In the event of a data breach or inadvertent disclosure of personally identifiable information, Wayne County School District staff shall follow industry best practices outlined in the Agency IT Security Policy for responding to the breach. Further, Wayne County School District shall follow best practices for notifying affected parties, including students, in the case of an adult student, or parents or legal guardians, if the student is not an adult student.

Concerns about security breaches must be reported immediately to the IT security manager who will collaborate with appropriate members of the Wayne County School District executive team to determine whether a security breach has occurred. If the Wayne County School District data breach response team determines that one or more employees or contracted partners have substantially failed to comply with Wayne County School District’s Agency IT Security Policy and relevant privacy policies, they will identify appropriate consequences, which may include termination of employment or a contract and further legal action. Concerns about security breaches that involve the IT Security Manager must be reported immediately to the Superintendent.

Wayne County School District will provide and periodically update, in keeping with industry best practices, resources for Utah LEAs in preparing for and responding to a security breach. Wayne County School District will make these resources available on its website.

7 Record Retention ad Expungement

7.1 Purpose

Records retention and expungement policies promote efficient management of records, preservation of records of enduring value, quality access to public information, and data privacy.

7.2 Scope

Wayne County School District board member and staff.

7.3 Policy

The Wayne County School District, staff, Utah LEAs and schools shall retain and dispose of student records in accordance with Section 63G-2-604, 53A-1-1407, and shall comply with active retention schedules for student records per Utah Division of Archive and Record Services.

In accordance with 53A-1-1407, the Wayne County School District shall expunge student data that is stored upon request of the student if the student is at least 23 years old. The Wayne County School District may expunge medical records and behavioral test assessments. Wayne County School District will not expunge student records of grades, transcripts, a record of the student’s enrollment or assessment information. Wayne County School District staff will collaborate with Utah State Achieves and Records Services in updating data retention schedules.

Wayne County School District maintained student-level discipline data will be expunged after three years.

8 Quality Assurance and Transparency Requirements

8.1 Purpose

Data quality is achieved when information is valid for the use to which it is applied, is consistent with other reported data and users of the data have confidence in and rely upon it. Good data quality does not solely exist with the data itself, but is also a function of appropriate data interpretation and use and the perceived quality of the data. Thus, true data quality involves not just those auditing, cleaning and reporting the data, but also data consumers. Data quality at is addressed in five areas:

8.1.1 Data Governance Structure

The Wayne County School District data governance policy is structured to encourage the effective and appropriate use of educational data. The Wayne County School District data governance structure centers on the idea that data is the responsibility of all Wayne County School District sections and that data driven decision making is the goal of all data collection, storage, reporting and analysis.   Data driven decision making guides what data is collected, reported and analyzed.

8.1.2 Data Requirements and Definitions

Clear and consistent data requirements and definitions are necessary for good data quality. On the data collection side, the Wayne County School District communicates data requirements and definitions to LEAs through the Data Clearinghouse Update Transactions documentation (see http://www.schools.utah.gov/computerservices/Data-Clearinghouse.aspx). The Wayne County School District also communicates with LEA IT staff regularly, at monthly Data Warehouse Group meetings and at biannual Data Conferences. Where possible, Wayne County School District program specialists are invited to these meetings and the same guidance is given to the appropriate LEA program directors.

On the data reporting side, the production and presentation layers provide standard data definitions and business rules. Data Stewards coordinate data releases through the Data Stewards Group meetings. All data released includes relevant data definitions, business rules, and are date stamped. Further, Data and Statistics produces documentation, trainings and FAQs on key statistics and reports, such as AYP, graduation rate and class size.

8.1.3 Data Collection

Data elements should be collected only once—no duplicate data collections are permitted. Where possible, data is collected at the lowest level available (i.e. at the student/teacher level). Thus, there are no aggregate data collections if the aggregate data can be derived or calculated from the detailed data.

For all new data collections, Wayne County School District provides to LEAs clear guidelines for data collection and the purpose of the data request. The Wayne County School District also notifies LEAs as soon as possible about future data collections. Time must be given to LEAs in order for them to begin gathering the data needed.

8.1.4 Data Auditing

Data and Statistics Data Analysts perform regular and ad hoc data auditing. They analyze data in the warehouse for anomalies, investigate the source of the anomalies, and work with IT and/or LEAs in explaining and/or correcting the anomalies.   Data Analysts also work with School Finance to address findings from the Auditors.

8.1.5 Quality Control Checklist

Checklists have been proven to increase quality (See Appendix C). Therefore, before releasing high-risk data, Data Stewards and Data Analysts must successfully complete the data release checklist in three areas: reliability, validity and presentation.

9 Data Transparency

Annually, Wayne County School District will publically post:

• Wayne County School District data collections
• Metadata Dictionary as described in Utah’s Student Data Protection Act (SDPA), U.C.A §53A-1-1401

10 Appendix

Appendix A. Wayne County School District Employee Non-Disclosure Agreement

As an employee of the Wayne County School District, I hereby affirm that: (Initial) 

_____I have read the Employee Non-Disclosure Assurances attached to this agreement form and read and reviewed Data Governance Plan Wayne County School District policies. These assurances address general procedures, data use/sharing, and data security.   

_____I will abide by the terms of the Wayne County School District’s policies and its subordinate process and procedures;

_____I grant permission for the manual and electronic collection and retention of security related information, including but not limited to photographic or videotape images, of your attempts to access the facility and/or workstations.

Trainings

_____ I have completed Wayne County School District ’s Data Security and Privacy Fundamentals Training.

_____ I will complete Wayne County School District’s Data Security and Privacy Fundamentals Training within 30 days.

Using Wayne County School District Data and Reporting Systems

_____I will use a password-protected computer when accessing data and reporting systems, viewing child/staff records, and downloading reports. 

_____I will not share or exchange individual passwords, for either personal computer(s) or Wayne County School District system user accounts, with Wayne County School District staff or participating program staff. 

_____I will log out of and close the browser after each use of Wayne County School District data and reporting systems. 

_____I will only access data in which I have received explicit written permissions from the data owner. 

_____I will not attempt to identify individuals, except as is required to fulfill job or volunteer duties, or to publicly release confidential data;

Handling Sensitive Data

____ I will keep sensitive data on password-protected state-authorized computers. 

_____I will keep any printed files containing personally identifiable information in a locked location while unattended. 

_____I will not share child/staff-identifying data during public presentations, webinars, etc. I understand that dummy records should be used for such presentations. 

_____I will delete files containing sensitive data after working with them from my desktop, or move them to a secured Wayne County School District server.

Reporting & Data Sharing

_____I will not redisclose or share any confidential data analysis except to other authorized personnel without Wayne County School District’s expressed written consent. 

_____I will not publically publish any data without the approval of the Superintendent. 

_____I will take steps to avoid disclosure of personally identifiable information in state-level reports, such as aggregating, data suppression, rounding, recoding, blurring, perturbation, etc. 

_____I will not use email to send screenshots, text, or attachments that contain personally identifiable or other sensitive information. If I receive an email containing such information, I will delete the screenshots/text when forwarding or replying to these messages. 

_____I will not transmit child/staff-level data externally unless explicitly authorized in writing.

_____I understand that when sharing child/staff-identifying data with authorized individuals, the only approved methods are phone calls or Wayne County School District’s Secure File Transfer Protocol (SFTP). Also, sharing within secured server folders is appropriate for Wayne County School District internal file transfer. 

____ I will immediately report any data breaches, suspected data breaches, or any other suspicious activity related to data access to my supervisor and the Wayne County School District Information Security Officer. Moreover, I acknowledge my role as a public servant and steward of child/staff information, and affirm that I will handle personal information with care to prevent disclosure. 

Consequences for Non-Compliance

____ I understand that access to the Wayne County School District network and systems can be suspended based on any violation of this contract or risk of unauthorized disclosure of confidential information;

_____I understand that failure to report violation of confidentiality by others is just as serious as my own violation and may subject me to personnel action, including termination. 

Termination of Employment

______I agree that upon the cessation of my employment from Wayne County School District, I will not disclose or otherwise disseminate any confidential or personally identifiable information to anyone outside of Wayne County School District without the prior written permission of the Student Data Manager of Wayne County School District. 

Print Name: ___________________________________ 

Signed: ________________________________________     

Date: __________________ 

Appendix B. Protecting PII in Public Reporting

DATA GATEWAY STATISTICAL REPORTING METHOD FOR PROTECTING PII

Public education reports offer the challenge of meeting transparency requirements while also meeting legal requirements to protect each student’s personally identifiable information (PII). Recognizing this, the reporting requirements state that subgroup disaggregation of the data may not be published if the results would yield personally identifiable information about an individual student. While the data used by the Wayne County School District (Wayne County School District ) and local education agencies (LEAs) is comprehensive, the data made available to the public is masked to avoid unintended disclosure of personally identifiable information at summary school, LEA, or state-level reports.

This is done by applying the following statistical method for protecting PII.

1. Underlying counts for groups or subgroups totals are not reported.
2. If a reporting group has 1 or more subgroup(s) with 10 or fewer students.
   • The results of the subgroup(s) with 10 or fewer students are recoded as “N<10”
   • For remaining subgroups within the reporting group
     1. For subgroups with 300 or more students, apply the following suppression rules.
        1. Values of 99% to 100% are recoded to ≥99%
        2. Values of 0% to 1% are recoded to ≤1%
     2. For subgroups with 100 or more than but less than 300 students, apply the following suppression rules.
        1. Values of 98% to 100% are recoded to ≥98%
        2. Values of 0% to 2% are recoded to ≤2%
     3. For subgroups with 40 or more but less than 100 students, apply the following suppression rules.
        1. Values of 95% to 100% are recoded to ≥95%
        2. Values of 0% to 5% are recoded to ≤5%
     4. For subgroups with 20 or more but less than 40 students, apply the following suppression rules.
        1. Values of 90% to 100% are recoded to ≥90%
        2. Values of 0% to 10% are recoded to ≤10%
        3. Recode the percentage in all remaining categories in all groups into intervals as follows (11-19,20-29,…,80-89)
     5. For subgroups with 10 or more but less than 20 students, apply the following suppression rules.
        1. Values of 80% to 100% are recoded to ≥80%
        2. Values of 0% to 20% are recoded to ≤20%
        3. Recode the percentage in all remaining categories in all groups into intervals as follows (20-29,30-39,…,70-79)

Appendix C. Example Quality Control Checklist

Reliability (results are consistent)

1. Same definitions were used for same or similar data previously reported or it is made very clear in answering the request how and why different definitions were used
2. Results are consistent with other reported results or conflicting results are identified and an explanation provided in request as to why is different
3. All data used to answer this particular request was consistently defined (i.e. if teacher data and student data are reported together, are from the same year/time period)
4. Another Wayne County School District data steward could reproduce the results using the information provided in the metadata

Validity (results measure what are supposed to measure, data addresses the request)

5. Request was clarified
6. Identified and included all data owners that would have a stake in the data used
7. Data owners approve of data definitions and business rules used in the request
8. All pertinent business rules were applied
9. Data answers the intent of the request (intent ascertained from clarifying request)
10. Data answers the purpose of the request (audience, use, etc.)
11. Limits of the data are clearly stated
12. Definitions of terms and business rules are outlined so that a typical person can understand what the data represents

Presentation

13. Is date-stamped
14. Small n-sizes and other privacy issues are appropriately handled
15. Wording, spelling and grammar are correct
16. Data presentation is well organized and meets the needs of the requester
17. Data is provided in a format appropriate to the request
18. A typical person could not easily misinterpret the presentation of the data