St. Vrain Valley Schools holds data privacy and security in high regard. In order to ensure compliance with both the federal Family Education Rights and Privacy Act (FERPA) and the Colorado Student Data Transparency and Security Act (HB 16-1423), St. Vrain requires each third-party vendor to sign our district’s Confidentiality and Non-Disclosure Addendum. Here is a List of Current Vendors who have signed the C&NDA.
Once obtained, St. Vrain uses only Secure File Transfer Protocol (SFTP) or other industry-standard data transport methods.
The district shares only the data required for the vendor to provide the educational services sought (not necessarily all of the requested types of information).
Schools and departments wishing to partner with vendors that may have access to staff or student data are required to use the site-based Confidentiality and Non-Disclosure Agreement. The form, along with contact information (name, title, email, and phone) for all signatories can be sent to email@example.com.
Click on the School Resources page for a wealth of resources that can empower your use of online educational materials.
During this school year we have provided best practices and resources regarding FERPA and individual student data through newsletter articles and the Student Data Privacy Blog.
What about privacy of parent information? St. Vrain Valley Schools holds that parent email addresses provided to the district are intended specifically for district-to-parent communication, and are not to be shared with a third party vendor. [An exception to this Schoology, since parent email addresses are required for parent accounts to our district’s learning management tool.] For all other cases, such as vendors seeking to sell products to parents, our recommendation that schools instead provide parents with the ability to opt into receiving emails from vendors. This can be handled by each site sending communication through the Infinite Campus Messenger tool detailing the service offered and instructions about how to subscribe and receive email from the vendor. To learn more, visit the Data Practices site. And thank you for helping to protect student – and parent – personally identifiable information!
Check out the Data and Student Privacy Slideshow presented to the SVVSD Leadership Council on November 12, 2015.
What types of data may the district provide without written consent? Per SVVS Board Policy, the district may disclose student education records or personally identifiable information contained therein without written consent of the parent/guardian or eligible student if the disclosure meets certain criteria. These exceptions are outlined on pages 2 and 3 of Policy JRA/JRC. Some of the most popular requests that fall under these criteria are:
- disclosure to a school official having a legitimate educational interest in the student education record or the personally identifiable information contained therein.
- disclosure to officials of another school, school system or postsecondary institution that has requested the records and in which the student seeks or intends to enroll, or has enrolled
- disclosure in connection with an emergency, if knowledge of the information is necessary to protect the health or safety of the student or others.
- disclosure of “directory information” as defined by this policy
“Directory information” means information contained in a student’s education record that would not generally be considered harmful or an invasion of privacy if disclosed. Directory information which may be released includes but is not limited to the student’s name, email address, photograph, date and place of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, grade level, enrollment status, degrees, honors and awards received, the most recent previous educational agency or institution attended by the student, and other similar information.
The parent/guardian or eligible student has the right to refuse to permit the designation of any or all of the categories of directory information if such refusal is received in writing in the office of the principal of the school where the student is in attendance.
Perhaps you have heard about a fabulous online tool that is the bomb in a colleague’s classroom or that empowers staff or parents. All you have to do is sign up, send the site your student rosters, and badda-bing, badda-boom — you’re good to go, right? Well, maybe!
Please review the District Guidelines for 3rd Party Web/App Services prior to procuring a tool to ensure that matters such as redundancy, security, and data privacy have been considered.
Confidentiality of student records is the responsibility of everyone at St. Vrain Valley Schools including faculty, staff, students and even volunteers. Students rely on the District to protect their privacy so be diligent in following these best practices:
- Do not share your login credentials (username & password) with others…including substitute teachers.
- Be careful not to forward or reply to emails which are sent to you containing sensitive data without removing such data prior to transmission.
- Logout of computer programs prior to leaving your computer unattended.
- Be aware of the information that is on your computer screen when others are able to view it.
- Do not store student record information on personal storage devices such as personal flash drives, home computers, external email, or external online storage services.
Do not share your username and password! Did you know that if you share your login credentials in your substitute plans or with a trusted colleague you are also sharing your access to your personal data in Infinite Visions, FERPA-protected student data in Infinite Campus, your email, Google Documents, and more? For your own protection, keep your SVVSD password confidential!
Contact Amber Muir (firstname.lastname@example.org, 303-702-7910) for additional information.
Technology and data empower learning and enrich education in the St. Vrain Valley Schools. They also require new opportunities for us to protect sensitive student information. The Family Educational Rights Privacy Act (FERPA) is a federal law put in place to do just that. As school district staff, we must be extremely careful to take privacy into consideration, especially with all the technological tools at our disposal. FERPA protects the privacy of students by requiring Personally Identifiable Information (PII) to be kept confidential. Personally Identifiable Information includes but is not limited to:
- Student’s Name
- Name of Parents/Family Members
- Address of Student or Family
- ID Number
- Personal Characteristics
So what does this mean for you? We must be conscientious of the fact that just because we have the ability to post information online or distribute information via the internet, those avenues are not secure methods of data sharing. Do not provide student PII to any outside source (including educational service providers, parent groups, etc.) without district approval. Contact Amber Muir (email@example.com, 303-702-7910) for additional information.