Student Data Privacy

Introduction

Provo City School District recognizes its moral and legal responsibility to protect student privacy and ensure data security of both students and staff. Utah’s Student Data Protection Act (SDPA), UTAH CODE ANN. § 53A-1-1401 to 14011 (2017) requires that Provo City School District adopt a Data Governance Plan that fully addresses data privacy and protection. Data governance is an organizational approach to data and information management that is formalized as a set of policies and procedures that encompass the full life cycle of data; from acquisition, to use, and finally to disposal of collected data.

Personally Identifiable Information (PII)

Personally Identifiable Information (PII) includes any information that in isolation or in connection with other data can be used to identify a student. This information includes such things as student name, state or school ID number, email address, or other data unique to an individual. As such, data are used to inform, engage, and create opportunities for students in their educational goals. Data is so much more than student test scores- it includes a variety of information that helps educators gain individual insights about students and helps them make sound instructional decisions that lead to student achievement.

In Provo City School District, we strive to communicate with the community about all aspects of student data and how we protect it while in our possession. This web page outlines the policies that PCSD has in place and includes the federal and state legislation with regards to student data privacy, and includes online resources for parents and students regarding protection of student data.

Data Collection Notice

Provo City School District collects various data on students for educational use and application. The Data Collection Notice outlines the data PCSD may collect for relevant programs and instruction carried out on behalf of PCSD students.

Provo City School District Data Governance Plan

The PCSD Data Governance Plan applies to all district employees, temporary employees, volunteers, and contractors of Provo City School District. This policy must be enforced when assessing agreements that disclose data to 3rd parties and the risk of doing business with outside entities. According to Provo City School District policy and procedure, this Data Governance Plan will be reviewed annually, with adjustments being made as needed according to the annual review.

Metadata Dictionary

The Utah State Board of Education maintains a record of all systems and services with which we share student data. All data shared outside of Provo City School District is recorded in the Metadata Dictionary and includes entities committed to protecting student data privacy. It is updated as new data sources are gathered and shared.

Utah State Data Privacy Law

Federal Student Data Privacy Law

Children’s Online Privacy Protection Act (COPPA)

COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Family Education Rights and Privacy Act (FERPA)

The Family Education Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

Protection of Pupil Rights Amendment (PPRA)

The PPRA applies to the programs and activities of a State Educational Agency (SEA), Local Educational Agency (LEA), or other recipient of funds under any program funded by the U.S. Department of Education.

Frequently Asked Questions

How do I share PII with another Provo City School District staff member?

As a general rule, always try limiting the PII you need to communicate to achieve your desired outcomes for yourself and the party you are sharing data with.

In the event you need to share more extensive amounts of PII, best practice is to share that data in a Google Doc and share only with the intended recipient(s). This requires the recipient(s) to be signed-in to their own Google account to ensure their identity. Also, disable download, print, and copy capability to prevent recipient(s) from changing access.

You may also use the Gmail “Confidential Mode” to:

  • Set an expiration date for sensitive emails
  • Require a passcode for sensitive emails
  • Prevent forwarding, downloading, copying/pasting of sensitive data within an email

How do I share student records with another school district?

Sharing data outside PCSD is more risky because they are outside of our non-disclosure agreement and acceptable use policy. If PII must be shared with another district, such as student records, the best approach is to scan the document(s) into a PDF, and require a password to open the PDF document. Email the PDF in one email, then send the passcode in a separate email.

How do I share PII with the Utah State Board of Education (USBE)?

USBE uses a secure file transfer system called MOVEit. This is the most secure system for sharing PII back and forth with USBE. In most cases, a district administrator should be facilitating this level of data sharing with USBE.

Can I share data with parents/guardians via Email?

If a parent/guardian emails a PCSD staff member requesting student PII via email, the staff member may share that information directly with the parent via email as requested. However, the parent should instigate the request, not the PCSD staff member. It is always more secure to share important student information via secure phone call or in a face-to-face meeting. When communicating via phone, keep these ideas in mind:

  • Avoid leaving PII in a voicemail
  • Do not send a text with PII
  • Ensure the environment is secure before listening or talking out loud on the phone

Can I share data via Text message?

Texting is not a secure method of transmitting student PII. If communicating PII with parents/guardians or other persons outside Provo City School District, the preferred method would be via the PCSD secure server.

Additional Questions Regarding Student Data Privacy

If you have additional questions about student data privacy, please visit the Connect Safely website at: https://www.connectsafely.org