Student Data Privacy

Introduction

Provo City School District recognizes its moral and legal responsibility to protect student privacy and ensure data security (student and staff data). Utah’s Student Data Protection Act (SDPA), UTAH CODE ANN. § 53A-1-1401 to 14011 (2017) requires that Provo City School District adopt a Data Governance Plan.

Data governance is an organizational approach to data and information management that is formalized as a set of policies and procedures that encompass the full life cycle of data; from acquisition, to use, to disposal.

What is Personally Identifiable Information (PII)?

Personally Identifiable Information includes any information that could be used to identify a student and could include the student’s name, state or ID number, email address, or other unique data.

Data is a powerful tool to inform, engage, and create opportunities for students along their education journey, and it‘s much more than test scores. Data helps educators gain proper insights and make the right decisions that lead to student achievement.

Provo City School District, the Utah State Board of Education, and the Utah State Legislature value the protection of student data during all stages of the data’s use.

In Provo City School District we strive to communicate with the community about all aspects of student data and it’s protection while in our possession. This page outlines the policies we have in place, the federal and state legislation in Utah, and online resources for parents and students aimed at protecting student data.

Our Data Governance Plan

The Data Governance Plan is applicable to all employees, temporary employees, contractors, and volunteers of the Provo City School District. The policy must be used to assess agreements made to disclose data to third-parties. This policy must also be used to assess the risk of conducting business. In accordance with Provo City School District policy and procedures, this policy will be reviewed and adjusted on an annual basis. This policy is designed to ensure only authorized disclosure of confidential information.

Metadata Dictionary

The Utah State Board of Education maintains a record of the systems and services with which we share data.

Frequently Asked Questions

How do I share PII with another Provo City School District staff member?

As a general rule, always try to limit the PII you need to communicate. Use only enough to ensure that all parties are on the same page.

If your communication requires more extensive amounts of PII, best practice is to place the information in a Google Doc and only share it with the recipient. This will require them to be signed-in to their own Google account which ensures their identity. Also disable download, print, and copy capability and prevent editors from changing access.

You may also use Gmail’s ‘Confidential Mode’ to

  • Set an expiration date for sensitive emails
  • Require a passcode to view sensitive emails
  • Prevent forwarding, downloading, copying, and pasting of sensitive data with an email.

How do I share student records with a school in another district?

Sharing outside of our district is more risky because they are outside of our non-disclosure agreement and acceptable use policy. If you must communicate PII like student records with another district, the best solution is to scan the document(s) to a PDF, require a password to open it, then email the PDF.

Is the phone a secure way to share PII?

Calling someone on the phone is one of the most secure ways we can communicate. There are however a few ideas to keep in mind:

  • Avoid leaving PII in a voicemail.
  • Don’t send a text containing PII.
  • Ensure that your environment is secure before listening or talking out loud on the phone.

What data can be shared by text message?

Texting is not secure so limit your communication to necessary Directory Information. If greater detail is needed, consider using a secure managed service like our Ogden School District email or Google Hangouts using your OSD account.

How do I share PII with USBE?

USBE uses a secure file transfer system called MOVEit. This is the most secure system for sharing PII back and forth with USBE. In most cases, a district administrator will facilitate this level of sharing via MOVEit.

Can I use a fax machine to send PII?

A fax machine is only secure if you know the recipient is there waiting to receive your communication. If you must use fax, ensure that the recipient is ready or that their fax machine is in a secure location. The best solution is to scan the document to a PDF, require a password to open it, then email the PDF.

Can I share PII with parents or guardian over email?

If a parent or guardian reaches out to an OSD staff member, requesting their student’s PII, you may share it directly with them, even via email. However, the OSD staff member should not initiate this sharing. If you need to share important information with a parent or guardian, it is always best to use a phone call or set up a face-to-face meeting.

What data does Provo City School District share?

All data shared outside Provo City School District is recorded in the Metadata Dictionary. This list includes entities who are committed to protecting your child’s data as they provide educational services.

Additional Questions

If you have additional questions about student data privacy, please visit the Connect Safely website.

State Law

Federal Law

Children’s Online Privacy Protection Act (COPPA)

COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

Family Education Rights and Privacy Act (FERPA)

The Family Education Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.)

Protection of Pupil Rights Amendment (PPRA)

The PPRA applies to the programs and activities of a State educational agency (SEA), local educational agency (LEA), or other recipient of funds under any program funded by the U.S. Department of Education.