Cybersecurity » Student Data Privacy

Student Data Privacy

District Commitment
The Deer Park Independent School District is committed to protecting student data. While students are using school computers and networks for educational purposes, it can often leave their data exposed to security risks. As a district we are dedicated to enforcing and following the Family Educational Rights and Privacy Act (FERPA).  FERPA is a Federal law that protects the privacy of student education records and personally identifiable information (PII) from unauthorized disclosure, either intentionally or unintentionally, and requires written consent for disclosure. FERPA gives parents certain rights with respect to their children's education records. 
 
District Student Data Collection
Data collected by DPISD meets specific policy, practice, and service requirements of state, federal, and local laws and regulations.
Most student data stays at the local entity. Districts, states, and the federal government all collect data
about students for important purposes like informing instruction and providing information to the public.
But the type of data collected, and who can access them, is different at each point.
 
District Data Safeguards and Controls
Data Confidentiality- Only authorized individuals have access to information.
Data Integrity- The value and state of information is protected from unauthorized modification. 
Data Availability- Resources are available and operational when and where they are needed.
Data Retention-  Ensure specific retention requirements and disposal guidelines for sensitive data.
Data Classification- Applying the appropriate levels of protection as required by State/Federal law based on data asset value and associated risks.
 
Texas Cybersecurity Framework
Texas Department of Information Resources developed the Texas Cybersecurity Framework (TCF) in collaboration with other government entities and the private sector. It uses a common language to address and manage cybersecurity risk in a cost-effective way, based on business needs, without placing additional regulatory requirements on agencies. The framework, which is aligned with the National Institute of Standards and Technology (NIST) framework, is divided into five concurrent and continuous functions: Identify, Protect, Detect, Respond, and Recover. The TCF is intended to help an organization to better understand, manage, and reduce its cybersecurity risks.
 
Texas Data Privacy Agreement
Deer Park Independent School District in collaboration with other Texas school districts (Texas Student Privacy Alliance TXSPA) share common concerns around student privacy. The goal of the TXSPA is to set standards of both practice and expectations around student privacy such that all parties involved have a common understanding of expectations. The adoption and implementation of a common Student Data Privacy Agreement shall be used by all member schools when implementing any online application. By adopting such a contract all vendors and schools have common expectations when entering into a relationship or implementation without having to renegotiate terms in every new instance.
 
What is a Data Breach?
Data breaches come in many different forms, from cyber criminals breaking into school data systems and stealing sensitive data about students or employees, to accidental disclosures due to errors or misconfigurations. A data breach can be understood as any circumstance where a school’s student data system is improperly accessed, compromised, or disclosed to a third party.
 

For more resources about federal student privacy laws and protecting student privacy: