School districts face a great challenge when it comes to protecting and storing sensitive data. Public schools are required to collect and report certain information to state and federal government agencies, but must be extremely careful to secure this information against cybersecurity threats. Good data governance and strong cybersecurity practices provide districts with a clear understanding of how information is collected and handled. Effective data governance ensures that data is consistent and trustworthy and doesn't get misused.
Data Governance Objective
Consistently and continuously communicate data privacy practices to parents and the community.
Provide a centralized coordination or enterprise data architecture that all stakeholders and departments must follow in order to provide confidentiality, integrity, and availability of district data.
Create uniform policies that will prevent the misuse of personal data about students and/or employees.
Propose, create, review, and revise data security and privacy standards, practices, and documentation.
Insure the district is compliant with all state and federal laws/regulations in regard to data privacy.
District Data Safeguards and Controls
Data Confidentiality- Only authorized individuals have access to information.
Data Integrity- The value and state of information is protected from unauthorized modification.
Data Availability- Resources are available and operational when and where they are needed.
Data Retention- Ensure specific retention requirements and disposal guidelines for sensitive data.
Data Classification- Applying the appropriate levels of protection as required by State/Federal law based on data asset value and associated risks.
Texas Cybersecurity Framework
Texas Department of Information Resources developed the Texas Cybersecurity Framework (TCF) in collaboration with other government entities and the private sector. It uses a common language to address and manage cybersecurity risk in a cost-effective way, based on business needs, without placing additional regulatory requirements on agencies. The framework, which is aligned with the National Institute of Standards and Technology (NIST) framework, is divided into five concurrent and continuous functions: Identify, Protect, Detect, Respond, and Recover. The TCF is intended to help an organization to better understand, manage, and reduce its cybersecurity risks.
Records Management Compliance Training
- This required training describes and mandates that every staff member, elected official, or anyone serving the district is responsible for school district records.
- Records include any type of record about a student including paper or electronic forms is a legal requirement.
- It is a shared responsibility and is every person’s responsibility.
- District holds an annual Technology Compliance Day for all staff to complete a district-provided FERPA training.
- All new hires are required to complete district-provided FERPA training.
- The training is updated annually and regularly when new information is needed.
Board Policies for Educational Records
* (Legal) Legal policies compile federal law, state law, and court decisions, providing the statutory context in which all other policies should be read.
* (Local) Local policies reflect decisions made by the board of trustees.
* Note: Local government records retention schedules are available on the TSLAC website.