District Technology Acceptable Use Policy

 

Data Security and Privacy Policy

Pavilion Central School District

 

Access to our networked computer systems and the Internet is made available to students and staff.  Our goal is to provide students and staff with network resources that promote educational excellence.  With access to computers and people around the world we understand the need to protect our staff and students’ privacy in the online world.      PCS has taken steps to ensure that students and staff personal identifiable information (PII) is secure to the best of our ability.  PCS has also provided information and instruction to staff to understand their role and responsibility when using district systems and network resources to maintain data security regarding PII. In addition, it is the expectation that staff will inform students, model appropriate policy protocol, and expect all students to follow the District Technology Use Policy to help ensure online safety and security.

 

District Goals

  1. To provide computer systems and access to the Internet while maintaining security of Personal Identifiable Information.
  2. To provide online resources to our students that promote educational excellence
  3. To allow personal identifiable information access to third party vendors that have been vetted by our Technology Department for their appropriateness in instruction and the appropriate data privacy measures are in place.

 

If a user violates any of these provisions, his or her access to the Internet and district programs may be terminated.

 

Terms and Conditions

  1. Acceptable Use
    1. All staff must ensure that our district’s systems remain secure. Such as but not limited too:
  1. All passwords must remain private and should not be shared
  2. Passwords must be kept in a secure location and not easily accessed by anyone
  3. Log-Out, not X our, of all systems when not in use
  4. Lock all devices when not in your possession
  5. Lock classroom doors when not present to limit access to devices
  1. All staff must provide students with appropriate educational resources to limit student’s access to inappropriate or unsecure sources. Such as but not limited too:
    1. A list or other resource with teacher approved sources
    2. To ensure that they are providing students with online resources that protect their PII.
    3. District approved resources such as our databases
    4. Students shall not be permitted to engage in non-academic activities on the network or internet.
    5. Students should be using sites that are meet specific educational need and related to instructional purpose.
  2. All staff must monitor students that are accessing computer systems, including the internet to ensure the site(s) being accessed supports education and is consistent with the educational goals of our district.
  1. Privilege
    1. The use of the computer network is a privilege not a right.  Inappropriate use, including violation of the conditions and rules may result in cancelation of the privilege.
      1. Based upon the acceptable use guidelines and this policy the Technology Coordinator, Chief Privacy Officer and/or Administration will deem what is inappropriate use.
  2. Safety
    1. It is our policy to
      1. Prevent users access over the computer network to transmit or receive inappropriate material
      2. Prevent unauthorized  access and other unlawful online activity
      3. Prevent unauthorized disclosure, use, or dissemination of personal identifiable information of minors and to comply with the Children's Internet Protection Act and NYS Education Law Section 2D
    2. It shall be the responsibility of all staff to educate, supervise, model, and monitor appropriate usage of the online computer network and access to the Internet in accordance with policy.
    3. Students in grades K-12 shall be taught internet safety as part of their instruction through specific district designed or approved resource curriculum and/or lessons when appropriate and specific to the educational use.

 

  1. Penalties for Improper Use
    1. Any staff violating these rules, state and/or federal laws, or district rules are subject to loss of network privileges and other district disciplinary actions.  The Technology Coordinator, Chief Privacy Officer, and/or Administrators will determine the penalties for improper use.

     

  2. Third Party Venders and Student Data
    1. We understand that in this digital age, our teachers and students will make use of many websites to assist and enrich the student learning experience. All websites that require any PII must be approved by the Technology Department prior to use with students and have a clear educational purpose.
    2. To the extent practical the Technology Department and/or Chief Privacy Officer will confirm websites that maintain the privacy integrity of our students and staff. Items to be considered are but not limited too:
    3. Vetted resources will be published to the district website with access to the accepted privacy policy.

     

  3. Data Breach
    1. Any incident that exposes confidential or protected information is considered a data breach and must be reported to the Technology Department, Chief Privacy Officer, or Administration immediately. Items to be considered but not limited too:
      1. Passwords to accounts unsecure
      2. Device left unlocked and unattended
      3. Accounts not being logged out
      4. Emails being displayed
      5. Student PII being displayed
      6. Online resources accessed by an unauthorized user
    2. After receiving a report of a data breach incident the Technology Department, Chief Privacy Officer, and/or Administration must investigate.  If a breach is authenticated notification to all people impacted must be made without undue delay.
    3. If a data breach is identified to be caused by the accidental or willful violation of district policy the offender may receive a reprimand to be determined by the Technology Department, Chief Privacy Officer, and/or administration.
    4. Staff that access district resources from personal devices must ensure safeguards to ensure PII is protected. Such as but not limited too:
      1. Cell phones must be locked
      2. Electronic devices must be locked
      3. Online resources must be logged out

       

  4. Parents Bill of Rights
    1. Must be published on the district website
    2. Vetted websites privacy policies must be published on the District’s website

     

  5. District Cyber Security
    1. Data Storage
    2. Data Encryption
    3. General Security
    4. Common Threats

     

  6. Rights
    1. Staff and students have the right to have their PII protected
    2. Parents have the right to deny access of their children to online resources through a writ.
    3. The district has the right to expect that staff will work collaboratively to help ensure that our district, staff and students PII remains protected in vetted online resources and devices.

     

  7. Training
    1. The district will provide training to all staff annually as to what PII entails
    2. The district will provide training to all staff annually as to their responsibilities regarding data security and privacy.
    3. Staff is responsible to ensure students know and understand their responsibilities regarding technology use within the district.
      1. Notify students of the Technology Acceptable Use Agreement
      2. Hold students responsible to follow the Technology Acceptable Use Agreement
        1. If staff is not comfortable with providing this information to students then they must contact the technology department for guidance.

         

  8. Incident Reporting
    1. Parents, eligible students (students who are at least 18 years of age or attending a postsecondary institution at any age), principals, teachers, and employees of an educational agency may file a complaint about a possible breach or improper disclosure of student data and/or protected teacher or principal data. A privacy complaint may be made using this online form or by mailing the form to the district’s Data Protection Officer at Pavilion Central School
      1. Procedures
        1. A form must be completed providing information of the privacy complaint and filed with the Data Privacy Officer within 72 hours.
        2. The Technology Coordinator and Data Privacy Officer will review the information and determine if a breach or improper disclosure was made.
        3. A report will be made on the findings to district administration for review.
          1. If no breach or improper use are discovered the report with this finding will be provided to the person filing the complaint.
          2. If a breach or improper use is discovered notification to all impacted will be made without undue delay.
          3. If warranted a reprimand will be given to those involved.
  1. Data Protection Officer Appointment-Superintendent of Pavilion Central School


Improper Disclosure Reporting Form

 

Parents, eligible students (students who are at least 18 years of age or attending a postsecondary institution at any age), principals, teachers, and employees of an educational agency may file a complaint about a possible breach or improper disclosure of student data and/or protected teacher or principal data. A privacy complaint may be made using this online form or by mailing the form to the district’s Data Protection Officer at Pavilion Central School. 

Please Use the following Link or Contact our Data Protection Officer


Please provide the following information
Name 
Phone Number
Email
Role
Date Violation Occurred
Description of Data Compromised
Additional Information