District Technology Acceptable Use Policy
Data Security and Privacy Policy
Pavilion Central School District
Access to our networked computer systems and the Internet is made available to students and staff. Our goal is to provide students and staff with network resources that promote educational excellence. With access to computers and people around the world we understand the need to protect our staff and students’ privacy in the online world. PCS has taken steps to ensure that students and staff personal identifiable information (PII) is secure to the best of our ability. PCS has also provided information and instruction to staff to understand their role and responsibility when using district systems and network resources to maintain data security regarding PII. In addition, it is the expectation that staff will inform students, model appropriate policy protocol, and expect all students to follow the District Technology Use Policy to help ensure online safety and security.
District Goals
To provide computer systems and access to the Internet while maintaining security of Personal Identifiable Information.
To provide online resources to our students that promote educational excellence
To allow personal identifiable information access to third party vendors that have been vetted by our Technology Department for their appropriateness in instruction and the appropriate data privacy measures are in place.
If a user violates any of these provisions, his or her access to the Internet and district programs may be terminated.
Terms and Conditions
Acceptable Use
All staff must ensure that our district’s systems remain secure. Such as but not limited too:
All passwords must remain private and should not be shared
Passwords must be kept in a secure location and not easily accessed by anyone
Log-Out, not X our, of all systems when not in use
Lock all devices when not in your possession
Lock classroom doors when not present to limit access to devices
All staff must provide students with appropriate educational resources to limit student’s access to inappropriate or unsecure sources. Such as but not limited too:
A list or other resource with teacher approved sources
To ensure that they are providing students with online resources that protect their PII.
District approved resources such as our databases
Students shall not be permitted to engage in non-academic activities on the network or internet.
Students should be using sites that are meet specific educational need and related to instructional purpose.
All staff must monitor students that are accessing computer systems, including the internet to ensure the site(s) being accessed supports education and is consistent with the educational goals of our district.
Privilege
The use of the computer network is a privilege not a right. Inappropriate use, including violation of the conditions and rules may result in cancelation of the privilege.
Based upon the acceptable use guidelines and this policy the Technology Coordinator, Chief Privacy Officer and/or Administration will deem what is inappropriate use.
Safety
It is our policy to
Prevent users access over the computer network to transmit or receive inappropriate material
Prevent unauthorized access and other unlawful online activity
Prevent unauthorized disclosure, use, or dissemination of personal identifiable information of minors and to comply with the Children's Internet Protection Act and NYS Education Law Section 2D
It shall be the responsibility of all staff to educate, supervise, model, and monitor appropriate usage of the online computer network and access to the Internet in accordance with policy.
Students in grades K-12 shall be taught internet safety as part of their instruction through specific district designed or approved resource curriculum and/or lessons when appropriate and specific to the educational use.
Penalties for Improper Use
Any staff violating these rules, state and/or federal laws, or district rules are subject to loss of network privileges and other district disciplinary actions. The Technology Coordinator, Chief Privacy Officer, and/or Administrators will determine the penalties for improper use.
Third Party Venders and Student Data
We understand that in this digital age, our teachers and students will make use of many websites to assist and enrich the student learning experience. All websites that require any PII must be approved by the Technology Department prior to use with students and have a clear educational purpose.
To the extent practical the Technology Department and/or Chief Privacy Officer will confirm websites that maintain the privacy integrity of our students and staff. Items to be considered are but not limited too:
Vetted resources will be published to the district website with access to the accepted privacy policy.
Data Breach
Any incident that exposes confidential or protected information is considered a data breach and must be reported to the Technology Department, Chief Privacy Officer, or Administration immediately. Items to be considered but not limited too:
Passwords to accounts unsecure
Device left unlocked and unattended
Accounts not being logged out
Emails being displayed
Student PII being displayed
Online resources accessed by an unauthorized user
After receiving a report of a data breach incident the Technology Department, Chief Privacy Officer, and/or Administration must investigate. If a breach is authenticated notification to all people impacted must be made without undue delay.
If a data breach is identified to be caused by the accidental or willful violation of district policy the offender may receive a reprimand to be determined by the Technology Department, Chief Privacy Officer, and/or administration.
Staff that access district resources from personal devices must ensure safeguards to ensure PII is protected. Such as but not limited too:
Cell phones must be locked
Electronic devices must be locked
Online resources must be logged out
Parents Bill of Rights
Must be published on the district website
Vetted websites privacy policies must be published on the District’s website
District Cyber Security
Data Storage
Data Encryption
General Security
Common Threats
Rights
Staff and students have the right to have their PII protected
Parents have the right to deny access of their children to online resources through a writ.
The district has the right to expect that staff will work collaboratively to help ensure that our district, staff and students PII remains protected in vetted online resources and devices.
Training
The district will provide training to all staff annually as to what PII entails
The district will provide training to all staff annually as to their responsibilities regarding data security and privacy.
Staff is responsible to ensure students know and understand their responsibilities regarding technology use within the district.
Notify students of the Technology Acceptable Use Agreement
Hold students responsible to follow the Technology Acceptable Use Agreement
If staff is not comfortable with providing this information to students then they must contact the technology department for guidance.
Incident Reporting
Parents, eligible students (students who are at least 18 years of age or attending a postsecondary institution at any age), principals, teachers, and employees of an educational agency may file a complaint about a possible breach or improper disclosure of student data and/or protected teacher or principal data. A privacy complaint may be made using this online form or by mailing the form to the district’s Data Protection Officer at Pavilion Central School
Procedures
A form must be completed providing information of the privacy complaint and filed with the Data Privacy Officer within 72 hours.
The Technology Coordinator and Data Privacy Officer will review the information and determine if a breach or improper disclosure was made.
A report will be made on the findings to district administration for review.
If no breach or improper use are discovered the report with this finding will be provided to the person filing the complaint.
If a breach or improper use is discovered notification to all impacted will be made without undue delay.
If warranted a reprimand will be given to those involved.
Data Protection Officer Appointment-Superintendent of Pavilion Central School
Improper Disclosure Reporting Form
Parents, eligible students (students who are at least 18 years of age or attending a postsecondary institution at any age), principals, teachers, and employees of an educational agency may file a complaint about a possible breach or improper disclosure of student data and/or protected teacher or principal data. A privacy complaint may be made using this online form or by mailing the form to the district’s Data Protection Officer at Pavilion Central School.
Please Use the following Link or Contact our Data Protection Officer
Please provide the following information
Name
Phone Number
Email
R
ole
Date Violation Occurred
Description of Data Compromised
Additional Information