Laws and Policies
Laws and Policies
In 2018, the IT Department called for development of a Data Governance plan in PVSchools. Below is the thinking and rationale in that regard:
U.S. Department of Education Data Governance Checklist
COSN on disclosing student records - FERPA and the "School Official" exception.
Data Stewards are district administrators or their designees with planning and policy- level responsibility for information within their functional areas and management responsibility for defined segments of PVSchools' information. The Data Steward is the individual or entity identified by law, contract or policy with responsibility for granting access to and ensuring appropriate use of the information.
The responsibilities of the Data Steward include:
Assigning, training and overseeing all employees within their domain on data use and safeguarding.
Overseeing the establishment of data practices in their areas.
Determining legal and regulatory requirements for information in their areas.
Ensuring that appropriate segregation of duties and rules are implemented.
Promoting appropriate information use and information quality.
Ensuring that he/she does not put his/her information at risk through his/her own actions.
Assigning classification standard values to the information for which he/she is responsible.
Implementing a Records Retention and Disposition Schedule for information.
Working with the Information Technology Department, and other authorized individuals on the investigation and mitigation of information security incidents/breaches affecting the confidentiality, availability, or integrity of their information.
Performing information security duties as required by other PV standards and practices, policies, executive orders, coded memoranda, etc.
Establishing written procedures granting and revoking access privileges.
(A) Data Users are expected to respect the confidentiality and privacy of individuals whose records they access; to observe any restrictions that apply to Class lll (Sensitive) data; and to abide by applicable laws, policies, procedures and guidelines with respect to access, use, or disclosure of information. The unauthorized use, storage, disclosure, or distribution of System Data in any medium is expressly forbidden; as is the access or use of any System Data for one's own personal gain or profit, for the personal gain or profit of others, or to satisfy one's personal curiosity or that of others.
(B) Each employee of the System will be responsible for being familiar with the System's Data Security Policy and these Security Measures as job duties. It is the express responsibility of Authorized Users and their respective supervisors to safeguard the data they are entrusted with, ensuring compliance with all aspects of this policy and related procedures.
(C) Employees, whether or not they are Authorized Users, are expressly prohibited from installing any program or granting any access within any program to Class III data without notifying the Information Technology Department.
(D) Violations of these Data Security Measures may result in loss of data access privileges, administrative actions, and/or personal civil and/or criminal liability.