Serving the Big Horn Basin for over 100 years
Serving the Big Horn Basin for over 100 years
WORLAND — As a direct result of action taken by the 2017 Wyoming Legislature, the Washakie County School District No. 1 Board of Trustees approved on first reading a “Student Data Privacy and Security Policy.”
Superintendent David Nicholas said, “This is policy that comes directly as a requirement of statute. It’s pretty overarching, pretty broad. We’re going to have to write a lot of procedure to backfill this, which we will do.”
Technology Director Kathy Wise said, “This is a state statute that goes into effect Jan. 1. We don’t have a choice. We do need to have a student privacy [policy]. We will work hard on filling in the procedures to go with this policy. All of the districts in the state are working on this same thing.”
In addressing a question by Chairman Don Bryant about why this wouldn’t be handle procedurally only, Wise said, “Statute requires a policy.”
According to the summary by the Legislative Service Office for House Enrolled Act 0008, current law requires the state superintendent of public instruction and Department of Enterprise Technology Services to develop a data security plan. The new law, “requires the state superintendent, in consultation with ETS and the Department of Audit, to establish guidelines for school districts for the collection, access, privacy, security and use of student data by school districts. Effective January 1, 2018, boards of trustees in each school district will be required to enforce a policy regarding the collection, access, privacy, security and use of student data in according with the guidelines.”
According to the policy the board approved on first reading Monday night, the superintendent or “designee” shall develop guidelines for student data privacy to include:
—Authorized access to and use of student data and records.
—Authorized dissemination of student data and records.
—Contracts and data sharing agreements.
—Student data and records retention.
—Employee training.
Guidelines must also be developed regarding student data security including password policies, data breaches, student data and records transmission, data encryption standards, logical, physical and administrative security standards and backup and disaster recovery.
When asked what major changes the district will need to make from its current procedures, Wise said, “We have been making some of the changes. Student data cannot be transmitted by email that is unencrypted so we’ll have to look at an encryption program to do that. We have to make sure we have backup that are off site. We already have disaster recovery, which has saved us already.”
She said a lot of the guidelines go along with FERPA [Family Educational Rights and Privacy Act]. According to the U.S. Department of Education, “FERPA is a federal privacy law that gives parents certain protections with regard to their children’s education records, such as report cards, transcripts, disciplinary records, contact and family information, and class schedules.”
The new statute and policy “is just a way to make sure we are doing what we should be doing,” Wise said.
Wise said some additional staff training may be required regarding emails.
“We’re in pretty good shape. But there are some things we need to take up — password policies, we need to work on that. We have room to improve but overall we’re doing pretty good.”