welcome back to student data privacy fundamentals. This lesson is data classification levels.
In this video, you will learn different data classifications levels and how to treat data at different levels.
P i I is information about an individual maintained by an agency, including any information that can be used to distinguish or trace and individuals identity like their names, Social Security number, date of birth, place of birth, mother's maiden name or biometric records.
Also, any other information that is linked or link herbal toe an individual like medical education, financial records and employment information.
Unauthorized or improper disclosure, modification or destruction of this information could violate state and federal laws, result in civil and criminal penalties and cause serious legal implications.
Directory information is information contained in an education record of a student that generally would not be considered harmful or an invasion of privacy. If disclosed without the consent of a parent or eligible student,
the school district designates the following items as directory information,
general directory information and limited directory information.
So again, general directory information is anything that could be published in a general directory. So a yearbook, athletics or activities program etcetera as long as those records would not be considered harmful or an invasion of privacy if disclosed. So looking through this list
lots of examples for general directory information,
Limited directory information would be information that can only be disclosed as permitted in your organization's board policies
and in compliance with FERPA. So that would be a student's address, phone number, email address or the address, phone number and email address of parents.
Confidential information is very important and highly sensitive material that is not classified as p I. I so private or otherwise sensitive in nature and shall be restricted to those with legitimate business need for access. Examples of confidential information
would be student records, personnel information,
key financial information, proprietary information system access, passwords and encryption keys.
Unauthorized disclosure of this information to individuals without a business need for access may violate laws and regulations or may cause significant consequences for district, its staff, parents, students or other stakeholders.
Decisions about the provision of access to this information shall always be cleared through the Data manager and or the I. So
internal information is intended for unrestricted use within the district and in some cases, within affiliated stakeholders.
It's already widely distributed within the district, or it could be distributed within the organization without advance permission from the information owner. So some examples of internal information would be internal policies and procedures, handbooks, memos
and also district created curriculum.
Unauthorized disclosure of this information to outsiders may not be appropriate due to copyright, legal or contractual provisions.
Public information has been specifically approved for public release by your district director of communications or PR director or other appropriate district administrator, and some examples of public information may include patron mailings and materials posted to the district's website.
This information may be disclosed outside of the district.
Time for a quiz. What is the Onley type of data classifications level that we discussed that could be disclosed outside of the district at any time without prior permission?
If you said public information, you are correct.
In today's video, we discussed different data classification levels, including P II and directory information, confidential internal and public,
and how to treat data at the different levels.
In the next lesson, we will discuss best practices for securing data at rest and transit.