Defining Terms and Federal Regulations

00:00

Welcome back to student out of privacy fundamentals. This lesson is on defining terms and federal regulations.

00:08

In this video, you will learn important definitions for key terms in your student data privacy policy.

00:15

You will also learn term definitions in key federal regulations.

00:20

Confidentiality is data or information that is not made available or disclosed to unauthorized users.

00:29

Confidential data or information is information that the district is prohibited by law, policy or contract from disclosing, or that the district may disclose Onley in limited circumstances. Confidential data includes, but is not limited

00:44

two P II or personally identifiable information regarding students and employees.

00:51

Critical data or information is determined to be essential to district operations, and that must be accurately and securely maintained to avoid disruption to district operations. It is important to note here that critical data is not necessarily confidential data. For example,

01:07

confidential data would be someone's Social Security number or grade information.

01:14

But critical data could be something that would pose a risk, like a leaked password to a district WiFi network. But it would not put any individual person a harm.

01:29

Data is facts or information. It could be in any form, Orel written or electronic

01:37

a data breach, breach of security or breach all

01:41

basically referring to the same thing. Meaning a security incident in which there was unauthorized access to an unauthorized acquisition of personal information maintained in computerized form that compromises security, confidentiality or integrity of that information.

02:00

Data integrity means that data is current accurate and has not been altered or destroyed in an unauthorized manner.

02:08

Data management is the development and execution of policies, practices and procedures in order to manage the accuracy and security of district instructional and operational data in an effective manner.

02:23

A data owner is a user responsible for the creation of data. The owner may be the primary user of that information or the person responsible for the accurate collection of recording of data.

02:34

Ownership does not signify proprietary interest and ownership may be shared. The owner of information has the responsibility for

02:45

knowing the information for which she or he is responsible, determining a data retention period for the information, according to board policy and state statue.

02:54

Ensuring appropriate procedures are in effect to protect the integrity, confidentiality and availability of the data used or created,

03:01

reporting promptly to the eye so the loss or misuse of data,

03:07

initiating and or implementing corrective actions when problems are identified

03:12

and following existing approval processes for the selection, budgeting, purchase and implementation of any digital resource.

03:21

The information security officer, also called the ICE so, is responsible for working with the superintendent data governance team, data managers, data owners and users to develop and implement prudent security policies, procedures and controls

03:38

the ice So will oversee all security audits and will act as an adviser to data owners for the purpose of identification and classification of technology and data. Related Resource is

03:49

in an adviser to systems development and application owners in the implementation of security controls for information on systems from the point of system design through testing and production Implementation

04:00

Quiz time. What does I so stand for? And what are three things they're responsible for?

04:13

The correct answer is the I so stands for information security officer

04:17

and some of the things that they're responsible for is working with Superintendent Data Governance team data managers, etcetera, overseeing all security audits and acting as an adviser to data owner system development and application owners

04:34

System includes any hardware systems, including computers, laptops, mobile devices, printing and ER scanning devices, network appliance equipment, A V equipment, servers, internal or external storage communication device. Or any other current or future Elektronik or technological device,

04:55

whether hosted by the district or provider.

04:58

And it's important to note here where you state current or future, because as technology changes, we want to make sure that any new technologies that may not even exist right now would also be covered. And we're not constantly having to go back and revise our policies.

05:15

Also, it includes any current or future software systems, including student information systems, payroll software, software supporting curriculum, etcetera. Again, note the use of the phrase current or future.

05:30

A security incident is an event that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system or the information the system processes stores or transmits. So it doesn't even have to be a really security breach.

05:49

It really could be something that is potentially jeopardizing.

05:55

It's also something that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies.

06:05

P i I or personally identifiable information is any information about an individual maintained by an agency that includes

06:15

anything that really could distinguish her trace and individuals identity. So name Social Security number, State I D. Date and place of birth Mothers may name biometric records

06:27

Any other information that's link your link herbal to an individual like medical records, educational records, financial records and employment information.

06:36

Risk is the probability of a loss of confidentiality, integrity or availability of information. Resource is

06:45

a user is any person who has been authorized to read inter print or update information, and they are expected to access information on Lee in support of their authorized job responsibilities.

06:57

Comply with all data security procedures and guidelines. Keep personal authentication confidential so all of their user eighties passwords, etcetera, knees to be kept to themselves.

07:09

Report promptly to the ice. So the loss or misuse of data and follow corrective actions when problems are identified.

07:18

In today's video, we discussed important definitions for key terms such as ice, so user data breach etcetera.

07:26

We also talked about some term definitions in key federal regulations such as P I. I.

07:31

So any of these definitions that we outlined here can be taken and put directly into your term definitions, a glossary section, for example, in your own student data privacy policy.