welcome to student data privacy fundamentals. This lesson is defining your data lifecycle.
In this video, we will learn an overview over the data life cycle and what each phase of the data lifecycle entails.
Data governance is necessary at each phase in the data lifecycle.
This life cycle starts at evaluating the need for data collection and ends when the data is destroyed. It is important that appropriate safeguards, policies, procedures and practices are in place for each phase of the data. Lifecycle. Let's take a closer look at each phase of the data lifecycle.
to accomplish the district's mission and to comply with the law, the district may need to maintain confidential information, including information regarding students, parents or guardians, employees,
applicants for employment and various others.
The district will collect, create or store confidential information on Lee. When the superintendent or designee determines it is necessary,
the district will ensure that data collection is aligned with board policy.
Data systems shall be regularly reviewed to ensure that Onley necessary data is being transmitted and collected.
Additionally, before any new service or application is purchased or used to collect or store confidential or critical information, the I so or designee must approve the use of the service or application and verify that it meets the requirements of the law and board policy and appropriately protects confidential
and critical information.
This leads to the next phase. Create and acquire
any new digital resource that either has an associated cost or collect staff or student Data should go through a software request process, which would vet the software for compatibility with district systems and, more importantly, verify that it meets best practice for securing and protecting user data.
Prior to initiating services in our present. Transmitting any data, the district should conduct a risk management audit using a data security checklist. Suggestions for both a software request process and data security checklist will be shared in a later module.
for system security. You will want to describe how the district will provide access to confidential information toe appropriately trained district employees and volunteers on Lee when the district determines that such access is necessary for the performance of their duties.
If your organization will disclose data to vendors or contractors, describe that in this section as well.
You will also want to reference any board policies or other regulations that you have regarding system security
for data management. The effective education of students and management of district personnel often require the district to collect information, some of which is considered confident told by law.
In addition, the district maintains information that is critical to district operations and must be accurately and securely maintained to avoid disruption to district operations.
For data inventory in classification, the eyesore designee will identify all systems containing district data, such a student information systems, financial systems, payroll transportation, food service, email, instructional software applications and others
for securing data at rest and transit
district at a security applies to all forms of data, including data stored on devices or an additional resource is such as cloud storage. All district external hard drives will be maintained in inventory and verified through the regular inventory verification process.
Users must ensure that there securely storing their data.
Guidelines have been established for cloud storage and file sharing, external storage devices and file transmission practices.
These guidelines will be further discussed in another lesson specifically on this topic.
for risk management Ah, thorough risk analysis of all data networks, systems policies and procedures shall be conducted on an annual basis or is requested by the superintendent is so or designee.
More details about risk management will be discussed in the data security checklist, which will be discussed in detail In a later lesson
for security logs, the district will maintain a comprehensive list of critical system events that will be logged and monitored to ensure data security.
These events will include but are not limited to, access to critical systems and modification of critical data
when applicability notifications will be established for critical event triggers
for log on banners, the district will ensure that staff, students and parents using district systems are aware of the district data security policies.
When possible, District system users will acknowledge the full technology usage agreement prior to accessing all district technical systems.
For example, at the beginning of each school year, every student will sign the Student technology usage agreement and then every time that they log on to a common computer in a computer lab, it, for example, they will acknowledge a
little log on being her that says they are responsible for following all district policies
for physical security controls. You will outline how your organization will maintain physical security through inventory management, protection against virus malware, phishing and spam, and how to secure electronic access
for usage and sharing. A consistently high level of personal responsibility is expected of all users granted access to the district's technology resource is
all the service staff. Volunteers, contractors and agents who are granted access to critical and confidential information are required to keep the information secure and are prohibited from disclosing or assisting in the unauthorized disclosure of confidential information.
You'll want to address each of the bullet points here in detail for however your organization will handle them.
For example, for password security. You might require users to change their password every six months, or maybe every three months.
And you might require a certain number of characters, number symbols, etcetera to increase password strength. And you will want to spell that out specifically for the users. For your policy
archival, you will want to outline here how you will archive data and how long it will be archived.
You also want to address data in litigation If you have any active litigation in your district, for example, in new lawsuits going on currently, you will want to make sure that you are not archiving or deleting any of the data that might be subpoenaed by courts
and lastly destruction.
You want to outline your process for destruction and disposal of assets. A detailed description of how to dispose and destroy data and technology resource is will be discussed in a later lesson on asset management.
Now for the quiz, I want you think about the parts of the data life cycle that we discussed today. What part do you think your organization currently does? Well,
you might pause the video and take a minute to think about this.
When you thought of some things that your organization does well.
Now think about what parts of the data lifecycle your organization might need to improve.
Pause the video and think about this
in summary today's video. We discussed what the data life cycle is and what it looks like,
and we discuss specific phases in the life cycle and what each phase specifically entails.
In the next lesson, we will work to define our critical incident response.