Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading…
Transcript

The term ‘personally identifiable information’ refers to information that can be used by itself to distinguish or trace an individual’s identity, such as their name, Social Security Number, biometric records, etc.

...or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

• directly related to a student; and

• maintained by an educational agency or institution

or by a party acting for the agency or institution.

 Sole possession records used as a personal memory aid;

 Law enforcement unit records;

 Alumni records; and

 Peer-graded papers before they are collected and recorded by teacher.

Much of the guidance is policy oriented, not targeted for the front-line

In most cases, the HIPAA Privacy Rule does not apply to an elementary or

secondary school because the school either:

(1) is not a HIPAA covered entity or

(2) is a HIPAA covered entity but maintains health information only on students in records that are by definition “education records” under FERPA and, therefore, is not subject to the HIPAA Privacy Rule.

  • Currently enrolled or formerly enrolled
  • Regardless of age
  • Regardless of parental dependency
  • Does not apply to deceased students

• Don’t reveal a password to ANYONE (If someone demands a password, call the Information Security Officer)

• Use different passwords for each of your accounts

• Avoid entering passwords when using unsecured Wi-Fi connections, i.e. airports, coffee shops, etc

• Avoid entering passwords on computers you don’t control i.e. Internet café, public library, hotels, etc

• Do not use the “Remember Password” feature

• Do not write passwords down and store them anywhere in your office.

Social Engineering

Human manipulation

Calls from tech support

Emails

Text Messages

Too good to be true

Asking for information they shouldn't have

Confusing acronyms or terminology

Don't save Personally Identifiable Information on external drives or desktop

Use strong passwords, don't write them down

If you print it, shred it - check the recycle bins

Report anything suspicious: scams, phishing, hoaxes

Don't take agency devices out of the country

Lost devices - TSA, taxis, coffee shops, motorpool cars

Technologies

  • Review data management issues
  • Review contracts with data requests
  • Look to reduce data collection burden for districts
  • Review and update security policies
  • Upgrade technology to protect data
  • Work with Dept Enterprise Technology Services to protect network

FONTS

WDE Data Awareness Training

Data Governance Team

Confidentiality

Contact: Leslie Zimmerschied

307-777-8751

leslie.zimmerschied@wyo.gov

http://edu.wyoming.gov/data/data-governance

Confidentiality is the management of another individual’s personally identifiable information

Data Security Team

This includes the obligations of those who receive personal information about an individual to respect the individual’s privacy by safeguarding that information.

Contact: Aaron Roberts

307-777-8014

aaron.roberts@wyo.gov

Personally Identifiable Information

(PII)

Privacy Enhancing Behaviors and Technologies

What is an "education record"?

Behaviors

What is not?

Protect yourself

Be cautious

Lock your workstation (ctrl-alt-del)

Don't send student data over email

Use WISER ID without the name

Encrypted spreadsheets

Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information.

If you don't know how sensitive something is, please ask

Privacy and Security Topics

Use technology to protect yourself

Encrypted laptops, encrypted flash drives

Use the VPN to access files on network drives

Strong passwords

Tuesday updates

Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.

Agency Policies

The Wyoming Legislature has required WDE and Department of Enterprise Technology Services to create and publish standard privacy and security policies. SEA0066 of 2014

Appropriate Uses

School Employees or Other Schools

Audit and Evaluation

Directory Info

Aggregation

Schools or Districts may choose to publish directory information with the following:

  • Student name, address, and telephone number
  • Date of birth
  • Major field of study
  • Participation in officially recognized activities
  • Dates of attendance, degrees, and awards received

Officials from state and local education authorities who are auditing or enforcing compliance with legal requirements

Mandatory state and federal reporting

Research studies to evaluate educational programs

Data is gathered and presented in summary form. Combined data lower the risk of disclosure.

Exceptions are:

small n-counts

proficiency levels near 100%

  • School employees who have a legitimate educational interest
  • Other schools where a student is seeking or intending to enroll
  • Appropriate parties in connection with financial aid
  • to determine eligibility, amount of aid, or to enforce the terms and conditions of financial aid
  • Agency vendors and contractors

Note:

The WDE does not publish student directory information.

FERPA

Family Educational Rights and Privacy Act

Deceased Students

Court Order or Subpoena

Judicial order or subpoena

Grand jury summons

Not required to disclose records to law enforcement without a written court order

Records may be released without consent for students who are deceased.

  • Federal Law (1974)
  • Protects the privacy of a student's educational records
  • Provides rights to students

FERPA and HIPAA

Who is Protected?

Consequences for Misuse

Loss of Federal Funding

Lawsuit

Dismissal

Right to inspect and review records

Right to seek to amend records

Right to limit disclosure of records

Right to inspect and review records

Right to seek to amend records

Right to limit disclosure of records

Definition of Privacy

Privacy is each person’s control over their own information.

This includes each person’s right to decide when and whether to share personal information, how much information to share, and the circumstances under which that information can be shared.

Learn more about creating dynamic, engaging presentations with Prezi