We take information security seriously.
To maintain the confidentiality and integrity of the district information and data including our student data, Harvard CUSD 50 has implemented targeted processes and procedures. These can be categorized as:
Systems that control where key information is stored;
Access security practices and internal controls that restrict who has rights to view, add/delete, or edit information;
Physical access controls to district data centers and key networking equipment.
How is access to student data managed?
Harvard CUSD 50 follows best practices in establishing and managing system and network access security. Access to student data is managed and controlled through what is known as role-based security. This means that the type and amount of access to student data and other information are governed in our systems by the role which any staff member holds along with what information they require to perform their job as a trusted member of our staff. Staff members must go through a process to gain access to authorized information that includes successfully logging into the district network or one of the systems they use as part of their job duties.
Once a staff member logs in using this method, the internal application controls, role-based security, and application permissions restrictions are engaged which limit the data read, write, add, or delete functionality and are specific to a staff member’s role in the district.
The district also follows all rules set forth by state and federal government such as the Student Online Personal Protection Act (SOPPA), Federal Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), Children’s Online Privacy Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA). For more information regarding these laws, please refer to the following links:
HIPAA – http://www.hhs.gov/ocr/privacy/
Where is student data held and where does it go?
The primary repository of student data is our student information system, PowerSchool. PowerSchool maintains student demographics, household contact information, enrollments, attendance, grades, schedules, transcripts, discipline, bus, lockers, health, IEP, and LEP information. The district does not retain Social Security Numbers within any system.
In addition to the student information system, the district maintains multiple supporting systems that assist in running daily operations. Based on need, some student data is routinely transferred between these applications through a variety of secure and encrypted system integration processes.
The data center that stores this information is hosted off-site. These data centers are also secured with fire protection and power backup capabilities. We also take routine backups of key systems and data which are securely stored and protected.
With the evolution of cloud-based solutions, the district also subscribes to other externally hosted applications which are integrated with our student information system through encrypted data communications. Below is a list of various outside agencies that the district provides data to and/or receives data from. Data transferred includes basic student information such as names and schedules so a student can log into applications and access curricular materials configured by the district.
Additionally, the district provides testing agencies such as IAR, NWEA, etc. with basic student identification as part of the testing and scoring process. The district reports all required data to the Illinois State Board of Education (ISBE) and other government agencies.
Google Apps for Education
The district provides all students with a Google Apps for Education Account. This account allows them to collaborate and share documents with their teacher and fellow students and is an essential component of the classroom. We share limited information with Google solely for account creation purposes. This data and any data created as a function for using a Google Apps for Education Account belongs to District 50. This type of account is different than having a personal Gmail account. Google does not scan student content or email for advertising purposes as they do with regular consumer accounts.
Please review the Google Apps for Education Privacy Statement at: http://www.google.com/edu/privacy.html