Skip To Main Content

mobile-menu

district-nav

mobile-main-nav

mobile-header-portals-nav

header-container

header-top-container

search-container

search-popup

Popular Links

header-portals-nav

district-nav

header-bottom-container

logo-container

logo-image

logo-title

horizontal-nav

Breadcrumb

Policy No. 6900: Data Governance and Information Technology Security Policy

The Cache County School District (CCSD) takes seriously its responsibility to protect the privacy of its students and employees and ensure that their data is secure. Utah’s Student Data Protection Act (SDPA), U.C.A 53E-9-302 requires that CCSD adopt Data Governance & Information Technology Security policy and procedures for student data. This policy expands the scope of data to include employee and business data. This policy and associated procedures will serve as the Data Governance and Information Technology Security Plan for CCSD, applying to all employees, temporary staff, and third-party contractors within the school district. 

Definitions

Data Governance
Data governance is an approach to data management that encompasses the full life cycle of data; from acquisition, to use, to disposal.

n-size
The minimum number of students in a subgroup that must be included in a report or analysis to protect individual student privacy according to the Every Student Succeeds Act (ESSA).

Data Steward
Individual responsible for ensuring the quality, accuracy, and consistency of an organization’s data assets.

Information Technology Security
Information Technology Security involves the protection of the networks and devices where data is accessed and stored.

Data Governance & Security Team
The district team responsible for the management, maintenance, and protection of all student, employee, and business data.

Data Classification Levels
The classification of data into different classification levels that dictate how data is managed.

Class 1 Personally Identifiable or Confidential Information
Class 1 Data is personally identifiable information (PII) or confidential information that is collected or associated with students or employees.  This information includes: 

  1. a student or employee ID;
  2. a place and/or date of birth;
  3. personal address and phone numbers;
  4. personal email addresses;
  5. Social Security Number;
  6. medical records;
  7. bank account information;
  8. employee or student evaluations;
  9. private education records such as MLL, 504 or Special Education records;
  10. system access passwords or file encryption keys; and
  11. student discipline records. 

Class 2 Private Business or Educational Data
Class 2 Data is private business or educational data that is part of the day-to-day operations of the school district. This information includes but is not limited to:  

  1. business records such as contracts, bids, purchase requisitions, purchase orders, invoices, account numbers, budgets, job postings, interview documents, internal policies and procedures, etc.;
  2. educational records such as attendance rolls, class rosters, student assignments, grades, quizzes, tests, etc.; and
  3. staff or student email or documents stored in student or staff accounts or on student or staff computers. 

Class 3 Student Directory Information
Class 3 Data is Student Directory Information which allows for the reclassification of student data as directory information. This information includes:

  1. student first and last name;
  2. student home address;
  3. student phone number;
  4. student ID number;
  5. student photograph;
  6. student dates of attendance (years);
  7. student grade level;
  8. student diplomas, honors, awards received;
  9. student participation in school activities or school sports;
  10. student weight and height for members of school athletic teams; and
  11. student most recent school attended. 

Class 4 Public Data
Class 4 Data is any information that is shared with the public.  Public Information may include, but is not limited to:  

  1. calendar information on upcoming events or schedules;
  2. staff Directory Information (name, school phone or school email);
  3. general information about the district, school, or staff, registration information, etc.;
  4. articles recognizing staff or student achievement;
  5. aggregated data such as assessment results, financial reports, and enrollment data; and
  6. policies and procedures. 

Disclosure

Unauthorized or improper disclosure, modification, or destruction of Class 1 data could violate state and federal laws, result in civil and criminal penalties, and cause serious legal implications. Any disclosure of Class 1 Data must follow the CCSD Disclosure procedures outlined in the procedures associated with this policy.

Unauthorized disclosure of Class 2 data to people without a business or educational need may violate federal or state laws and regulations, or violate the right to privacy of staff, parents, students, or business partners. Disclosure of Class 2 data should be approved by a supervisor or the person responsible for keeping the data secure.

A school may disclose appropriately designated Class 3 data, “student directory information”, without written parental consent, unless the parent has advised the district to the contrary.

Approved by the Board of Education: May 15, 2025 

Questions or Concerns?

 

contact us