Skip To Main Content

mobile-menu

district-nav

mobile-main-nav

mobile-header-portals-nav

header-container

header-top-container

search-container

search-popup

Popular Links

header-portals-nav

district-nav

header-bottom-container

logo-container

logo-image

logo-title

horizontal-nav

Breadcrumb

Data Governance Plan

I. Purpose

Data governance is an approach to data and information management that is formalized as a set of policies and procedures which encompass the full life cycle of data; from acquisition, to use, to disposal. The Cache County School District (CCSD) takes seriously its responsibility to protect student privacy and ensure data security. Utah’s Student Data Protection Act (SDPA), U.C.A 53E-9302 requires that the CCSD adopt a Data Governance Plan.

II. Applicability

This plan is applicable to all employees, temporary employees, and third-party contractors of the school district. It will be reviewed and adjusted on an annual basis or more frequently, as needed. This plan is designed to ensure only authorized disclosure of personally identifiable or confidential information.

III. Information Technology Security Plan

The CCSD Data Governance Plan works in conjunction with the Information Technology Security Plan. 

IV. Data Governance Team

The CCSD has appointed the following positions to ensure that data is protected at all levels:

  1. Chief Information Officer
    • Authorized to appoint members of the Data Governance Team.
    • Oversees the work of the Data Governance Team.
    • Maintains the Information Technology Security Plan.
    • Investigates complaints of alleged violations of systems breaches.
    • Provides an annual report to the board on CCSD’s systems security needs.
  2. Student Data Manager
    • Maintains the Data Governance Plan, Metadata Dictionary and third party contracts.
    • Authorizes and manages the sharing, outside of the education entity, of personally identifiable or confidential student data from a cumulative record for the education entity.
    • Acts as the primary local point of contact for the state Student Data Officer.
    • Creates and maintains a list of all LEA staff that have access to personally identifiable or confidential student data.
    • Ensures annual LEA-level training on data privacy to all staff members with access to personally identifiable or confidential information, including volunteers. Documents all staff names, roles, and training dates, times, locations, and agendas.
    • Manages Research Application requests
    • Ensure the following notices are available to parents:
  3. Information Systems Manager
    • Collects, manages, maintains and ensures the security of student data and secure transmission of data in and between any of the district’s information systems, including PowerSchool, Upland Document Management, Caredox, curriculum and associated programs, messaging systems and transfer of data to USBE.
    • Works closely with district and school personnel to ensure secure transmission of student data between district and school personnel as well as other LEA personnel.
    • Works closely with the Student Data Manager to fulfill approved data requests.
    • Works closely with the Security Officer to ensure the security of student data.
  4. Security Officer
    • Acts as the primary point of contact for implementation of the Information Technology Security Plan.
    • Investigates complaints of alleged violations of systems breaches. 

V.  Data Classification Levels 

A. Class 1 Personally Identifiable or Confidential Information

Class 1 Data is personally identifiable information (PII) or confidential information that is collected or assigned to students or staff members.  This information includes: 

  1. A student or employee ID
  2. A place and/or date of birth
  3. Personal address and phone numbers
  4. Personal email addresses
  5. Social Security Number
  6. Medical records
  7. Bank account information
  8. Staff or student evaluations
  9. Private education records such as ESL, 504 or Special Education records.
  10. System access passwords or file encryption keys 

B. Class 2: Private Information

Class 2 Data is private business or educational data that is part of the day to day operations of the school district.  This information includes but is not limited to:  1. Business records such as contracts, bids, purchase requisitions, purchase orders, invoices, account numbers, budgets, job postings, interview documents, internal policies and procedures, etc.. 2. Educational records such as attendance rolls, class rosters, student assignments, grades, quizzes, tests, etc. 3. Staff or student email or documents stored in student or staff accounts or on student or staff computers. Unauthorized disclosure of this information to people without a business or educational need may violate federal or state laws and regulations, or violate the right to privacy of  staff, parents, students, or business partners.  Decisions about access to this information should always be cleared through the information owner or responsible parties.  Class 2 Data should be kept private and care should be taken in storing this data in electronic or printed format.  If possible, printed data should be kept in a locked facility.  Class 2 Data is always subject to inspection by district or school officials.   C.  Class 3 Data: Student Directory Information Class 3 Data is Student Directory Information.    This information includes: 1. Student first and last name 2. Student home address 3. Student phone number 4. Student ID number 5. Student photograph 6. Student dates of attendance (years) 7. Student grade level 8. Student diplomas, honors, awards received 9. Student participation in school activities or school sports 10. Student weight and height for members of school athletic teams 11. Student most recent school attended Cache County School District may disclose appropriately designated “directory information” without written parental consent, unless the parent has advised the district to the contrary.  Notice of this policy is included in the district’s summer mailing and published on the district website.  The primary purpose of directory information is to allow the district to include this type of information in certain school publications. Examples include: A playbill, showing the student’s role in a drama production, the annual yearbook, honor roll or other recognition lists, graduation programs, sports activity sheets, such as for wrestling, showing weight and height of team members. Directory information can also be disclosed to outside organizations without prior written consent.   Outside organizations include, but are not limited to, companies that manufacture class rings or publish yearbooks or institutions of higher education. In addition, two federal laws require local educational agencies (LEAs) receiving assistance under the Elementary and Secondary Education Act of 1965 (ESEA) to provide military recruiters, upon request, with the following information – names, addresses and telephone listings. D. Class 4 Data:  Public Data Class 4 Data is any information that may be shared with the public.  Public Information may include, but is not limited to:  1. Calendar information on upcoming events or schedules. 2. Staff (name, business phone or business email). 3. General information about the district, school, or staff, registration information, etc.. 4. Articles recognizing staff or student achievement. 5. Aggregated data such as assessment results, financial reports, and enrollment data. 6. Policies and procedures. 7. Blank Documents for student, staff or parent use.