Options

Data Privacy & Security

The Natick Public Schools takes data privacy very seriously. Ensuring student's data is protected is not a one time event but part of our ongoing efforts of implementing best practices throughout the district.

Data privacy however isn't possible without having the proper controls in place to ensure data security, along with raising awareness among with all faculty, staff, students, parents, vendors and members of the community we serve.

Below are steps the district has taken to ensure both data privacy and data security so student's private information remains protected:

  • The Natick Public Schools transitioned from Acceptance Use Polices to Responsible Use Policies for our students, faculty and staff.  In these policies are specifics guidelines for digital citizenship, data privacy and data security. 

  • Natick Public Schools has been working with the Massachusetts Student Privacy Alliance (MSPA) and our legal counsel since 2015 to develop a standardized data privacy agreement for all vendors that store any student information with personally identifiable information (PII) or sensitive information (SI).

    • The Data Privacy Agreement requires all vendors to:

      • Follow the laws protecting students rights for data privacy - CIPA, COPPA, FERPA and PPRA.
      • Provide the school district notification of a data breach, if one should occur, within a specific time frame.
      • Not resell or use student information for any other purpose than the service it was intended. 
      • Provide the school district the right to audit the vendor for compliance.
      • Ensure industry best practices are being followed with respect to data privacy and data security.

  • The Natick Public School is working closely with The Education Cooperative (TEC) to facilitate the execution of these data privacy agreements with all vendors.  TEC represents a number of school districts across Massachusetts concerned with student data privacy.  Utilizing TEC's partnership with other school districts puts us in a stronger position when negotiating contract terms than going it alone and sends vendors a strong message that data privacy is an important issue we need to work on together to solve.

  • For a current list of vendor data privacy agreements click here

  • The Natick Public Schools has implemented an internal vetting process, so all new vendors get on-boarded only after a data privacy agreement is agreed to and fully executed.

  • The Natick Public Schools has adopted and conducted a self-assessment of the Critical Security Control framework developed by the Center for Internet Security back in 2016. This is an on-going effort to ensure implementation of best practices within all of our schools regarding data security.

  • The school district is also implementing COSN's Trusted Learning Environment framework.  This framework gets students, teachers, administrators and the entire community involved in our data privacy and data security initiative.  The goal  is not to earn COSN's seal of approval, but to  raise awareness of the ongoing need for data privacy and data security, and change our behavior so data privacy and data security are a consideration in everything we do. 


The Laws:

CIPA Children's Internet Protection Act

COPPA Children's Online Privacy Protection Act

FERPA Family Educational Rights and Privacy Act

PPRA   Protection of Pupil Rights Amendment

Additional Resources:

National Center for Educational Services - Privacy Technical Assistance Center (PTAC)

K12 Cyber Security Resource Center

K12 Privacy & Security Blueprint

The National School Board Association

Student Data Privacy Pledge

Website by SchoolMessenger Presence. © 2018 West Corporation. All rights reserved.