The Natick Public Schools takes data privacy very seriously. Ensuring student's data is protected is not a one-time event but part of our ongoing efforts of implementing best practices throughout the district. We encourage everyone to review our Student Data Privacy Policy. This policy identifies the information we collect, how we use information, how we share information, how we protect it, and who to contact if you have a data privacy or security question or concern.
Data privacy, however, isn't possible without having the proper controls in place to ensure data security. To ensure the proper security measures are in place, we have developed a Written Information Security Policy. Anyone who is employed by or works on behalf of the district is expected to adhere to these polices.
Below are additional steps the district has taken to ensure both data privacy and data security so student's private information remains protected:
- The Natick Public Schools transitioned from Acceptance Use Policies to Responsible Use Policies for our students, faculty and staff. In these policies are specifics guidelines for digital citizenship, data privacy and data security.
- Natick Public Schools has been working with the Massachusetts Student Privacy Alliance (MSPA) and our legal counsel since 2015 to develop a standardized data privacy agreement for all vendors that store any student information with personally identifiable information (PII).
-
- The Data Privacy Agreement requires all vendors to:
- Follow the laws protecting students rights for data privacy - CIPA, COPPA, FERPA and PPRA.
- Ensure the school district retains ownership of all student data regardless of where the data resides.
- Provide the school district notification of a data breach, if one should occur, within a specific time frame.
- Not resell or use student information for any other purpose than the service it was intended.
- Provide the school district the right to audit the vendor for compliance.
- Ensure industry best practices are being followed with respect to data privacy and data security.
- The Natick Public School is working closely with The Education Cooperative (TEC) to facilitate the execution of these data privacy agreements with all vendors. TEC represents a number of school districts across Massachusetts concerned with student data privacy. Utilizing TEC's partnership with other school districts puts us in a stronger position when negotiating contract terms than going it alone and sends vendors a strong message that data privacy is an important issue we need to work on together to solve.
- View a current list of vendor data privacy agreements.
- The Natick Public Schools has implemented an internal vetting process, so all new vendors get on-boarded only after a data privacy agreement is agreed to and fully executed.
- The Natick Public Schools has adopted and conducted a self-assessment of the Critical Security Control framework developed by the Center for Internet Security back in 2016. This is an on-going effort to ensure implementation of best practices within all of our schools regarding data security.
- The school district is also implementing COSN's Trusted Learning Environment framework. This framework gets students, teachers, administrators and the entire community involved in our data privacy and data security initiative. The goal is not to earn COSN's seal of approval, but to raise awareness of the ongoing need for data privacy and data security, and change our behavior so data privacy and data security are a consideration in everything we do.
The Laws:
CIPA Children's Internet Protection Act
COPPA Children's Online Privacy Protection Act
FERPA Family Educational Rights and Privacy Act
PPRA Protection of Pupil Rights Amendment
Additional Resources:
National Center for Educational Services - Privacy Technical Assistance Center (PTAC)
K12 Cyber Security Resource Center
K12 Privacy & Security Blueprint
The National School Board Association
Student Data Privacy Pledge