Skip To Main Content

Schools Trigger

Weglot Trigger

Mobile CTAs

Header Right

Utility Container

Schools Trigger

container-btn weglot-trigger

Search Trigger

Search Container

Schools Nav

Pinned CTAs

Board Policies


Adoption Date: 06/22/2021

Revision History: 4/11/23 (reviewed)

However, with this growth opportunity comes increased potential for valuable sensitive data to become public. The district takes seriously its responsibility to protect private data. The purpose of this policy is to ensure the secure use and handling of all district data, computer systems, devices and technology equipment by district students, employees, and data users.

The district supports the use of third-party vendors to perform necessary education functions for the district. Utilizing third party vendors to outsource functions the district would traditionally perform provides a cost-effective means to deliver high quality educational opportunities to all students. However, it is paramount that third party vendors with access to sensitive data and PII of district students, employees and data users be held to the highest standards of data privacy and security.

The selection of third-party vendors shall be in accordance with appropriate law and policy. Third-party vendors with access to PII shall meet all qualifications to be designated as a School Official under the Family Educational Rights and Privacy Act (FERPA). The board shall ensure that any approved contract with a third-party vendor will require that the vendor comply with all applicable state and federal laws, rules, or regulations, regarding the privacy of PII.

It is the responsibility of the superintendent or designee to develop procedures for the district to enhance the security of data and the learning environment. The procedures shall address, but not be limited to, the following topics:

Access Control

Access control governs who may access what information within the district and the way users may access the information. Increased access to secure networks and data will inevitably increase the risk of security compromise to those networks and data. It is the responsibility of the superintendent or designee to develop procedures for determining which individuals will have access to district networks, devices and data; and to what extent such access will be granted. System and network access will be granted based upon a need-to-have requirement, with the least amount of access to data and programs by the user as possible.

Security Management

Security management addresses protections and security measures used to protect digital data. These include measures related to audits and remediation, as well as security plans for responding to, reporting and remediating security incidents. It is the responsibility of the superintendent or designee to develop procedures to govern the secure creation, storage and transmission of any sensitive data and personally identifiable information (PII). The superintendent or designee shall implement network perimeter controls to regulate data moving between trusted internal resources to external entities.

Technology and Data Use Training

Technology and data use training addresses acceptable use best practices to safeguard data for students, employees and staff. It is the responsibility of the superintendent or designee to develop procedures for creating and administering a training program on proper data and technology use. The training shall address the proper use and security of all district owned or controlled technology, devices, media and data. Training should be administered to all district data users. The training program should be updated and presented to the school board for approval on an annual basis.

In furtherance of this policy, the superintendent or designee shall be responsible for overseeing district-wide data and technology security, to include development of standards and procedures and adherence to the administrative procedures defined in this document.

Policy References:

Legal Reference:

20 U.S.C. §1232g; 34 C.F.R. Part 99
47 U.S.C. §254
20 U.S.C. §6777
Iowa Code §§ 715C

Cross Reference:

506.1 Education Records Access
506.1R1 Education Records Access - Regulation
506.1E1  Request of Nonparent for Examination or Copies of Education Records
506.1E2 Authorization for Release of Education Records
506.1E3 Request for Hearing on Correction of Education Records
506.1E4 Request for Examination of Education Records
506.1E5 Notification of Transfer of Education Records
506.1E6 Letter to Parent Regarding Receipt of a Subpoena
506.1E7 Juvenile Justice Agency Information Sharing Agreement
506.1E8 Annual Notice
605.4 Technology and Instructional Materials


  • 700