• Student Data Privacy & Security Policies

    Roanoke City Public Schools (RCPS) takes student data privacy and security very seriously, implementing a range of measures to protect sensitive information. Here’s an overview of the key procedures and practices in place:
     

    School Board Policies "Technology Use IIBEA-BR" and "Acceptable Computer System Use IIBEA"

    All use of the Division’s computer system must be (1) in support of education and/or research or (2) for legitimate school business. It is the user's responsibility to know and follow these policies and Technology Use Guidelines therein. Technology Use Guidelines include provisions establishing that technology protection measures are enforced during the use of the Division’s computers and provisions requiring every user to protect the security of information necessary to access the computer system, such as usernames and passwords, and prohibiting the sharing of passwords. If necessary, the Executive Director of Technology reviews and makes recommendations to these Board Regulations every two years.
     

    Software Approval Procedure

    RCPS has a stringent software approval process to ensure that any software used within the district meets high data security and privacy standards. This involves:
    • Evaluation: Each software application is evaluated for compliance with federal and state regulations, including the Family Educational Rights and Privacy Act (FERPA).
    • Approval: Only software that meets a set of Division-defined criteria is approved for use. This helps prevent unauthorized access to student data and ensures that all applications are secure. Division-defined criteria include but are not limited to funding sources, the need to connect with other internal systems, accessibility features, equity rationale, and support for the RCPS Strategic Plan. 
     

    Data Classification Procedure

    RCPS classifies data based on its sensitivity and the level of protection required. This classification helps in applying appropriate security measures to different types of data. The classification levels typically include:
    • Sensitive: Highly sensitive information that requires the highest level of security, such as student records and personal information.
    • Confidential: Information that is not as critical as sensitive data but still requires significant protection, such as internal communications and certain administrative records.
    • Internal Use: Data for internal use within the school district requires some protection, such as internal reports and memos.
    • Public: Information that can be freely shared without risk, such as public announcements and general school information.
     

    Industry Best Practices

    RCPS adheres to industry best practices to maintain the security and privacy of student data. These practices include:
    • Encryption: All sensitive data is encrypted in transit and at rest to prevent unauthorized access.
    • Access Controls: Strict access controls are in place to ensure that only authorized personnel can access sensitive information. This includes using strong passwords, multi-factor authentication, and regular audits of access logs.
    • Regular Training: Staff members receive regular training on data privacy and security best practices to ensure they are aware of the latest threats and how to mitigate them.
    • Incident Response: RCPS has a comprehensive incident response plan to quickly address data breaches or security incidents. This plan includes steps for containment, eradication, recovery, and communication with affected parties.