DATA SECURITY & PRIVACY FAQ's

  • Introduction - Purpose

    The purpose of this page is to provide clear and documented information for students, parents, staff, and the community and answer common questions regarding digital learning, 21st Century Learning tools, district applications, data privacy, and technology security issues. We realize that security breaches are a common occurrence in today’s world and you may have concerns about what data the district has in its possession in regards to your student. You may also be concerned about whether or not that data is vulnerable and what data the district shares with vendors or other third parties.

    Our goal for this page is to provide the information you need to understand what the district has in its possession, why we have it, what we share and with who, and what we do to protect the data we have. This page will focus on the data and programs that the IT Department is tasked with managing for the district. This does not include programs or websites that are, or may be used in individual classrooms or schools. For information on those programs please contact your students school.

    Data Mining Definition
     
    Merriam-Webster defines data mining as: the practice of searching through large amounts of computerized data to find useful patterns or trends.

    Data mining is a relatively new term in the technology world. It generally has negative connotations and is usually associated with other terms like "Big Data" and “Big Brother”. It conjures up images of people or companies searching and scraping the Internet for information that is just sitting there waiting to be collected for malicious purposes or to profile and track individuals. This image may lead some to be suspicious or even fearful that everything they do online is being examined by someone, somewhere. And there is some truth in that statement. The fact is, that is the connected world we live in today. But it doesn’t mean there is malicious intent or that anyone is targeting you and/or your personal information. Data mining may in fact be more accurately described as “data analysis”.

    An example of data mining/analysis that you may have used personally is Amazon. Amazon makes “recommendations” as you browse their site.  They can do so by analyzing items you are and have searched for, and possibly purchased in the past. They can then look at user preferences of customers that have searched for the same or similar items and make that recommendation. That is the convenience of “Big Data” and having modern data systems joined and communicating. The financial world has done it for a long time to manage your accounts, your transactions, and ultimately your credit score. Retailers can use that historical data to target advertising to specific zip codes based on purchasing history, and so on, and so on.

    The Washoe County School District does data analysis on information already in our possession. This occurs in our data warehouse, otherwise known as BIG (Business Intelligence Gateway) which lives inside our network. Access to this resource is restricted by domain rights, which means that no one can access data that they don’t already have rights to see. In other words, just because someone is a high school teacher at Reed doesn’t mean they should see a Hug HS students’ records, and they can’t. You can view our Board Policy 7205 - Information Technology – Data Access Policy for more detail on how district managed data is secured and who has access to it.

    We use data to aid in teaching and learning, not to build marketing profiles on students. We don’t share any data in our possession unless we are mandated to do so, such as uploading data to the Nevada Department of Education for reporting purposes, or in cases where student information is needed to use a specific educational website or application. An example of this would be Easy IEP. This does not include the Microsoft Office 365 or Google Apps for Education environment. We do not upload or share any student data or information with them as they do not ask for, nor do they need any. The only information we sync from our domain to their data centers are usernames and passwords which are necessary for users to access those services. Student data that lives in their environment such as student produced documents and email are not accessible by Microsoft or Google and are protected by privacy agreements and their Terms of Service.

    There have been concerns raised by the public that we do business with companies that mine student information and sell that data to third parties. Based on the agreements and contracts we have in place with companies like Microsoft, Google, and others, those claims are unfounded. In fact those companies are signers of the Student Privacy Pledge . This pledge is an intentional statement by the organizations that sign it to be transparent with why they need student data, how they handle and protect that student data, and what they do with it. In the following sections you will find links to official terms of service and privacy statements which explain how each company treats student data in their possession.

    Office 365 & Microsoft Domain Accounts

    The Microsoft online tools for collaboration are collectively known as Office 365. This is the standard district supported platform for email, user file storage, online collaboration, and communication. These services are available to all students and staff 24/7/365 from any device and from any location.

    Beginning in the 2016-2017 school year student email accounts are issued to all students K-12 unless a parent wants to opt out on behalf of their student(s). This access only allows a student to email other students and/or staff inside the district. Students can not send or receive email from anyone outside the district. This internal only access can change in the future if your students school determines that there is a need for such access. An example might be a high school that wants students to be able to communicate with colleges or potential employers.

    All students and staff have a user name and password that is part of the WCSD Active Directory domain. The domain is simply a collection of all users and devices that are part of the WCSD organization. The domain user accounts are how we provide access to resources such as file storage, databases, servers, and services. Having a unique user name is how we can identify a specific person and ensure that they only have access to what they are supposed to have access to. For example, a custodian has no reason to access student health information or grades so the user group their account belongs to is not granted rights to see that type of information. This is true for all users and all of the information the district has in its possession.

    What we share with Microsoft: We do not share student data with Microsoft, nor do they have access to any documents, email, or information regarding students. The only exceptions to this are if we give them permission to access our data in order to help solve technical issues with the service, or there is a legitimate request from law enforcement. Even in the law enforcement example Microsoft encourages the district to provide law enforcement access on its own and without involvement from Microsoft.

    Why we share it: N/A

    You can read more about Microsoft security and how they handle customer data here:

    Microsoft Online Services Terms 

    Office 365 Top 10 Lists

    Security and compliance features included in Office 365 Education

    Microsoft Trust Center – Office 365 Security

    Office 365 Trust Center

    Microsoft Online Services Privacy Statement

    Microsoft Trust Center – Encryption

    Microsoft Trust Center – You Control Your Data

    Microsoft Azure Trust Center

    Microsoft Trust Center – Security

    Microsoft Trust Center – Transparency

    Microsoft Trust Center – Compliance

     
    Network Traffic Encryption
     
    The diagram below is an example of how data that is transported within the WCSD network, and across the public Internet, and the Microsoft Office 365/Azure environment is encrypted.
     

    MS O365 Network  

    GAFE (Google Apps for Education)

    While users utilize GAFE services in the schools, this service is not supported the way we support the Office365 environment. The Washoe County School District makes access to GAFE available through single sign on from our domain using our standard district issued usernames and passwords. That information is simply confirmed by GAFE when someone tries to access their site and they are already logged into a district computer. Simply put, your credentials don’t actually travel to GAFE, rather GAFE trusts your credentials and the fact that you are already logged into our domain and are an authenticated user. We do NOT use Gmail as a means of communication and we do NOT issue Gmail accounts to students or staff. All email is handled though our Microsoft Office365 environment.

    What we share with Google: We do not share student data with Google. Google abides by FERPA (Family Educational Rights and Privacy Act) and COPPA (Children's Online Privacy Protection Act) and treats all WCSD data as “Intellectual Property” which the district has exclusive access to and rights over.

    Why we share it: N/A

    You can read more about Google privacy here:

    Google Apps for Education Privacy Notice

    Google for Education - Privacy & Security Information

    Google Terms of Service

    Google Privacy Policy

    Google Apps for Education (Online) Agreement

    Infinite Campus

    Infinite Campus is the WCSD SIS (Student Information System). It contains the bulk of student information that the district possesses.

    What we share with Infinite Campus: Nothing. Infinite Campus merely provides the software platform that allows us to store and utilize the data in our possession.

    Why we share it: N/A

    BIG (Business Intelligence Gateway) – Data Warehouse

    BIG (Business Intelligence Gateway) is the WCSD data warehouse. It contains a subset of the student information that the district possesses.

    What we share with BIG: Nothing. Since BIG is a district owned system we already own all of the information that is contained in it.

    Why we share it: N/A

    WebSMARTTs (Nutrition Services Database) – School Meals

    WebSMARTTs is the WCSD Nutrition Services food services management software used to manage student meals. It contains a subset of the student information that that comes from Infinite Campus.

    What we share with WebSmartts: Nothing. Heartland School Solutions provides the software platform that allows us to store and utilize the data in our possession.

    Why we share it: N/A

    Third Party Applications

    Third party applications are programs that may be used on a individual, class, school, or district level that are not housed within the district or created by the district. The IT Department does not recommend, approve, or deny the use or access to educational applications or websites. Access to external resources is handled by our automated Internet filtering system. Please visit the Academics or Curriculum & Instruction webpages for information on applications and programs that are used in the schools, or speak with your students teacher.

    Information Technology does provide data to various district applications as needed, and by specific request in order to populate student and teacher roster information. However, just because an application is listed in this spreadsheet doesn't mean it is in use at your child's school. Please consult your child's school for a list of applications they are using and what their purpose is. Please consult the link below for a spreadsheet containing 3rd party vendors that receive data from the district and exactly what is shared with those vendors: