Legal Notices
- Annual Notice of FERPA Rights and Notice of Forwarding Records
- Data Governance Plan
- Data Protection and Security
- Directory Information
- District Officers
- GRAMA Requests
- Information on Public School Options and Statewide Online Education Programs
- Mental Health Protocol and Suicide Prevention
- Metadata Library
- Section 504
- Student Data Collection Notice
Annual Notice of FERPA Rights and Notice of Forwarding Records
Data Governance Plan
Tooele County School District
Data Governance Plan
1. Purpose
Data governance is an organizational approach to data and information management that is formalized as a set of procedures that encompass the full life cycle of data; from acquisition, to use, to disposal. Tooele County School District takes seriously its moral and legal responsibility to protect student privacy and ensure data security. Utah’s Student Data Protection Act (SDPA), U.C.A §53E-9-3 requires that Tooele County School District adopt a Data Governance Plan.
2. Definitions
2.1. Personally Identifiable Student Data:
As defined in U.C.A. §53E-9-301, student data that identify or are used by the holder to identify a student, and include, but are not limited to: a student’s first and last name; the first and last name of a student’s family member; a student’s or a students’ family’s home or physical address; a student’s email address or other online contact information; a student’s telephone number; a student’s social security number; a student’s biometric identifier; a student’s health or disability data; a student’s education entity student identification number; a student’s social media username and password or alias; if associated with personally identifiable student data, a student’s persistent identifier, including a customer number held in a cookie or a processor serial number; a combination of a student’s last name or photograph with other information that together permits a person to contact the student online; information about a student or a student’s family that a person collects online and combines with other personally identifiable student data to identify the student; and other information that is linked to a specific student that would allow a reasonable person in the school community, who does not have firsthand knowledge of the student, to identify the student with reasonable certainty.
Personally identifiable student data also includes all student information protected by the Family Educational Rights and privacy Act, 20 U.S. Code §1232g and 34 CFR Part 99 (hereinafter “FERPA”), the Government Records and Management Act U.C.A. §62G-2 (hereinafter “GRAMA”), U.C.A. §53E-9-3 et seq and Utah Administrative Code R277- 487.
2.2. De-identified or Aggregate Student Data:
Data consisting of student groups greater than 10 students that the reasonably informed person could not extrapolate back to individual students.
3. Scope and Applicability
This plan is applicable to all employees, temporary employees, and contractors of the Agency. The plan must be used to assess agreements made to disclose data to third-parties .
This plan must also be used to assess the risk of conducting business. In accordance with Tooele County School District’s policy and procedures, this plan will be reviewed and adjusted on a regular basis, as needed. This plan is designed to ensure only authorized disclosure of confidential information.
4. Plan
The following 8 subsections provide data governance plans and processes for Tooele County School District:
1. Data Security and Privacy Training for Employees
2. Data Disclosure
3. Record Retention and Expungement
4. Data Quality
5. Transparency
The Tooele County School District Data Governance Plan works in conjunction with the district’s Information Security Policy
(http://go.boarddocs.com/ut/tooelesd/Board.nsf/goto?open&id=AQWSJY72FB5D), which:
● Requires Data Stewards to manage confidential information appropriately and in accordance with all legal mandates, Utah State Board administrative rules, District policies and procedures.
● Complies with all legal, regulatory, and contractual obligations regarding privacy of Agency data. Where such requirements exceed the specific stipulation of this plan, the legal, regulatory, or contractual obligation shall take precedence.
● Ensures that all Tooele County School District employees comply with the policy and undergo annual security training.
● Provides policies and processes for maintaining industry standard information and physical security safeguards to protect student data.
Furthermore, Tooele County School District Data Governance Plan also works in conjunction with the district’s Data Breach Response Plan
(https://4.files.edl.io/26ef/08/06/19/133329-5a96d33b-8c7a-47b3-83c8-954ba692a9f0.pdf), which:
● Defines the goals and the vision for the breach response process.
● Defines to whom it applies and under what circumstances,
● Defines a breach, staff roles and responsibilities, standards and metrics (e.g., to enable prioritization of the incidents), as well as reporting, remediation, and feedback mechanisms.
● Emphasizes Tooele County School District’s established culture of openness, trust and integrity.
4.1. District Data Privacy Committee
Data Manager roles and responsibilities
• authorize and manage the sharing, outside of the student data manager's education entity, of personally identifiable student data for the education entity as described in this section
• provide for necessary technical assistance, training, and support • act as the primary local point of contact for the state student data officer
• ensure that the following notices are available to parents:
o annual FERPA notice (see 34 CFR 99.7), o directory information policy (see 34 CFR 99.37), o survey policy and notice (see 20 USC 1232h and 53E-9-203), o data collection notice (see 53E-9-305)
Information Security Officer
• Oversee adoption of the CIS controls
• Provide for necessary technical assistance, training, and support as it relates to IT security
4.2. Privacy Training for Employees
Tooele County School District will provide a range of training opportunities for all district employees with access to student educational data or confidential educator records in order to minimize the risk of human error and misuse of information.
As defined in U.C.A §53E-9-204, all employees will be required to participate in an privacy training as part of the regular compliance training. Completion of Tooele County School District’s compliance training is a condition of employment.
4.3. Data Disclosure
Providing data to persons and entities outside of the Tooele County School District increases transparency, promotes education in Utah, and increases knowledge about Utah public education. This plan establishes the protocols and procedures for sharing data maintained by Tooele County School District. It is intended to be consistent with the disclosure provisions of the federal Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. 1232g, 34 CFR Part 99 and Utah’s Student Data Protection Act (SDPA), U.C.A §53E-9-3.
4.3.1. Parental Access to Educational Records
In accordance with FERPA regulations 20 U.S.C. § 1232g (a)(1) (A) (B) (C) and (D), LEAs will provide parents with access to their child’s education records, or an eligible student access to his or her own education records (excluding information on other students, the financial records of parents, and confidential letters of recommendation if the student has waived the right to access), within 45 days of receiving an official request. Tooele County School District is not required to provide data that it does not maintain, nor is Tooele County School District required to create education records in response to an eligible student's request.
4.3.2. Third Party Vendor access to Personally Identifiable Student Data Third party vendors may have access to Personally Identifiable Student Data if the vendor is designated as a “school official” as defined in FERPA, 34 CFR §§ 99.31(a)(1) and 99.7(a)(3)(iii).
All third-party vendors contracting with Tooele County School District must be compliant with Utah’s Student Data Protection Act (SDPA), U.C.A §53E-9-3. Vendors determined not to be compliant may not be allowed to enter into future contracts with Tooele County School District without third-party verification that they are compliant with federal and state law, and board rule.
Vendors must sign and agree to Tooele County School District’s Data Privacy
Agreement to be given access to Student Data that is not considered Directory
Information under FERPA. Exemptions may be given by the District’s Data Privacy Committee to vendors who are fully compliant with state and federal law, and unable to sign a Tooele County School District Data Privacy agreement.
4.3.3. Governmental Agency Requests
The requesting governmental agency must provide evidence the federal or state requirements to share data in order to satisfy FERPA disclosure exceptions to data without consent in the case of a federal or state
A. Reporting requirement
B. Audit
C. Evaluation
The Coordinator of Data and Statistics will ensure the proper data disclosure avoidance are included if necessary.
4.3.4. Research Projects requesting Personally Identifiable Student Data The Tooele County School District recognizes good research as a building block for understanding and improving education. Tooele County School District will only share Personally Identifiable Student Data with outside entities for the purpose of research projects in accordance with State and Federal Law when data authorization is given by a parent or eligible student as defined in FERPA, 34 CFR §§ 99.31(a)(1), 99.7(a)(3)(iii) and U.C.A §53E-9-3. In addition, when sharing Personally Identifiable Student Data with outside entities, Tooele County School District shall obtain agreements with recipients of student data where recipients agree not to report or publish data in a manner that discloses students' identities. All research projects requesting personally identifiable student data must be approved by the District’s Data Privacy Committee.
4.3.5. Research Projects requesting Non-Personally Identifiable Student Data Tooele County School District may accept external data requests from individuals or organizations requesting Non-Personally Identifiable Student Data or Information that has been sufficiently de-identified for the purpose of research.
4.3.6. Directory Information
Tooele County School District may disclose directory information as prescribed in FERPA, 34 CFR §§ 99.31(a)(1), 99.7(a)(3)(iii) and U.C.A §53E-9-3. Parents or eligible students may opt-out of directory information disclosure.
4.3.7. Marketing
In accordance with U.C.A §53E-9-3 and Utah Administrative Rule R277-487-6; Data maintained by Tooele County School District, including data provided by contractors, may not be sold or used for marketing purposes (except with regard to authorized uses or directory information not obtained through a contract with an educational agency or institution).
4.4. Research Application Process
4.4.1. Priority
Priority is given to projects that:
A. Yield useful products or data for our schools.
B. Align with District programs, goals, and mission.
C. Are conducted by Tooele County School District staff in pursuit of advanced degrees.
D. Are not intrusive or interrupt classroom/school activities.
Low priority is given to projects that:
A. Study domains extraneous to improving the quality of teaching and learning.
B. Study domains that are inconsistent with the goals and mission of the District.
C. Include market research which does not relate to the District's long-range objectives.
D. Include longitudinal research which requires tracking subjects and data from year to year.
E. Include topics unrelated to District programs.
F. Invade the privacy of subjects or pose unjustified risk.
4.4.2. Application Procedures
A completed application must include the follow items listed below. Please allow 2-3
weeks for a decision once completed materials have been received.
1. A completed Research Project Request (Form 521). (You may reference details from your research proposal on the application.)
2. Copy of your research proposal.
3. Copy of all interview protocols, surveys, questionnaires, observation guides, etc.
4. Copy of all disclosures and consent forms.
5. Copy of the IRB approval (or documentation that IRB approval is pending)
6. Copy of the vita or resume of the investigator(s). (Optional)
All Application materials should be submitted to:
Director of Assessment & Research
Tooele County School District
92 Lodestone Way
Tooele, UT 84074
4.4.3. Review Process
Tooele County School District’s Director of Assessment & Research will review each request and determine which requests will be fulfilled based on priorities as established above, risk to students personal data, district policy, and established state and federal laws.
4.5. Record Retention and Expungement
The LEA recognizes the risk associated with data following a student year after year that could be used to mistreat the student. The LEA shall review all requests for records expungement from parents and make a determination based on the following procedure.
The following records may not be expunged: grades, transcripts, a record of the student’s enrollment, assessment information.
The procedure for expungement shall match the record amendment procedure found in 34 CFR 99, Subpart C of FERPA.
1. If a parent believes that a record is misleading, inaccurate, or in violation of the student’s privacy, they may request that the record be expunged.
2. Tooele County School District shall decide whether to expunge the data within a reasonable time after the request.
3. If Tooele County School District decides not to expunge the record, they will inform the parent of their decision as well as the right to an appeal hearing.
4. Tooele County School District shall hold the hearing within a reasonable time after receiving the request for a hearing.
5. Tooele County School District shall provide the parent notice of the date, time, and place in advance of the hearing.
6. The hearing shall be conducted by any individual that does not have a direct interest in the outcome of the hearing.
7. Tooele County School District shall give the parent a full and fair opportunity to present relevant evidence. At the parents’ expense and choice, they may be represented by an individual of their choice, including an attorney.
8. Tooele County School District shall make its decision in writing within a reasonable time following the hearing.
9. The decision must be based exclusively on evidence presented at the hearing and include a summary of the evidence and reasons for the decision.
10. If the decision is to expunge the record, Tooele County School District will seal it or make it otherwise unavailable to other staff and educators.
4.6. Data Quality
Data quality is achieved when information is valid for the use to which it is applied, is consistent with other reported data and users of the data have confidence in and rely upon it. Good data quality does not solely exist with the data itself but is also a function of appropriate data interpretation and use and the perceived quality of the data. Thus, true data quality involves not just those auditing, cleaning and reporting the data, but also data consumers. Data quality at is addressed in five areas:
4.6.1. Data Governance Structure
The Tooele County School District data governance plan is structured to encourage the effective and appropriate use of educational data. The Tooele County School District data governance structure centers on the idea that data is the responsibility of all Tooele County School District departments and schools and that data driven decision making is the goal of all data collection, storage, reporting and analysis. Data driven decision making guides what data is collected, reported and analyzed.
4.6.2. Data Collection
When possible and to avoid data duplication, data is collected at the lowest level available.
4.7. Transparency
Annually, Tooele County School District will publicly post:
● Tooele County School District data collections
● Metadata Dictionary as described in Utah’s Student Data Protection Act (SDPA), U.C.A
§53E-9-301
Data Protection and Security
Directory Information
Family Educational Rights and Privacy Act (FERPA)
Notice for Directory Information
Directory Information
The Family Educational Rights and Privacy Act (FERPA), a Federal law, requires that Tooele County School District, with certain exceptions, obtain your written consent prior to the disclosure of personally identifiable information from your child’s education records. However, Tooele County School District may disclose appropriately designated “directory information” without written consent, unless you have advised the Tooele County School District to the contrary in accordance with Tooele County School District procedures.
Purpose of Directory Information
The primary purpose of directory information is to allow the Tooele County School District to include information from your child’s education records in certain school publications. Examples include:
-
A playbill, showing your student’s role in a drama production.
-
The annual yearbook.
-
Honor roll or other recognition lists.
-
Graduation programs; and
-
Sports activity sheets, such as for wrestling, showing weight and height of team members.
Directory information, which is information that is generally not considered harmful or an invasion of privacy if released, can also be disclosed to outside organizations without a parent’s prior written consent. Outside organizations include, but are not limited to, companies that manufacture class rings or publish yearbooks.
Military Recruiters and Institutions of Higher Education
In addition, two federal laws require local educational agencies (LEAs) receiving assistance under the Elementary and Secondary Education Act of 1965, as amended (ESEA) to provide military recruiters or institutions of higher education, upon request, with the following information – names, addresses and telephone listings – unless parents have advised the LEA that they do not want their student’s information disclosed without their prior written consent. [Note: These laws are Section 9528 of the ESEA (20 U.S.C. § 7908) and 10 U.S.C. § 503(c).]
Opting Out
If you do not want Tooele County School District to disclose any or all of the types of information designated below as directory information from your child’s education records without your prior written consent, you must notify the Tooele County School District’s Pupil Accounting Specialist in writing within fourteen (14) days of the beginning of the school year or during the online registration process.
What information is designated directory information?
Tooele County School District has designated the following information as directory information:
-
Student's name
-
Address
-
Telephone listing
-
Electronic mail address
-
Photograph
-
Date and place of birth \
-
Major field of study
-
Dates of attendance
-
Grade level
-
Participation in officially recognized activities and sports
-
Weight and height of members of athletic teams
-
Degrees, honors, and awards received
-
The most recent educational agency or institution attended
-
Student ID number, user ID, or other unique personal identifier used to communicate in electronic systems but only if the identifier cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user’s identity, such as a PIN, password, or other factor known or possessed only by the authorized user
-
A student ID number or other unique personal identifier that is displayed on a student ID badge, but only if the identifier cannot be used to gain access to education records except when used in conjunction with one or more factors that authenticate the user's identity, such as a PIN, password, or other factor known or possessed only by the authorized user.
District Officers
DISTRICT EMPLOYEES |
|
504 Officer: |
Charles Hansen, Director of Human Resources |
ADA Officer: |
Charles Hansen, Director of Human Resources |
Grievance Officer: |
Charles Hansen, Director of Human Resources |
Title IX Coordinator: |
Toni Garn, Assistant Director of Human Resources |
Title IX Investigator: |
Terry Christensen, Director of Policy, Property and Legal Affairs |
Title IX Decision Maker: |
Charles Hansen, Director of Human Resources |
DISTRICT STUDENTS |
|
504 Officer: |
Marissa Lowry Director of Special Education |
ADA Officer: |
Heather Castagno, Director of Student Services |
OCR Officer: |
Heather Castagno, Director of Student Services |
Sexual Harassment Officer: |
Heather Castagno, Director of Student Services |
Title IX Coordinator: |
Catham Beer, District Activities Director |
Title IX Investigator: |
Bob Curfew, Director of School and Student Safety |
Title IX Decision Maker: |
Heather Castagno, Director of Student Services |
SCHOOLS |
TO BE ESTABLISHED BY SCHOOL PRINCIPALS AND POSTED IN A PUBLIC LOCATION |
GRAMA Requests
Information on Public School Options and Statewide Online Education Programs
Mental Health Protocol and Suicide Prevention
Metadata Library
Section 504
Student Data Collection Notice
STUDENT DATA COLLECTION NOTICE
Necessary Student Data
Necessary student data means data required by state statute or federal law to conduct the regular activities of the school.
• Student Name, Date of birth, and Sex
• Parent and student contact information and Custodial parent information
• A student identification number (including the student’s school ID number and the stateassigned student identifier, or SSID)
• Local, state, and national assessment results or an exception from taking a local, state, or national assessment
• Courses taken and completed, credits earned, and other transcript information
• Course grades and grade point average
• Grade level and expected graduation date or graduation cohort
• Degree, diploma, credential attainment, and other school information
• Attendance and mobility
• Drop-out data
• Immunization record or an exception from an immunization record
• Race, Ethnicity, or Tribal affiliation
• Remediation efforts
• An exception from a vision screening required under Section 53G-9-404 or information collected from a vision screening described in Utah Code Section 53G-9-404
• Information related to the Utah Registry of Autism and Development Disabilities (URADD), described in Utah Code Section 26-7-4
• Student injury information
• A disciplinary record created and maintained as described in Utah Code Section 53E-9-306
• Juvenile delinquency records
• English language learner status
• Child find and special education evaluation data related to initiation of an IEP
Optional Student Data
We may only collect optional student data with written consent from the student’s parent or from a student who has turned 18.
• Information related to an IEP or needed to provide special needs services
• Information required for a student to participate in an optional federal or state program (e.g., information related to applying for free or reduced lunch)
Certain sensitive information on students collected via a psychological or psychiatric examination, test, or treatment, or any survey, analysis, or evaluation will only be collected with parental consent. You will receive a separate consent form in these cases. See our Protection of Pupil Rights Act (PPRA) notice for more information.
Prohibited Collections
We will not collect a student’s social security number or criminal record, except as required by Utah Code Section 78A-6-112(3).
Data Sharing
We will only share student data in accordance with the Family Educational Rights and Privacy Act (FERPA), which generally requires written parental consent before sharing student data. FERPA includes several exceptions to this rule, where we may share student data without parental consent. For more information on third parties receiving student information from us, see our Metadata Dictionary.
Student data will be shared with the Utah State Board of Education via the Utah Transcript and Records Exchange (UTREx). For more information about UTREx and how it is used, please visit the Utah State Board of Education’s Information Technology website.
Benefits, Risks, and Parent Choices
The collection, use, and sharing of student data has both benefits and risks. Parents and students should learn about these benefits and risks and make choices regarding student data accordingly. Parents are given the following choices regarding student data:
• Choice to request to review education records of their children and request an explanation or interpretation of the records (see our annual FERPA notice for more information)
• Choice to contest the accuracy of certain records (see our annual FERPA notice for more information), potentially leading to the correction, expungement, or deletion of the record
• Choice to opt into certain data collections (see the section above on optional data collections)
• Choice to opt out of certain data exchanges o Information that has been classified as directory information (see our directory information notice for more information)
• Choice to file a complaint if you believe the school or its agents are violating your rights under FERPA or Utah’s Student Data Protection Act. If you have a complaint or concern, we recommend starting locally and then escalating to the state and US Department of Education
Tooele County School District Tamara Cummings, Data Manager
435-833-1900 ext. 1118 tcummings@tooeleschools.org
The Utah State Board of Education Report your concern with the USBE hotline
The US Department of Education Report your concern here
Storage and Security
In accordance with Board Rule R277-487-3(14), we have adopted a cybersecurity framework called the CIS Controls.