You are here
Sample Privacy and Security Policies
Overview
Per the Student Data Transparency and Security Act (PDF), CDE is required to provide Local Education Providers (LEPs) with a sample Student Information Privacy and Protection Policy. The policy/guidance must include the following information:
- Creating and maintaining a student data index
- Retaining and destroying Student PII
- Using Student PII for purposes internal to a LEP
- Preventing breaches in the security of Student PII and for responding to any security breaches that occur
- Contracting with School Service Contract Providers and using School Services provided by School Service On-Demand Providers
- Disclosing Student PII to School Service Contract Providers, School Service On-Demand Providers, or other third parties
- Notifying parents regarding collection of, retention of, and access to Student PII
- Providing training in student information security and privacy to employees of a LEP
CDE developed a suite of sample policies that cover important security and privacy processes and those can be found below. CDE has also created a short document that provides some general policy drafting tips (DOC).
Note: CDE's sample policies are optional and LEPs can use this suite of policies, sample policies created by other organizations like CASB, or draft their own policies.
LEP Policy Requirements
LEPs must adopt a Student Information Privacy and Protection Policy of their own by December 31, 2017 (or by July 1, 2018 for small rural districts). These policies are required to contain certain topics as stated in the law. LEPs may use these policies as templates or starting points for their own organizations, tailoring or modifying them to suit their own needs. They may be combined into one policy, a number of policies, or used in any way desired. You can choose any method or format for drafting your own policies but you should ensure compliance with all federal, state, and local laws, Board policies, and/or internal LEP practices regarding the adoption of policies and other documents.
The sample policies provided cover data security and privacy practices beyond what topics the LEPs are required to include in their Student Information Privacy and Protection Policy. Below is a map from the sample policies we have provided and the requirements of state law.
Sample Policies
- Access Control and Password Policy (DOC)
- Account and Identity Management Policy (DOC)
- Administrative Special Access Policy (DOC)
- Antivirus and Malware Policy (DOC)
- Asset Management Policy (DOC)
- Bring Your Own Device (BYOD) Policy (DOC)
- Change Management Policy (DOC)
- Cloud Based Computing Policy (DOC)
- Compliance Policy (DOC)
- Computer and System Log Policy (DOC)
- Custom Application Development Policy (DOC)
- Data Breach Policy (DOC)
- Data Destruction and Sanitization Policy (DOC)
- Data Encryption Policy (DOC)
- Data Governance and Transparency Policy (DOC)
- Data Privacy Policy (DOC)
- Data Retention Policy (DOC)
- Domain Controller Policy (DOC)
- Hardware and Software Maintenance Policy (DOC)
- Information Systems Audit Policy (DOC)
- Mobile Device Policy (DOC)
- Network Access Policy (DOC)
- Network Device Security and Configuration Policy (DOC)
- Network Firewall Implementation Policy (DOC)
- Outsourcing Policy (DOC)
- Patch Management Policy (DOC)
- Physical Facility Access Policy (DOC)
- Remote Access Policy (DOC)
- Removable Media Policy (DOC)
- Securing Sensitive Information Policy (DOC)
- Security Monitoring Policy (DOC)
- Security Training Policy (DOC)
- Server Hardening Policy (DOC)
- Server Side Certificate Policy (DOC)
- Smartphone Policy (DOC)
- Software and Firmware Patch Management Policy (DOC)
- Standard Software Application Policy (DOC)
- Student Data Collection Policy (DOC)
- System Update Policy (DOC)
- Third Party Contract Policy (DOC)
- Vendor Access Policy (DOC)
- Virtual Private Network (VPN) Policy (DOC)
- Wireless Access Policy (DOC)
- Workstation Hardening Policy (DOC)
- Workstation Security Policy (DOC)
If you would like to download all the policies, here a zip file with all LEP Sample Policies (ZIP).
Connect With Us