You are here

Sample Privacy and Security Policies

Overview

Per the Student Data Transparency and Security Act (PDF), CDE is required to provide Local Education Providers (LEPs) with a sample Student Information Privacy and Protection Policy.  The policy/guidance must include the following information:

  • Creating and maintaining a student data index
  • Retaining and destroying Student PII
  • Using Student PII for purposes internal to a LEP
  • Preventing breaches in the security of Student PII and for responding to any security breaches that occur
  • Contracting with School Service Contract Providers and using School Services provided by School Service On-Demand Providers
  • Disclosing Student PII to School Service Contract Providers, School Service On-Demand Providers, or other third parties
  • Notifying parents regarding collection of, retention of, and access to Student PII
  • Providing training in student information security and privacy to employees of a LEP

CDE developed a suite of sample policies that cover important security and privacy processes and those can be found below.  CDE has also created a short document that provides some general policy drafting tips (DOC).

Note: CDE's sample policies are optional and LEPs can use this suite of policies, sample policies created by other organizations like CASB, or draft their own policies. 

LEP Policy Requirements

LEPs must adopt a Student Information Privacy and Protection Policy of their own by December 31, 2017 (or by July 1, 2018 for small rural districts).  These policies are required to contain certain topics as stated in the law.  LEPs may use these policies as templates or starting points for their own organizations, tailoring or modifying them  to suit their own needs.  They may be combined into one policy, a number of policies, or used in any way desired.  You can choose any method or format for drafting your own policies but you should ensure compliance with all federal, state, and local laws, Board policies, and/or internal LEP practices regarding the adoption of policies and other documents.

The sample policies provided cover data security and privacy practices beyond what topics the LEPs are required to include in their Student Information Privacy and Protection Policy.  Below is a map from the sample policies we have provided and the requirements of state law.

 
Sample Policy Crosswalk
 

Sample Policies

If you would like to download all the policies, here a zip file with all LEP Sample Policies (ZIP).