Data Privacy

Student Data Privacy Information for Families
Ridgedale Local Schools values the privacy of its students, employees, and families/guardians.  Data privacy is your right to keep your person and your information to yourself.  Because we spend so much time engaged in activities online, data privacy has become an extremely important issue and one that Ridgedale Schools takes seriously.  We are committed to being trusted caretakers of personal information within our responsibility.  Ridgedale Schools also encourages students, employees, and families/guardians to become educated on data privacy and security.

What is data privacy?
Student data privacy refers to the responsible, ethical, and careful collection, use, sharing, and protection of student data.

How does Ridgedale Local Schools protect data?
Ridgedale Local Schools looks holistically at the collection, protection, use, and life cycle of our data. Technology is a key component of the process, but even more important are the processes around data use. Of critical importance are the people who carry out those processes and use the data.

People, processes, and technology are the framework for our technology governance. Read more in our Technology Governance Guide.

Technology
Examples of technology protecting our data:

  • Web filtering solution

  • Routine virus scans

  • Routine malware\vulnerability scans

Processes
Examples of processes protecting our data:

  • Digital resource request process

  • Report phishing button in staff email

People
Examples of people protecting our data:

  • Phishing prevention training

  • Data security training

  • Role-based permissions and access

What are the laws surrounding student data privacy?
There are several laws regarding student data privacy, some apply to schools while other apply to vendors.

Student Data Privacy

How are digital resources evaluated?
Ridgedale Local Schools maintains a process for reviewing digital tools before they are used with students or district data. Any application that requires student accounts, collects student information, or stores district data must be reviewed and approved prior to use.

This process supports student privacy, system security, and instructional effectiveness.

This aligns with:

Board Policy 8305 — Information Security

(which establishes requirements for protecting district data and systems)

and

Board Policy 7540.02 — Digital Content and Accessibility

(which establishes expectations for district-approved digital tools and online resources)

Approval Process Overview:

Request Submission
Staff submits a request to use a digital tool that is not currently approved.

Building Principal Review
Building Principals evaluate it for instructional value

Curriculum Director Review
Curriculum Director evaluates it to see if it fits in the current curriculum

Privacy and Security Review
The Technology Department determines whether a Data Privacy Agreement (DPA) exists through the Student Data Privacy Consortium (SDPC) or works with the vendor to obtain one.

Decision and Controls
Tools that meet district privacy and security requirements may be approved. Tools that do not meet requirements may be denied or limited in use.

Technical Safeguards
The district uses technical controls, including managed Google sign-in access, to help ensure that only approved applications connect to district accounts and student data.

Staff Expectations
Staff must submit requests for new digital tools and may only use applications that have been approved by the district.

These expectations align with:

Board Policy 7540.04 — Staff Technology Acceptable Use and Safety

(which requires staff to follow district technology procedures and protect student information)

What is a data privacy agreement?
A data privacy agreement is a legally binding contract between a data controller and a data processor, which defines how data will be used. In this case, the data controller is Ontario Local Schools, while the data processor is any third-party vendor we share student data with.

For schools, a data privacy agreement establishes several key parameters that govern what a third-party vendor can do with data, including:

  • Defining student data

  • Designating the vendor as a school official under FERPA

  • Establishing School ownership of the data

  • Limiting the use of data to only services defined by the contract

  • Requiring compliance with all applicable laws and regulations

  • Prohibiting disclosure of the data 

  • Forbidding the use of data for advertising purposes

  • Determining the data destruction process

Depending on the vendor, it may take days, weeks or months to negotiate a DPA that works for both parties. Most vendors are willing to work with schools to come to an understanding.

How can I keep my personal data safe?
It's important to routinely check on the privacy settings for your own digital life. Best practices include:

Password Protection

  • Don't reuse passwords on multiple sites, use a different password for every site

  • Don't use information that is easily available in your passwords (kids' names, pets' names, birthdates, anniversary dates, etc.)

  • Think passphrase, not password

  • The longer the better; at least 12 characters is best

  • Consider using a password manager to generate complex passwords for each site you use

  • Avoid keeping a handwritten or digital list of passwords

Turn on Multifactor Authentication Whenever Possible

Multifactor authentication (MFA) requires two of the three following elements to log in

  • something you know (like a password)

  • something you have (like a mobile device that can receive a one-time use code)

  • something you are (biometrics)

By enabling MFA, your account is much less likely to be hacked, even if your password becomes compromised. This is especially important for sensitive accounts like banking and health care. For more information on MFA, visit the Cybersecurity & Infrastructure Security Agency (CISA) website. 

Check the Privacy Settings of the Digital Tools You Use

  • The National Cybersecurity Alliance maintains a list of commonly used platforms

  • Delete accounts for sites you are no longer using

Family Resources
Common Sense Media: Parenting, Media, and Everything in Between
Common Sense Media is an independent nonprofit organization that helps empower parents/guardians by providing information to make smart media choices. 

A Parent's Guide to FERPA
Learn more about FERPA.

Family Educational Rights and Privacy Act (FERPA)
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. 

Data: The Story of You
Learn about how data tells the story of YOU.

What is Data Privacy?
Learn about data privacy in this short article.