![Digital Safety at CCS]([{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1742931860/ccsk12inus/idoaiq7uhswd9qqyrzjg/DigitalSafetyNight.jpg","width":256},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_2/v1742931860/ccsk12inus/idoaiq7uhswd9qqyrzjg/DigitalSafetyNight.jpg","width":512},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_3/v1742931860/ccsk12inus/idoaiq7uhswd9qqyrzjg/DigitalSafetyNight.jpg","width":800},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_4/v1742931860/ccsk12inus/idoaiq7uhswd9qqyrzjg/DigitalSafetyNight.jpg","width":1200},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_5/v1742931860/ccsk12inus/idoaiq7uhswd9qqyrzjg/DigitalSafetyNight.jpg","width":1600},{"url":"https://resources.finalsite.net/images/f_auto,q_auto/v1742931860/ccsk12inus/idoaiq7uhswd9qqyrzjg/DigitalSafetyNight.jpg","width":1920}])
March 25, 2025
Digital Safety
- Our Story
- Data Privacy
- Digital Citizenship
- Digital Tool Library
- Internet Filtering
- Network Security
- Student Devices
Our Story
We use the phrase digital safety at Carmel Clay Schools when we're talking about all of the ways we work to keep students, staff, and our community safe in the digital world. Digital safety includes the people, processes, and technology that make up our data governance. If you have additional questions about digital safety, please contact us.
News
March 20, 2025
January 28, 2025
Alerts
Action Item: Update all Apple devices
Action Item: Update Chrome browsers
Data Privacy
- What is data privacy?
- How does CCS protect data?
- What are the laws surrounding student data privacy?
- How are digital tools evaluated?
- What is a data privacy agreement (DPA)?
- How can I keep my personal data safe?
- Student Data Privacy FAQs
What is data privacy?
How does CCS protect data?
Data Governance
We look holistically at the collection, protection, use, and life cycle of our data. Technology is a key component of the process, but even more important are the processes around data use. And most important of all are the people who carry out those processes and use the data.
People, processes, and technology are the framework for our data governance. Read more in our Data Governance Manual.
Technology
Examples of technology protecting our data:
- ContentKeeper filtering solution
- Multiple data backups
- Routine vulnerability scans
Processes
Examples of processes protecting our data:
- LearnPlatform digital tool request process
- Block/unblock request form for staff
- Report phishing button in staff email
People
Examples of people protecting our data:
- Phishing prevention training
- Data security training
- Role-based permissions and access
What are the laws surrounding student data privacy?
There are several laws regarding student data privacy, some apply to schools while other apply to vendors. Four of the major laws are listed below.
| CIPA | COPPA | FERPA | PPRA | |
|---|---|---|---|---|
| Full Name | Children's Internet Protection Act | Children's Online Privacy and Protection Act | Family Educational Rights and Privacy Act | Protection of Pupil Rights Amendment |
| Enacted | 2000 | 1998 | 1974 | 1978 |
| Enforced by | Federal Communications Commission (FCC) | Federal Trade Commission (FTC) | US Department of Education | US Department of Education |
| Applies to | K-12 schools and libraries using E-rate discounts for internet access | Operators of commercial websites and online services (including mobile apps and IoT devices) directed to children under 13 that collect, use, or disclose personal information from children | All schools that receive funds under an applicable program of the US Department of Education | State education agencies (SEA), local education agencies (LEA), or other recipients of funds under any program funded by the US Department of Education |
| Summary | Enacted to address concerns about children's access to harmful internet content | Enacted to address concerns about use and disclosure of personal information on the internet by and about children under 13 | Establishes rights surrounding student education records for parents and eligible students | Governs student survey administration when one of eight protected topics is included |
| More information | CIPA | COPPA | FERPA | PPRA |
How are digital tools evaluated?
Digital Tool Evaluation Process
There are two ways digital tools are approved for use in Carmel Clay Schools. These include tools that require student accounts or are used to collect or store student information. Tools that do not require student logins or tools that students choose to use independently from classroom requirements are not necessarily included.
formal program evaluation and curriculum adoption process
Curriculum adoption of digital tools uses an evaluation rubric covering topics such as accessibility, interoperability with current systems, student and teacher account provisioning, and data privacy. Examples include Canvas, McGraw-Hill online textbooks, and Google Workspace for Education.
LearnPlatform digital tool request process
Teachers who wish to incorporate supplemental digital tools into their classrooms must first check the digital tool library in LearnPlatform. If the tool they wish to use has not already been evaluated, is not listed in the library, and requires student accounts and/or will store student information, they must request an evaluation.
The evaluation process consists of four possible steps. A tool may be denied at any point in the process and must successfully reach Step 4 to be added to the library as an approved tool. Examples of approved tools include Canva for Education and Screencastify. Examples of denied tools include Epic! and Prodigy Math. The complete list of reviewed tools is available at https://ccs.app.learnplatform.com/new/public.
- Step 1 - Building Review
- The teacher discusses the request with their building admin
- What problem are we trying to solve?
- What additional benefits does this tool provide?
- Where will this tool be used during the instructional day?
- The teacher discusses the request with their building admin
- Step 2 - District Review
- The building admin discusses the request with district admin
- Are there costs associated with this tool and if so, how will they be paid?
- What are the training and onboarding needs for this tool?
- The building admin discusses the request with district admin
- Step 3 - Data Privacy Review
- Data privacy officer works with the vendor to secure a data privacy agreement (DPA)
- Step 4 - Final decision
- Once the tool has passed building, district, and data privacy evaluations, both CCS and the vendor sign a data privacy agreement and the tool is added to the LearnPlatform library.
What is a data privacy agreement (DPA)?
A data privacy agreement is a legally binding contract between a data controller and a data processor, which defines how data will be used. In this case, the data controller is Carmel Clay Schools, while the data processor is any third-party vendor with whom data are shared.
For schools, a data privacy agreement establishes several key parameters that govern what a third-party vendor can do with data, including:
- Defining student data
- Designating the vendor as a school official under FERPA
- Establishing CCS ownership of the data
- Limiting the use of data to only services defined by the contract
- Requiring compliance with all applicable laws and regulations
- Prohibiting disclosure of the data
- Forbidding the use of data for advertising purposes
- Determining the data destruction process
Depending on the vendor, it may take days or weeks to negotiate a DPA that works for both parties. Most vendors are willing to work with schools to come to an understanding, and student data privacy laws in states such as California, Illinois, New York, and Connecticut are helping to push the conversation forward.
How can I keep my personal data safe?
Personal privacy check-ups
It's important to routinely check on the privacy settings for your own digital life. Best practices include:
Password protection
- Don't reuse passwords on multiple sites, use a different password for every site
- Don't use information that is easily available in your passwords (kids' names, pets' names, birthdates, anniversary dates, etc.)
- Think passphrase, not password
- The longer the better; at least 12 characters is best
- Consider using a password manager to generate complex passwords for each site you use
- Avoid keeping a handwritten or digital list of passwords
Turn on multifactor authentication whenever possible
Multifactor authentication (MFA) requires two of the three following elements to log in
- something you know (like a password)
- something you have (like a mobile device that can receive a one-time use code)
- something you are (biometrics)
By enabling MFA, your account is much less likely to be hacked, even if your password becomes compromised. This is especially important for sensitive accounts like banking and health care. For more information on MFA, visit the Cybersecurity & Infrastructure Security Agency (CISA) website.
Check the privacy settings of the digital tools you use
- The National Cybersecurity Alliance maintains a list of commonly used platforms
- Delete accounts for sites you are no longer using
Student Data Privacy FAQs
Digital Citizenship
💻 What is digital citizenship?
At it's core, digital citizenship is using technology in a way that is responsible and respectful, both for the person using the technology and others they interact with. It's an integral part of participating in a digital world. Our board policy and administrative guidelines outline how staff and students can use CCS technology responsibly.
CCS Responsible Use of Technology - Policy 7540
CCS Responsible Use of Technology - Administrative Guidelines 7540
👩🏽🏫 How do we teach digital citizenship at CCS?
We use the Common Sense Media digital citizenship lessons with students. As a part of our participation in E-rate funding, we are required under the Children's Internet Protection Act (CIPA) to provide instruction to students on appropriate online behavior, safety and privacy, and cyberbullying. While Common Sense has specific lessons that align with the CIPA requirements, we encourage schools to teach all lessons at each grade level.
Digital Tool Library
Internet Filtering
Internet Filtering
As an educational facility serving K-12 students, Carmel Clay Schools provides safe access to Web 2.0 resources for our students and staff, while complying with the Children’s Internet Protection Act (CIPA) and the Family Education Rights and Privacy Act (FERPA). We use the ContentKeeper filtering solution to provide a safe and education-focused content filter for desktop, laptop, Chromebook, and mobile devices while connected to the CCS network. This tool provides a nationally recognized, comprehensive, education-specific database and granularly customizable policies that filter based upon a variety of categories including adult material, sexually explicit material, security and phishing frauds, in addition to illegal or questionable material without over blocking. The list is updated directly from ContentKeeper. Carmel Clay Schools is also able to add sites to be blocked, when they are found to be inappropriate.
As new websites are constantly being developed, Carmel Clay Schools has a process in place which allows staff members to request sites to be added to the restricted list. Our nightly update along with continual evaluation of sites allow us to provide a safe online learning environment for our users.
ContentKeeper FAQs
- What data does ContentKeeper track?
- Will ContentKeeper block all inappropriate content?
- Are student activities filtered while off-site/off of the CCS Network?
- To what extent, if any, does ContentKeeper affect system performance?
- What happens if ContentKeeper blocks a legitimate and non-nefarious site?
- How can I see my student's Chromebook history?
- Does ContentKeeper block access to social media?
- Does ContentKeeper block access to VPNs?
What data does ContentKeeper track?
Will ContentKeeper block all inappropriate content?
Please understand that no filtering system can be considered 100% effective. Though ContentKeeper is a robust web filtering tool, the internet is constantly changing and provides worldwide access to information. Just like all tools, using the internet requires coaching and of supervision from parents and teachers.
Are student activities filtered while off-site/off of the CCS Network?
To what extent, if any, does ContentKeeper affect system performance?
What happens if ContentKeeper blocks a legitimate and non-nefarious site?
How can I see my student's Chromebook history?
CCS student Chromebooks are configured to save the browser history.
With your student logged into the Chromebook, open the Chrome browser. Select the three-dot menu in the upper right-hand corner (1), hover over History (2), and select History (3).
Alternately, you may hit ctrl + h on the keyboard.
Student browser activity is grouped by date (1). You may also use the search box at the top of the page (2).
Does ContentKeeper block access to social media?
Does ContentKeeper block access to VPNs?
We block access to known VPNs on the CCS network.
VPN stands for Virtual Private Network. A VPNs is a software tool that creates an anonymous and encrypted connection between the user and the internet by routing internet traffic through the VPN’s server. It violates our Responsible Use Policy to use a VPN to bypass ContentKeeper (section M under Conditions and Standards for Responsible Use of Technology).
We block access to known web proxies on the CCS network.
A web proxy is a website that acts as a middleman between the user and the content they are trying to access. Web proxies create an anonymous connection to the internet but don’t provide the same encryption as a VPN. Using a web proxy to bypass ContentKeeper violates our Responsible Use Policy.
Just as with all content on the internet, new VPNs and web proxies appear daily. Both ContentKeeper and CCS technology staff work to keep our lists as up-to-date as possible.
Network Security
🏫 Keeping the CCS network safe
Many overlapping layers work together to keep our network infrastructure safe. Our three guiding principals are integrity, availability, and confidentiality.
Integrity |
Availability |
Confidentiality |
| assurance that information is accurate and reliable | guaranteed access to information by authorized users | access to information is restricted to those who have need |
Staff security
- Staff training on email and internet security, phishing prevention
- Ongoing staff communication
- Principle of least privilege
- Automated account creation and role-based permissions
- MFA (multifactor authentication) required for all staff accounts
Security Partnerships
- CIS - Center for Internet Security
- CISA - Cybersecurity and Infrastructure Security Agency
- K12 SIX - K-12 Security Information eXchange
- KnowBe4 - Security awareness training
- MS-ISAC - Multi-State Information Sharing & Analysis Center
- NIST - National Institute of Standards and Technology
- SDPC - Student Data Privacy Consortium
Network Security Measures
- Brick & mortar security
- Firewall
- Email filtering
- Internet filtering
- Backups
- Vulnerability scans and penetration tests
- Disaster recovery plan
- Tabletop simulations and failover practice
🏠 Keeping your home network safe
- Center for Internet Security: How to Secure Your Home Network Against Cyber Threats
- Federal Trade Commission: How to Secure Your Home Wi-Fi Network
- KnowBe4: Home Internet Security Awareness Training Course
- This course is free, but requires a password. Please email us and we will provide it.
- Your internet service provider may have additional security options available to you, such as blocking devices from connecting to the internet at specific times of day. Please contact your provider for more information.
Network Security Contact
Let us know about observed or suspected security issues with the CCS network.
Student Devices
Classroom Technology Integration
Carmel Clay Schools values innovation in the classroom and teacher knowledge of new technological opportunities. The curriculum adoption process provides many technology tools for use within classrooms, with district-approved tools included in the Responsible Use Policy and Guidelines.
Teachers can analyze new classroom technology tools and recommend their use within their classrooms using LearnPlatform. The tools listed below help teachers review privacy policies and terms of use for new apps, extensions, websites, or software they may wish to use within their classroom.
Before You Begin...Choose Your Tech Wisely!
- Stick to tools designed with education in mind, especially those which require student accounts. Products that commercialize student learning are not recommended.
- Before students may create accounts or teachers create accounts for students, the tool must go through the LearnPlatform request process and the district must have a signed data privacy agreement with the vendor.
- Avoid apps, games, or websites that seem focused on advertising.
- Be cautious with tools that claim to be for education but are also aimed at consumers or the business world.
Source: Common Sense Media
Consider the following questions
- What is the learning goal?
- Does the tool align with Indiana standards?
- Is there another tool already approved that provides a similar function?
- What, if any, age restriction is there in order to use this tool? (e.g. not for children 13 and under)
How do I make requests?
![Block/Unblock]([{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1573499795/ccsk12inus/lshc47mdgmrrmvgudimi/Block_Unblock.png","width":256},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_2/v1573499795/ccsk12inus/lshc47mdgmrrmvgudimi/Block_Unblock.png","width":512},{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_3/v1573499795/ccsk12inus/lshc47mdgmrrmvgudimi/Block_Unblock.png","width":800},{"url":"https://resources.finalsite.net/images/f_auto,q_auto/v1573499795/ccsk12inus/lshc47mdgmrrmvgudimi/Block_Unblock.png","width":1200}])
Use the Block/Unblock form to request access to websites that ContentKeeper is blocking, or to request to add a site to the blocked list.
![LearnPlatform Logo - A+ surrounded by a green and blue circle]([{"url":"https://resources.finalsite.net/images/f_auto,q_auto,t_image_size_1/v1659620548/ccsk12inus/ick19zuji5vblkjxrf1s/LearnPlatformLogo.png","width":256},{"url":"https://resources.finalsite.net/images/f_auto,q_auto/v1659620548/ccsk12inus/ick19zuji5vblkjxrf1s/LearnPlatformLogo.png","width":430}])
Use LearnPlatform to see the list of district approved tools and to request access to new ones.
Digital Safety Tools for Families
- Digital Citizenship at Home
- Home Network Security
- Parental Controls for Personal Devices
- Personal Data Privacy Checkup
- Preventing Identity Theft
- Recovering from a Data Breach
Digital Citizenship at Home
🏠 Digital citizenship at home
Continue the digital citizenship conversation at home with the help of these resources
Common Sense Media Family Resources
- Family resources to align with the Common Sense digital citizenship curriculum
Common Sense Media Family Tech Planners
- Age-appropriate agreements you can customize for your family
Common Sense Media Parent Tips & FAQs
- Articles, guides, and tips organized by age, topic, and platform
Parental Guide to Protecting Your Child's Online Activity
- A guide for parents from the Center for Internet Security
- YouTube playlist addressing common parenting questions
- Physician and filmmaker Delaney Rushton shares her research on digital balance
Home Network Security
Secure your Modem & Router
- Make sure your hardware and software is up-to-date; check for firmware updates
- Change the default passwords
- Enable automatic updates
- Make use of built-in device management
- Most routers have settings to control connected devices
- Example: group kids devices together and disconnect them from the internet after 10pm
- Options will vary by router, so contact your internet service provider for more information
- Reboot your modem regularly
Secure Your Wi-Fi
- Change your network name
- Enable a guest network
- Connect your primary devices (desktops, laptops, etc.) to your primary network
- Connect secondary devices (TVs, smart devices, etc.) to your guest network
Sources
- Center for Internet Security: How to Secure Your Home Network Against Cyber Threats
- Federal Trade Commission: How to Secure Your Home Wi-Fi Network
Additional Training
KnowBe4: Home Internet Security Awareness Training Course
This course is free, but requires a password. Please email us and we will provide it.
Parental Controls for Personal Devices
Parental Controls
There are tools available for families to help keep students safer on personal mobile devices.
Additional Resources
Cellphones and Devices: A Guide for Parents and Caregivers
Personal Data Privacy Checkup
Personal privacy check-ups
It's important to routinely check on the privacy settings for your own digital life. Best practices include:
Password protection
- Don't reuse passwords on multiple sites, use a different password for every site
- Don't use information that is easily available in your passwords (kids' names, pets' names, birthdates, anniversary dates, etc.)
- Think passphrase, not password
- The longer the better; at least 12 characters is best
- Consider using a password manager to generate complex passwords for each site you use
- Avoid keeping a handwritten or digital list of passwords
Turn on multifactor authentication whenever possible
Multifactor authentication (MFA) requires two of the three following elements to log in
- something you know (like a password)
- something you have (like a mobile device that can receive a one-time use code)
- something you are (biometrics)
By enabling MFA, your account is much less likely to be hacked, even if your password becomes compromised. This is especially important for sensitive accounts like banking and health care. For more information on MFA, visit the Cybersecurity & Infrastructure Security Agency (CISA) website.
Check the privacy settings of the digital tools you use
- The National Cybersecurity Alliance maintains a list of commonly used platforms
- Delete accounts for sites you are no longer using
Preventing Identity Theft
Consumer Alerts
The Federal Trade Commission has a consumer advice page where you can get more information about current known scams, articles about best practices, report fraud and identity theft, and sign up for consumer alerts.
Credit Freeze
A credit freeze can help prevent identity theft by preventing new credit accounts from being created while the freeze is in place. You can place a freeze on your own credit as well as on your child's. For more information, visit the Federal Trade Commission websites linked below.
FTC - Protecting Children from Identity Theft
Indiana Attorney General - Credit Freezes
Recovering from a Data Breach
What to Do If You Suspect Your Data Has Been Compromised:
- Change your passwords. Update passwords for all online accounts, including email, social media, and financial institutions.
- Enable two-factor authentication. Adding another method of authentication, such as getting a text message with an access code, along with entering a password, helps protect accounts from malicious actors.
- Monitor your financial accounts closely. Look for any unauthorized transactions on bank accounts, credit cards, and other financial services.
- Consider placing a fraud alert or credit freeze on your credit report. This makes it more difficult for someone to open new accounts in your name. You can place a fraud alert or credit freeze with each of the three major credit reporting bureaus: Equifax, Experian, and TransUnion.
- Be wary of suspicious emails, phone calls, and texts. Do not click on links or open attachments in emails or texts from unknown senders. Do not provide personal information to anyone who calls or texts you unexpectedly.
- Review your medical and insurance statements carefully. Look for any unauthorized charges or services.
Resources:
- Federal Trade Commission (FTC): https://consumer.ftc.gov/features/identity-theft - Provides information on identity theft, including how to report it and what to do if it happens.
- IdentityTheft.gov: https://www.identitytheft.gov/ - A website run by the Federal Trade Commission that provides a step-by-step recovery plan for victims of identity theft.
Report any suspected criminal activity to your local law enforcement agency:
- Indianapolis Cyber Fraud Task Force: Cyber incidents financially related can be reported to the Indianapolis Cyber Fraud Task Force at: ind-cftf@usss.dhs.gov or call (317) 635-6420.
- Indiana State Police (ISP): ISP’s Cybercrime & Investigative Technologies Section has detectives who specialize in conducting cybercrime investigations. Call (317) 232-8248.
- FBI - Internet Crime Complaint Center (IC3): The FBI Internet Crime Complaint Center's (IC3 - https://www.ic3.gov/) mission is to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cybercrime. The IC3 gives the victims of cybercrime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations.