Carmel Middle School
May 15 | 6:30-7:30 pm
Sponsored by the Carmel Educational Foundation
We use the phrase digital safety at Carmel Clay Schools when we're talking about all of the ways we work to keep students, staff, and our community safe in the digital world. Digital safety includes the people, processes, and technology that make up our data governance. If you have additional questions about digital safety, please contact us.
Action Item: Update all Apple devices
Action Item: Update Chrome browsers
Student data privacy refers to the responsible, ethical, and equitable collection, use, sharing, and protection of student data. Student Privacy Compass
We look holistically at the collection, protection, use, and life cycle of our data. Technology is a key component of the process, but even more important are the processes around data use. And most important of all are the people who carry out those processes and use the data.
People, processes, and technology are the framework for our data governance. Read more in our Data Governance Manual.
Examples of technology protecting our data:
Examples of processes protecting our data:
Examples of people protecting our data:
There are several laws regarding student data privacy, some apply to schools while other apply to vendors. Four of the major laws are listed below.
CIPA | COPPA | FERPA | PPRA | |
---|---|---|---|---|
Full Name | Children's Internet Protection Act | Children's Online Privacy and Protection Act | Family Educational Rights and Privacy Act | Protection of Pupil Rights Amendment |
Enacted | 2000 | 1998 | 1974 | 1978 |
Enforced by | Federal Communications Commission (FCC) | Federal Trade Commission (FTC) | US Department of Education | US Department of Education |
Applies to | K-12 schools and libraries using E-rate discounts for internet access | Operators of commercial websites and online services (including mobile apps and IoT devices) directed to children under 13 that collect, use, or disclose personal information from children | All schools that receive funds under an applicable program of the US Department of Education | State education agencies (SEA), local education agencies (LEA), or other recipients of funds under any program funded by the US Department of Education |
Summary | Enacted to address concerns about children's access to harmful internet content | Enacted to address concerns about use and disclosure of personal information on the internet by and about children under 13 | Establishes rights surrounding student education records for parents and eligible students | Governs student survey administration when one of eight protected topics is included |
More information | CIPA | COPPA | FERPA | PPRA |
There are two ways digital tools are approved for use in Carmel Clay Schools. These include tools that require student accounts or are used to collect or store student information. Tools that do not require student logins or tools that students choose to use independently from classroom requirements are not necessarily included.
Curriculum adoption of digital tools uses an evaluation rubric covering topics such as accessibility, interoperability with current systems, student and teacher account provisioning, and data privacy. Examples include Canvas, McGraw-Hill online textbooks, and Google Workspace for Education.
Teachers who wish to incorporate supplemental digital tools into their classrooms must first check the digital tool library in LearnPlatform. If the tool they wish to use has not already been evaluated, is not listed in the library, and requires student accounts and/or will store student information, they must request an evaluation.
The evaluation process consists of five possible steps. A tool may be denied at any point in the process and must successfully reach Step 5 to be added to the library as an approved tool. Examples of approved tools include Canva for Education and Screencastify. Examples of denied tools include Epic! and Prodigy Math. The complete list of reviewed tools is available at https://ccs.app.learnplatform.com/new/public.
A data privacy agreement is a legally binding contract between a data controller and a data processor, which defines how data will be used. In this case, the data controller is Carmel Clay Schools, while the data processor is any third-party vendor with whom data are shared.
For schools, a data privacy agreement establishes several key parameters that govern what a third-party vendor can do with data, including:
Depending on the vendor, it may take days or weeks to negotiate a DPA that works for both parties. Most vendors are willing to work with schools to come to an understanding, and data privacy laws in states such as California, Illinois, New York, and Connecticut are helping to push the conversation forward.
It's important to routinely check on the privacy settings for your own digital life. Best practices include:
Multifactor authentication (MFA) requires two of the three following elements to log in
By enabling MFA, your account is much less likely to be hacked, even if your password becomes compromised. This is especially important for sensitive accounts like banking and health care. For more information on MFA, visit the Cybersecurity & Infrastructure Security Agency (CISA) website.
At it's core, digital citizenship is using technology in a way that is responsible and respectful, both for the person using the technology and others they interact with. It's an integral part of participating in a digital world. Our board policy and administrative guidelines outline how staff and students can use CCS technology responsibly.
CCS Responsible Use of Technology - Policy 7540
CCS Responsible Use of Technology - Administrative Guidelines 7540
We use the Common Sense Media digital citizenship lessons with students. As a part of our participation in E-rate funding, we are required under the Children's Internet Protection Act (CIPA) to provide instruction to students on appropriate online behavior, safety and privacy, and cyberbullying. While Common Sense has specific lessons that align with the CIPA requirements, we encourage schools to teach all lessons at each grade level.
As an educational facility serving K-12 students, Carmel Clay Schools provides safe access to Web 2.0 resources for our students and staff, while complying with the Children’s Internet Protection Act (CIPA) and the Family Education Rights and Privacy Act (FERPA). We use the ContentKeeper filtering solution to provide a safe and education-focused content filter for desktop, laptop, Chromebook, and mobile devices while connected to the CCS network. This tool provides a nationally recognized, comprehensive, education-specific database and granularly customizable policies that filter based upon a variety of categories including adult material, sexually explicit material, security and phishing frauds, in addition to illegal or questionable material without over blocking. The list is updated directly from ContentKeeper. Carmel Clay Schools is also able to add sites to be blocked, when they are found to be inappropriate.
As new websites are constantly being developed, Carmel Clay Schools has a process in place which allows staff members to request sites to be added to the restricted list. Our nightly update along with continual evaluation of sites allow us to provide a safe online learning environment for our users.
Please understand that no filtering system can be considered 100% effective. Though ContentKeeper is a robust web filtering tool, the internet is constantly changing and provides worldwide access to information. Just like all tools, using the internet requires coaching and of supervision from parents and teachers.
CCS student Chromebooks are configured to save the browser history.
With your student logged into the Chromebook, open the Chrome browser. Select the three-dot menu in the upper right-hand corner (1), hover over History (2), and select History (3).
Alternately, you may hit ctrl + h on the keyboard.
Student browser activity is grouped by date (1). You may also use the search box at the top of the page (2).
We block access to known VPNs on the CCS network.
VPN stands for Virtual Private Network. A VPNs is a software tool that creates an anonymous and encrypted connection between the user and the internet by routing internet traffic through the VPN’s server. It violates our Responsible Use Policy to use a VPN to bypass ContentKeeper (section M under Conditions and Standards for Responsible Use of Technology).
We block access to known web proxies on the CCS network.
A web proxy is a website that acts as a middleman between the user and the content they are trying to access. Web proxies create an anonymous connection to the internet but don’t provide the same encryption as a VPN. Using a web proxy to bypass ContentKeeper violates our Responsible Use Policy.
Just as with all content on the internet, new VPNs and web proxies appear daily. Both ContentKeeper and CCS technology staff work to keep our lists as up-to-date as possible.
Many overlapping layers work together to keep our network infrastructure safe. Our three guiding principals are integrity, availability, and confidentiality.
Integrity |
Availability |
Confidentiality |
assurance that information is accurate and reliable | guaranteed access to information by authorized users | access to information is restricted to those who have need |
Let us know about observed or suspected security issues with the CCS network.
Continue the digital citizenship conversation at home with the help of these resources
Common Sense Media Family Resources
Common Sense Media Family Tech Planners
Common Sense Media Parent Tips & FAQs
Common Sense Media Parents' Ultimate Guide to Parental Controls
KnowBe4: Home Internet Security Awareness Training Course
This course is free, but requires a password. Please email us and we will provide it.
It's important to routinely check on the privacy settings for your own digital life. Best practices include:
Multifactor authentication (MFA) requires two of the three following elements to log in
By enabling MFA, your account is much less likely to be hacked, even if your password becomes compromised. This is especially important for sensitive accounts like banking and health care. For more information on MFA, visit the Cybersecurity & Infrastructure Security Agency (CISA) website.
The Federal Trade Commission has a consumer advice page where you can get more information about current known scams, articles about best practices, report fraud and identity theft, and sign up for consumer alerts.
A credit freeze can help prevent identity theft by preventing new credit accounts from being created while the freeze is in place. You can place a freeze on your own credit as well as on your child's. For more information, visit the Federal Trade Commission websites linked below.
FTC - Protecting Children from Identity Theft
Indiana Attorney General - Credit Freezes