As your child gets into the swing of the 2023-2024 school year, take a moment to review these tips and help build a foundation of healthy and safe habits for you and your family.
Digital Safety @ CCS
- Our Story
- Data Privacy
- Digital Citizenship
- Digital Tool Library
- Internet Filtering
- Network Security
- Student Devices
Our Story
Digital Safety
We use the phrase digital safety at Carmel Clay Schools when we're talking about all of the ways we work to keep students, staff, and our community safe in the digital world. Digital safety includes the people, processes, and technology that make up our data governance. If you have additional questions about digital safety, please contact us.
Digital Safety News Posts
We use the phrase digital safety at Carmel Clay Schools when we're talking about all of the ways we work to keep students, staff, and our community safe in the digital world.
A new publicly available tool for creating AI-generated text was recently released and will have widespread implications for society, including education. Parents of school-age children must be aware of these new tools and capabilities.
Data Privacy
- What is data privacy?
- How does CCS protect data?
- What are the laws surrounding student data privacy?
- How are digital tools evaluated?
- What is a data privacy agreement (DPA)?
- How can I keep my personal data safe?
- Student Data Privacy FAQs
What is data privacy?
Student data privacy refers to the responsible, ethical, and equitable collection, use, sharing, and protection of student data. Student Privacy Compass
How does CCS protect data?
Data Governance
We look holistically at the collection, protection, use, and life cycle of our data. Technology is a key component of the process, but even more important are the processes around data use. And most important of all are the people who carry out those processes and use the data.
People, processes, and technology are the framework for our data governance. Read more in our Data Governance Manual.
Technology
Examples of technology protecting our data:
- ContentKeeper filtering solution
- Multiple data backups
- Routine vulnerability scans
Processes
Examples of processes protecting our data:
- LearnPlatform digital tool request process
- Block/unblock request form for staff
- Report phishing button in staff email
People
Examples of people protecting our data:
- Phishing prevention training
- Data security training
- Role-based permissions and access
What are the laws surrounding student data privacy?
There are several laws regarding student data privacy, some apply to schools while other apply to vendors. Four of the major laws are listed below.
CIPA | COPPA | FERPA | PPRA | |
---|---|---|---|---|
Full Name | Children's Internet Protection Act | Children's Online Privacy and Protection Act | Family Educational Rights and Privacy Act | Protection of Pupil Rights Amendment |
Enacted | 2000 | 1998 | 1974 | 1978 |
Enforced by | Federal Communications Commission (FCC) | Federal Trade Commission (FTC) | US Department of Education | US Department of Education |
Applies to | K-12 schools and libraries using E-rate discounts for internet access | Operators of commercial websites and online services (including mobile apps and IoT devices) directed to children under 13 that collect, use, or disclose personal information from children | All schools that receive funds under an applicable program of the US Department of Education | State education agencies (SEA), local education agencies (LEA), or other recipients of funds under any program funded by the US Department of Education |
Summary | Enacted to address concerns about children's access to harmful internet content | Enacted to address concerns about use and disclosure of personal information on the internet by and about children under 13 | Establishes rights surrounding student education records for parents and eligible students | Governs student survey administration when one of eight protected topics is included |
More information | CIPA | COPPA | FERPA | PPRA |
How are digital tools evaluated?
Digital Tool Evaluation Process
There are two ways digital tools are approved for use in Carmel Clay Schools. These include tools that require student accounts or are used to collect or store student information. Tools that do not require student logins or tools that students choose to use independently from classroom requirements are not necessarily included.
formal program evaluation and curriculum adoption process
Curriculum adoption of digital tools uses an evaluation rubric covering topics such as accessibility, interoperability with current systems, student and teacher account provisioning, and data privacy. Examples include Canvas, McGraw-Hill online textbooks, and Google Workspace for Education.
LearnPlatform digital tool request process
Teachers who wish to incorporate supplemental digital tools into their classrooms must first check the digital tool library in LearnPlatform. If the tool they wish to use has not already been evaluated, is not listed in the library, and requires student accounts and/or will store student information, they must request an evaluation.
The evaluation process consists of five possible steps. A tool may be denied at any point in the process and must successfully reach Step 5 to be added to the library as an approved tool. Examples of approved tools include Canva for Education and Screencastify. Examples of denied tools include Epic! and Prodigy Math. The complete list of reviewed tools is available at https://ccs.app.learnplatform.com/new/public.
- Step 1 - Requested
- Teachers request access to digital tools
- Once a tool has 5 or more requests, it moves on to step 2
- Step 2 - Building Review
- Building administrators review the tool, if approved it moves on
- Step 3 - District Review
- District administrators review the tool, if approved it moves on
- Step 4 - Data Privacy Review
- Data privacy officer works with the vendor to secure a data privacy agreement (DPA)
- Step 5 - Final decision
- Once the tool as passed building, district, and data privacy evaluations, both CCS and the vendor sign a data privacy agreement and the tool is added to the LearnPlatform library.
What is a data privacy agreement (DPA)?
A data privacy agreement is a legally binding contract between a data controller and a data processor, which defines how data will be used. In this case, the data controller is Carmel Clay Schools, while the data processor is any third-party vendor with whom data are shared.
For schools, a data privacy agreement establishes several key parameters that govern what a third-party vendor can do with data, including:
- Defining student data
- Designating the vendor as a school official under FERPA
- Establishing CCS ownership of the data
- Limiting the use of data to only services defined by the contract
- Requiring compliance with all applicable laws and regulations
- Prohibiting disclosure of the data
- Forbidding the use of data for advertising purposes
- Determining the data destruction process
Depending on the vendor, it may take days or weeks to negotiate a DPA that works for both parties. Most vendors are willing to work with schools to come to an understanding, and data privacy laws in states such as California, Illinois, New York, and Connecticut are helping to push the conversation forward.
How can I keep my personal data safe?
Personal privacy check-ups
It's important to routinely check on the privacy settings for your own digital life. Best practices include:
Password protection
- Don't reuse passwords on multiple sites, use a different password for every site
- Don't use information that is easily available in your passwords (kids' names, pets' names, birthdates, anniversary dates, etc.)
- Think passphrase, not password
- The longer the better; at least 12 characters is best
- Consider using a password manager to generate complex passwords for each site you use
- Avoid keeping a handwritten or digital list of passwords
Turn on multifactor authentication whenever possible
Multifactor authentication (MFA) requires two of the three following elements to log in
- something you know (like a password)
- something you have (like a mobile device that can receive a one-time use code)
- something you are (biometrics)
By enabling MFA, your account is much less likely to be hacked, even if your password becomes compromised. This is especially important for sensitive accounts like banking and health care. For more information on MFA, visit the Cybersecurity & Infrastructure Security Agency (CISA) website.
Check the privacy settings of the digital tools you use
- The National Cybersecurity Alliance maintains a list of commonly used platforms
- Delete accounts for sites you are no longer using
Student Data Privacy FAQs
The wall of data privacy agreements is growing! Many more are in progress as we work on our student data privacy initiative. @myccs pic.twitter.com/mbxo38tocy
— Kate Masterson (@ccstechgirl) May 9, 2022
Digital Citizenship
💻 What is digital citizenship?
At it's core, digital citizenship is using technology in a way that is responsible and respectful, both for the person using the technology and others they interact with. It's an integral part of participating in a digital world. Our board policy and administrative guidelines outline how staff and students can use CCS technology responsibly.
CCS Responsible Use of Technology - Policy 7540
CCS Responsible Use of Technology - Administrative Guidelines 7540
👩🏽🏫 How do we teach digital citizenship at CCS?
We use the Common Sense Media digital citizenship lessons with students. As a part of our participation in E-rate funding, we are required under the Children's Internet Protection Act (CIPA) to provide instruction to students on appropriate online behavior, safety and privacy, and cyberbullying. While Common Sense has specific lessons that align with the CIPA requirements, we encourage schools to teach all lessons at each grade level.
Digital Tool Library
Internet Filtering
Internet Filtering
As an educational facility serving K-12 students, Carmel Clay Schools provides safe access to Web 2.0 resources for our students and staff, while complying with the Children’s Internet Protection Act (CIPA) and the Family Education Rights and Privacy Act (FERPA). We use the ContentKeeper filtering solution to provide a safe and education-focused content filter for desktop, laptop, Chromebook, and mobile devices while connected to the CCS network. This tool provides a nationally recognized, comprehensive, education-specific database and granularly customizable policies that filter based upon a variety of categories including adult material, sexually explicit material, security and phishing frauds, in addition to illegal or questionable material without over blocking. The list is updated directly from ContentKeeper. Carmel Clay Schools is also able to add sites to be blocked, when they are found to be inappropriate.
As new websites are constantly being developed, Carmel Clay Schools has a process in place which allows staff members to request sites to be added to the restricted list. Our nightly update along with continual evaluation of sites allow us to provide a safe online learning environment for our users.
ContentKeeper FAQs
- What data does ContentKeeper track?
- Will ContentKeeper block all inappropriate content?
- Are student activities filtered while off-site/off of the CCS Network?
- To what extent, if any, does ContentKeeper affect system performance?
- What happens if ContentKeeper blocks a legitimate and non-nefarious site?
- How can I see my student's Chromebook history?
- Does ContentKeeper block access to social media?
- Does ContentKeeper block access to VPNs?
What data does ContentKeeper track?
Will ContentKeeper block all inappropriate content?
Please understand that no filtering system can be considered 100% effective. Though ContentKeeper is a robust web filtering tool, the internet is constantly changing and provides worldwide access to information. Just like all tools, using the internet requires coaching and of supervision from parents and teachers.
Are student activities filtered while off-site/off of the CCS Network?
To what extent, if any, does ContentKeeper affect system performance?
What happens if ContentKeeper blocks a legitimate and non-nefarious site?
How can I see my student's Chromebook history?
CCS student Chromebooks are configured to save the browser history.
With your student logged into the Chromebook, open the Chrome browser. Select the three-dot menu in the upper right-hand corner (1), hover over History (2), and select History (3).
Alternately, you may hit ctrl + h on the keyboard.
Student browser activity is grouped by date (1). You may also use the search box at the top of the page (2).
Does ContentKeeper block access to social media?
Does ContentKeeper block access to VPNs?
We block access to known VPNs on the CCS network.
VPN stands for Virtual Private Network. A VPNs is a software tool that creates an anonymous and encrypted connection between the user and the internet by routing internet traffic through the VPN’s server. It violates our Responsible Use Policy to use a VPN to bypass ContentKeeper (section M under Conditions and Standards for Responsible Use of Technology).
We block access to known web proxies on the CCS network.
A web proxy is a website that acts as a middleman between the user and the content they are trying to access. Web proxies create an anonymous connection to the internet but don’t provide the same encryption as a VPN. Using a web proxy to bypass ContentKeeper violates our Responsible Use Policy.
Just as with all content on the internet, new VPNs and web proxies appear daily. Both ContentKeeper and CCS technology staff work to keep our lists as up-to-date as possible.
Network Security
🏫 Keeping the CCS network safe
Many overlapping layers work together to keep our network infrastructure safe. Our three guiding principals are integrity, availability, and confidentiality.
Integrity |
Availability |
Confidentiality |
assurance that information is accurate and reliable | guaranteed access to information by authorized users | access to information is restricted to those who have need |
Staff security
- Staff training on email and internet security, phishing prevention
- Ongoing staff communication
- Principle of least privilege
- Automated account creation and role-based permissions
- MFA (multifactor authentication) required for all staff accounts
Security Partnerships
- CIS - Center for Internet Security
- CISA - Cybersecurity and Infrastructure Security Agency
- K12 SIX - K-12 Security Information eXchange
- KnowBe4 - Security awareness training
- MS-ISAC - Multi-State Information Sharing & Analysis Center
- NIST - National Institute of Standards and Technology
- SDPC - Student Data Privacy Consortium
Network Security Measures
- Brick & mortar security
- Firewall
- Email filtering
- Internet filtering
- Backups
- Vulnerability scans and penetration tests
- Disaster recovery plan
- Tabletop simulations and failover practice
🏠 Keeping your home network safe
- Center for Internet Security: How to Secure Your Home Network Against Cyber Threats
- Federal Trade Commission: How to Secure Your Home Wi-Fi Network
- KnowBe4: Home Internet Security Awareness Training Course
- This course is free, but requires a password. Please email us and we will provide it.
- Your internet service provider may have additional security options available to you, such as blocking devices from connecting to the internet at specific times of day. Please contact your provider for more information.
Network Security Contact
Let us know about observed or suspected security issues with the CCS network.
Student Devices
Digital Safety Tools for Families
- Digital Citizenship at Home
- Home Network Security
- Personal Data Privacy Checkup
- Preventing Identity Theft
Digital Citizenship at Home
🏠 Digital citizenship at home
Continue the digital citizenship conversation at home with the help of these resources
Common Sense Media Family Resources
- Family resources to align with the Common Sense digital citizenship curriculum
Common Sense Media Family Tech Planners
- Age-appropriate agreements you can customize for your family
Common Sense Media Parent Tips & FAQs
- Articles, guides, and tips organized by age, topic, and platform
Common Sense Media Parents' Ultimate Guide to Parental Controls
- FAQs about parental controls and guides to making the best decisions for your family
- YouTube playlist addressing common parenting questions
- Physician and filmmaker Delaney Rushton shares her research on digital balance
Home Network Security
Secure your Modem & Router
- Make sure your hardware and software is up-to-date; check for firmware updates
- Change the default passwords
- Enable automatic updates
- Make use of built-in device management
- Most routers have settings to control connected devices
- Example: group kids devices together and disconnect them from the internet after 10pm
- Options will vary by router, so contact your internet service provider for more information
- Reboot your modem regularly
Secure Your Wi-Fi
- Change your network name
- Enable a guest network
- Connect your primary devices (desktops, laptops, etc.) to your primary network
- Connect secondary devices (TVs, smart devices, etc.) to your guest network
Sources
- Center for Internet Security: How to Secure Your Home Network Against Cyber Threats
- Federal Trade Commission: How to Secure Your Home Wi-Fi Network
Additional Training
KnowBe4: Home Internet Security Awareness Training Course
This course is free, but requires a password. Please email us and we will provide it.
Personal Data Privacy Checkup
Personal privacy check-ups
It's important to routinely check on the privacy settings for your own digital life. Best practices include:
Password protection
- Don't reuse passwords on multiple sites, use a different password for every site
- Don't use information that is easily available in your passwords (kids' names, pets' names, birthdates, anniversary dates, etc.)
- Think passphrase, not password
- The longer the better; at least 12 characters is best
- Consider using a password manager to generate complex passwords for each site you use
- Avoid keeping a handwritten or digital list of passwords
Turn on multifactor authentication whenever possible
Multifactor authentication (MFA) requires two of the three following elements to log in
- something you know (like a password)
- something you have (like a mobile device that can receive a one-time use code)
- something you are (biometrics)
By enabling MFA, your account is much less likely to be hacked, even if your password becomes compromised. This is especially important for sensitive accounts like banking and health care. For more information on MFA, visit the Cybersecurity & Infrastructure Security Agency (CISA) website.
Check the privacy settings of the digital tools you use
- The National Cybersecurity Alliance maintains a list of commonly used platforms
- Delete accounts for sites you are no longer using
Preventing Identity Theft
Consumer Alerts
The Federal Trade Commission has a consumer advice page where you can get more information about current known scams, articles about best practices, report fraud and identity theft, and sign up for consumer alerts.
Credit Freeze
A credit freeze can help prevent identity theft by preventing new credit accounts from being created while the freeze is in place. You can place a freeze on your own credit as well as on your child's. For more information, visit the Federal Trade Commission websites linked below.
FTC - Protecting Children from Identity Theft
Indiana Attorney General - Credit Freezes