Digital Safety
RRCSD believes that being safe online is just as important as being safe in the real world. This page will help you understand how the RRCSD works to keep students, staff, and our community safe when working online.It is organized around the two main areas of digital safety: Cybersecurity & Student Data Privacy.
The district subscribes to the data principles of Confidentiality, Integrity, and Availability to ensure that all information is digitally safe.
- Confidentiality addresses the idea that personal information in our care should be protected from unauthorized access. This includes following the principle of ‘least privilege.’ This principle states that access to student personal information should be granted to our personnel and to our third-party partners only on a need-to-know basis.
- Integrity means that we try to ensure that personal information remains accurate and up-to-date, including ensuring that the information is not tampered with or changed without authorization.
- Availability ensures that the core data services that contain personal information remain available to those who are authorized to access them.
Section 1: Cybersecurity
(1A) NIST Cybersecurity
Cybersecurity is a necessary and important part of security and communications for the district. We work with the Ohio Cyber Reserve as we implement the NIST Cybersecurity Framework. NIST is a requirement that comes to academic institutions via Ohio Senate Bill 220. This bill requires academic institutions via their insurance providers to comply with NIST (or another framework) to allow for an affirmative defense (or indemnification) in cases of a data breach. This is especially required when institutions collect personal identifying information such as credit card payments or birth certificates. The district chose NIST for two reasons: (1) The Ohio Cyber Reserve was a local, free agency to work with and this is their preferred framework; (2) Connect ITC, which the district belongs to, and which the district needs to align with, also uses NIST. To comply with NIST, all employees receive cybersecurity training.
(1b) Network and Vulnerability Monitoring
The district participates in weekly audits via the Cybersecurity & Infrastructure Security Agency (CISA), a department of the U.S. Department of Homeland Security. These weekly audits require additional changes to infrastructure based on recent vulnerabilities. In addition, CISA provides two tabletop exercises for IT Staff to participate in to review processes related to irregularities as well evaluates staff risk behaviors through our training partner KnowBe4.
(1c) Multi-Factor Authentication
Multi-Factor Authentication (MFA) adds one or more additional steps when logging in to ensure that you are who you say you are. MFA is especially crucial for resources that can access your bank account and/or credit information (such as a google log-in). All staff in RRCSD must use Duo 2-Factor Authentication to comply with insurance requirements. Learn how you can use MFA on your accounts by clicking on links.
(1d) Student Passwords
Students in Grades 2-12 are responsible for maintaining a secure password to access district resources. Kindergarten and first grade students learn first about important cybersecurity measures and then learn how to manage their own passwords.
(1e) Internet Filtering & Device Monitoring
All district internet traffic is filtered in compliance with the Children's Internet Protection Act (CIPA). IT staff are also able to use various tools to monitor devices on the network for updates, security breaches, etc.
Teachers can monitor student usage of RRCSD devices when on premises through the Hapara instructional management tool. Hapara gives teachers the tools to guide online behavior and help students stay on task. In addition, RRCS employs additional safety and wellness measures through Gaggle to guard students (not staff) from dangerous online behaviors. Following Ohio Senate Bill 29, as explained in our annual notifications, the district provides written notification to parents when there is an issue related device monitoring through Gaggle within 72 hours.
Section 2: Student Data Privacy
"Student data privacy (SDP) is the "ethical, and equitable collection, use, sharing, and protection of student data. (Student Privacy Compass). It is ultimately your right to keep your person and your information to yourself. Because students spend so much time engaged in activities online, data privacy has become an extremely important issue.
(2a): Protecting Student Data Privacy
RRCSD has a long tradition of maintaining student data privacy. We are committed to being trusted caretakers of personal information within our responsibility.This means that resources that your children use are carefully vetted by an attorney to ensure that the conform with the following Board Policies. Parents also sign off on their usage during back-to-school form signing. RRCSD also requires students, employees, and families/guardians to become educated on data privacy and security.
(2b) District Approved Online Resources
The RRCSD is entrusted with personal student information, and we take protecting this information seriously. In addition to following industry-standard security procedures internally and requiring a comparable level of security from our external providers, we also comply with all applicable privacy laws that govern our collecting, use, and sharing of student personal information.
As part of our student data privacy process (in compliance with SB 29), any resource that collects data from students is reviewed by an attorney to ensure it meets district data privacy and instructional standards. In terms of student data, this information is used by educators to make the best decisions possible for the academic growth and achievement of our students. Specifically, we often take the collected data to provide next steps for students as well as create goals guiding students. Most personal student data stays local. However, some resources require us to share information with other vetted groups. In cases where data must be shared, we use the following two protocols ensure data security. (1) The district has a robust protocol for student account creation. We utilize a single sign on tool and rostering tools to create student accounts. This automation of accounts means that accounts are created when students start using a resource and are shut off when we no longer use the resource, or the student leaves the district. (2) Students have easily accessible ways of accessing their learning tools that also protect their student data. Any data that is shared is done so in a de-identified manner meaning, This means that no company, vendor, or third party employee will be able to ever associate data with your child. Through these two protocols, students can access their learning tools easily while maintaining their data privacy and security. The ways that students access these resources is through Canvas LMS or Clever.
(2c) Data Breach Notification Process
In the unlikely situation that a vendor the district uses experiences a potential data breach, they must notify the RRCSD as soon as possible. After receiving notice of a potential breach, we will evaluate their report and if confirmed, provide notifications to parents. Information on past breaches will be publicly displayed below and contain the following information.
- Date or estimated date/range of the breach
- Description of covered information breached
- The number of students unless disclosure would violate state and federal laws
- Contact information of the operator for questions
- Toll-free numbers, addresses, and websites of consumer reporting agencies and the FTC
The District will also notify parents and post information in the event the District’s data systems are breached.
Note: A notice of breach may be delayed if a law enforcement agency determines that the notification will interfere with a criminal investigation. If a breach impacts less than 10% of the student enrollment, by law it does not need to be disclosed in the manner described above.
(2d) Digital Citzenship
In addition to the district's proactive approach to SDP and data breaches, we also teach students about being a digital citizen. Digital citizenship is the ability to work within digital environments in a way that is safe and responsible. Lessons in digital citizenship are incorporated into RRCS curriculum and designed to help students engage in safe and appropriate behaviors when working online. Additionally, each unit of instruction, K-12, in all major content areas include technology integrations to ensure that students are prepared to use technology in real-world contexts.
To learn more about student data privacy, click on the link below: