CLOUD COMPUTING AND PRIVACY CURRENT PRACTICES IN FAIRFAX COUNTY PUBLIC SCHOOLS
|
|
|
- Bruce Small
- 10 years ago
- Views:
Transcription
1 CLOUD COMPUTING AND PRIVACY CURRENT PRACTICES IN FAIRFAX COUNTY PUBLIC SCHOOLS JCOTS Committee Meeting November 18, 2014 Jim Siegl Technology Architect Fairfax County Public Schools
2 AGENDA Cloud Computing in FCPS Assuring Privacy, Security and Safety in FCPS FCPS Technical Assessment Process Lessons Learned and Challenges Potential Policy Issues Questions
3 FAIRFAX COUNTY PUBLIC SCHOOLS District Profile enrollment of 186,785 (10th largest in U.S.) 14.4% of Virginia students are enrolled in FCPS Student/Computer Ratio (2:1) Enterprise-wide Wireless Infrastructure Award Winning Technology Management 2013 CIO 100 Award for its Bring Your Own Device (BYOD) Program, in CIO Magazine s top 100 IT organizations in Excellence.gov award finalists in the category Excellence in Enhancing the Customer Experience 2009 Virginia Governor s Technology Award for Innovative Use of Technology in K-12 Education
4 CLOUD COMPUTING IN FCPS Instruction Online Textbooks, Research Database and Library ebooks, IB Program Tracking, Learning Management and Assessment, Guidance, Personal Learning Plans, Document Collaboration Community Outreach School Board CMS, Emergency Notification, Surveys, Social Media Finance, Facilities and Transportation Lunch Payments, Booster Club Management, Facilities Scheduling Human Resources Applicant Tracking and Virtual Interviews, Substitute Scheduling, Professional Development and Online Training Information Technology Mobile Device Management, Streaming Video and Web Conferencing
5 COMMON MODELS OF CLOUD IN K12 AND THEIR PRIVACY IMPLICATIONS Private: District hosted SIS, LMS School Contracted: Microsoft Office 365, Google Apps, Textbooks, iready, or dedicated hosting Operating Systems, App Stores: Apple, Google, Microsoft Freemium +: Free for user/class use with fee for school/district use, or security (e.g. Edmodo, TypingClub) Free with a catch: Ads or data collection (data brokers) Free (and clear): No non-educational data collection Identity Ecosystems: Sign-in with Facebook, Twitter, Google, Microsoft, Yahoo Extended Social Networks: Like buttons, social commenting End-User
6 FCPS APPROACHES TO CLOUD PRIVACY, SECURITY AND SAFETY Parental Notice and Choice Annual Notice (FERPA/PPRA) and Comprehensive/Selective Opt-Out Student Information System Privacy Notice sisparent.fcps.edu/pvue/privacy_pxp.aspx Transparency and Communication Digital Citizenship and Privacy in FCPS Internet Safety Google Apps FAQ Online Contract Register Contracting: FCPS Confidentiality Addendum defines: Vendor as School Official under FERPA Data Use, Protection, Destruction and Breach Notification Requirements
7 FCPS APPROACHES TO CLOUD PRIVACY, SECURITY AND SAFETY Policies and Regulations: Staff and Student Acceptable Use Policies (AUP) Social Networking Guidelines and Best Practices Data Classification and Security Guidelines on the Storage of Sensitive Data Regulations: Instructional Technology Identification, Evaluation, Approval Software Application Acquisition, Development, and Support FCPS Information Security Policy Governance: Major System Project Teams Change Control Board (ITIL) Security Governance Board Training: isafe (for Staff) Processes: Technology Assessment
8 FCPS TECHNICAL ASSESSMENT PROCESS Goal is to Reduce Risk when Implementing Technology by Considering installation, deployment, and support requirements Analyzing potential impact to resources and infrastructure Identifying K-12 related privacy and security concerns Establishing proof of concept environment and appropriate solution designs Assessing the viability, scalability, sustainability of proposed technologies National Recognition of FCPS Technology Adoption Process Gartner (2006) U.S. D.O.E (Arne Duncan,., 2013) School Efficiency Review of Fairfax County Public Schools (2013) Assessments per Year Up 200% in the last 2 years, 68% mobile apps Click-wrap agreements are the norm (5 contracts, 1 RFP)
9 FCPS TECHNICAL ASSESSMENT PROCESS Pass/Fail Criteria: Privacy Policy, Encryption in Transit Account Creation: Data Collected, Data Minimization Privacy Policies and Terms of Use Student Safety: Boundaries & Privacy Controls Advertising Mobile App Testing Network Bandwidth and Load Testing for Large Systems Security Scanning for Sensitive Data Systems e.g. health, finance, parent portal
10 FCPS LESSONS LEARNED CLOUD COMPUTING BENEFITS AND PRIVACY RELATED RISKS Benefit Risk Leverage analytics capabilities Without proper (and time consuming) review, student data could be collected and used for inappropriate purposes (e.g. targeted marketing) Users access services over the Internet Potential increased security risk (data breach, or accidental data disclosure by users) Rapid provisioning and deployment of new services; large number of free services Ease of signing up lends itself to unregulated/unapproved use Cloud services are updated regularly No control over changes Changes to privacy policies and terms of service with consent/review Privacy related bugs introduced through new features Economies of scale/shared infrastructure Risks of shared infrastructure/database
11 CLOUD SECURITY AND PRIVACY CHALLENGES Risk: Actual, Contractual, Perceived Vendors and Online Service Challenges High rate of change Contracts vs. click-wrap Hard to understand, hard to validate and hard to negotiate Regulation Challenges Gaps in interpretation (e.g. Education Record, Student Data) Gaps in coverage (FERPA, COPPA, PPRA, HIPAA, School vs. Vendor) School Practice Challenges Balance between edtech innovation and security Managing opt-outs, parental consent/notification Ease of signup/self disclosure Maintaining a central list of vetted educational online services
12 POTENTIAL POLICY ISSUES Gaps in Existing Virginia Law and Policy VA data breach notification laws do not appear to cover student data breach notification, accountability and redress Guidance is needed regarding K12 use of consumer services not specifically directed at K12 Majority of cloud tools are not acquired through formal contracts District Guidance and Support State role to help school districts with privacy issues (e.g. Chief Privacy Officer) Provide resources, model policies, tech assistance, guidance Privacy Impact Assessment for state mandated/provided technologies Privacy training, e.g. VA cyber safety training law ( , 2006)
13 POTENTIAL POLICY ISSUES Concerns Related to Potential Policymaking: Unintended Consequences Definitions and scope of any policy must be very clearly defined: e.g. education record, student data, secondary use, contract, click-wrap, online educational service, profile Regulation may eliminate opportunities schools have today under FERPA, COPPA and PPRA by obtaining parental consent Regulation may have fiscal and workload impact on districts Feedback on Legislation in other States FCPS s Confidentiality Addendum aligns with California s AB 1584 California s SB 1177 Student Online Personal Information Protection Act ( SOPIPA ) may help address concerns about online educational services for K12 students from non-contracted vendors
14 QUESTIONS
WHAT YOU DON T KNOW CAN HURT YOU
WHAT YOU DON T KNOW CAN HURT YOU Beatriz Arnillas, Houston ISD Omar Khan, Common Sense Media HISD DEEPER LEARNING CULTIVATOR SOCIAL AND EMOTIONAL LEARNING FACILITATOR PERSONALIZED LEARNING ARCHITECT LITERACY
Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT
Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT Overview Cloud computing offers great opportunities for organizations, including schools, hospitals and businesses
Virginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
New York State Education Department Instructional technology plan survey
The instructional technology plan survey is designed to allow districts the opportunity to compile all data related to their technology planning and needs in one location. The data collected in the survey
On Premise Vs Cloud: Selection Approach & Implementation Strategies
On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile
Enterprise App Stores: An idea whose time has come?!
Enterprise App Stores: An idea whose time has come?! RSG Webinar " Jan 23, 2014" Kashyap Kompella @realstorygroup Hashtag #RSGWebinar A brief intro to Real Story Group We are a technology research & advisory
Cyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
1. Understanding Big Data
Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte
WILLSBORO CSD Instructional Technology Plan - Annually - 2015
LEA Information A. LEA Information 1. What is the total student enrollment based on the most recent BEDS Day submission? 2. 249 What is the student enrollment by grade band based on the latest BEDS Day
Enterprise Mobility Management -
Enterprise Mobility Management - by United States Page 1 of 5 United States My Partner Central Training Community Store Products Support Downloads Consulting Partner Programs Company Home / Enterprise
The Business Case for Cloud: Critical Legal, Business & Diligence Considerations
The Business Case for Cloud: Critical Legal, Business & Diligence Considerations Presented by Janine Anthony Bowen, Esq., CIPP/US [email protected] (678) 823-6611 Janine Anthony Bowen, Esq., CIPP/US
Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com
Bring Your Own Device (BYOD) and Mobile Device Management tekniqueit.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks
Bring Your Own Device (BYOD) and Mobile Device Management. www.cognoscape.com
Bring Your Own Device (BYOD) and Mobile Device Management www.cognoscape.com Bring Your Own Device (BYOD) and Mobile Device Management People are starting to expect the ability to connect to public networks
Department of Technology Services
Department of Technology Services 2016-2019 Strategic Plan DTS Dept. of Technology Services Utah Code 63F- 1-203 explicitly requires the Chief Information Officer (CIO) to prepare an executive branch strategic
Data Privacy & Security: Essential Questions Every Business Must Ask
Data Privacy & Security: Essential Questions Every Business Must Ask Presented by: Riddell Williams P.S. Riddell Williams P.S. May 6, 2015 #4841-4703-9779 Innocent? 2 Overview 3 basic questions every business
The SparkWeave Private Cloud & Secure Collaboration Suite. Core Features
The SparkWeave Private Cloud & Secure Collaboration Suite The SparkWeave Private Cloud is a virtual platform hosted in the customer s data center. SparkWeave is storage agnostic, autonomously providing
POLICIES AND REGULATIONS Policy #78
Peel District School Board POLICIES AND REGULATIONS Policy #78 DIGITAL CITIZENSHIP Digital Citizenship Digital citizenship is defined as the norms of responsible behaviour related to the appropriate use
Data Security and Identity Management
Data Security and Identity Management Leading Change Data Pre-Conference June 16, 2014 Ed Jung Chief Technology Officer Arizona Department of Education DATA SECURITY Are you prepared Likelihood of a data
IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
ETHICAL ELECTRIC PRIVACY POLICY. Last Revised: December 15, 2015
ETHICAL ELECTRIC PRIVACY POLICY Last Revised: December 15, 2015 This policy ("Policy") covers the privacy practices that Ethical Electric, Inc. ("Ethical Electric", "we" or "us") employs with respect to
Subject: Overview of Information Technology Services and the Strategic Technology Plan. Proposed Committee Action No Action Required Information Only.
AGENDA ITEM: IV Florida Polytechnic University Board of Trustees Technology Committee Subject: Overview of Information Technology Services and the Strategic Technology Plan Proposed Committee Action No
Recommendations for the PIA. Process for Enterprise Services Bus. Development
Recommendations for the PIA Process for Enterprise Services Bus Development A Report by the Data Privacy and Integrity Advisory Committee This report reflects the consensus recommendations provided by
Utilizing big data to bring about innovative offerings and new revenue streams DATA-DERIVED GROWTH
Utilizing big data to bring about innovative offerings and new revenue streams DATA-DERIVED GROWTH ACTIONABLE INTELLIGENCE Ericsson is driving the development of actionable intelligence within all aspects
Who Should Know This Policy 2 Definitions 2 Contacts 3 Procedures 3 Forms 5 Related Documents 5 Revision History 5 FAQs 5
Information Security Policy Type: Administrative Responsible Office: Office of Technology Services Initial Policy Approved: 09/30/2009 Current Revision Approved: 08/10/2015 Policy Statement and Purpose
Using AWS in the context of Australian Privacy Considerations October 2015
Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview
Cloud Computing & Health Care Organizations: Critical Privacy & Security Issues - December 16, 2015
Cloud Computing & Health Care Organizations: Critical Privacy & Security Issues - December 16, 2015 James B. Wieland, Principal, Ober Kaler David Holtzman, VP of Compliance, CynergisTek Welcome The slides
PRIVACY MANAGEMENT ACTIVITIES
PRIVACY MANAGEMENT ACTIVITIES Designed for the privacy office to take privacy management to the next level, Nymity Templates offers a wide range of downloadable resources. Publication Date: June 2014 1.
Section 4 MANAGEMENT CONTROLS AND PROCESSES. Section 4
Section 4 MANAGEMENT CONTROLS AND PROCESSES Section 4 MANAGEMENT CONTROLS AND PROCESSES MANAGEMENT CONTROLS AND PROCESSES FEATURED IN THIS SECTION 4.1 Information Management Framework... 1 4.2 Strategic
BRING YOUR OWN DEVICES:
BRING YOUR OWN DEVICES: OPPORTUNITIES AND CHALLENGES Corin Richards, Administrator for Instructional Technology Beaverton School District Rebekah Jacobson, Attorney Garrett Hemann Robertson P.C. Agenda
2015 NMSBA SCHOOL LAW CONFERENCE
2015 NMSBA SCHOOL LAW CONFERENCE NETWORK SECURITY, DISTRICT POLICIES ON INTERNET USE, AND THE LAW Andrew M. Sanchez David A. Richter Cuddy & McCarthy, LLP 1 FEDERAL LAWS The Family Educational Rights and
NANUET UFSD Instructional Technology Plan - Annually - 2015
LEA Information A. LEA Information 1. What is the total student enrollment based on the most recent BEDS Day submission? 2. 2,209 What is the student enrollment by grade band based on the latest BEDS Day
Bring Your Own Device (BYOD) and Mobile Device Management
Bring Your Own Device (BYOD) and Mobile Device Management Intivix.com (415) 543 1033 PROFESSIONAL IT SERVICES FOR BUSINESSES OF ALL SHAPES AND SIZES People are starting to expect the ability to connect
BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT
BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT www.intivix.com (415) 543 1033 HELP TEAM MEMBERS TO COLLABORATE MORE EASILY FROM ANYWHERE. People are starting to expect the ability to connect
Mobile App Developer Agreements
Mobile App Developer Agreements By Alan L. Friel Many companies that have had disputes with developers have been surprised to discover that the agreements signed, often without input from legal, failed
IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014
IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system
FY15 ITC Continuous Improvement Plan Narrative
Narrative Summary: 1. Describe the process used to develop your CIP, including how you obtain customer input and review of your CIP goals. The organization s customers determine the Operational goals of
Mobile Device Management. Simplified centralised Mobile Device Management solutions for the UK education sector.
Mobile Device Management. Simplified centralised Mobile Device Management solutions for the UK education sector. Mobile Device Management. The use of mobile technology in the classroom has increased exponentially
The Connected Enterprise Driving Business Value with Mobility Collaboration and Trust
The Connected Enterprise Driving Business Value with Mobility Collaboration and Trust Enzo Signore - AVAYA Vice President, Enterprise Collaboration Product Strategy 2013 Avaya Inc. All rights reserved.
CGS Technology Outsourcing
CGS Technology Outsourcing Project Management Best Practices; Modernizing Enterprise Infrastructure presented by Michael Brandi, Vice President 16 September 2015 2015 CGS Computer Generated Solutions.
Technology in the Boston Public Schools
Technology in the Boston Public Schools Office of Instructional & Information Technology Type Date Here Melissa Dodd Type Presenter Name/Contact Here Chief Information Officer 1 BPS Technology Vision Why
IBM 000-281 EXAM QUESTIONS & ANSWERS
IBM 000-281 EXAM QUESTIONS & ANSWERS Number: 000-281 Passing Score: 800 Time Limit: 120 min File Version: 58.8 http://www.gratisexam.com/ IBM 000-281 EXAM QUESTIONS & ANSWERS Exam Name: Foundations of
BRING YOUR OWN DEVICE (BYOD)
BRING YOUR OWN DEVICE (BYOD) SM LIMOTTA IT Virtualization Solutions for Hospitality 888.884.6278 SM www.limottait.com [email protected] Virtualization Solutions for Education LIMOTTAIT.com BRING YOUR
Texas Transportation Institute Information Resources Strategic Plan 2012 2016
Texas Transportation Institute Information Resources Strategic Plan 2012 2016 June 2012 Information Resources Strategic Plan 2012 2016 Texas Transportation Institute The Texas A&M University System The
Whether information is on paper or online, the basic privacy rights for students and parents remain the
We live in an increasingly connected world where information flows between us and the organizations and companies we deal with every day. Historically that information was stored in filing cabinets but,
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
Background. Liwei Ren. Trend Micro
Securing Your Data for the Journey to the Clouds Liwei Ren, Ph.D, Trend Micro April, 2015, SNIA DSI 2015, Santa Clara, California Copyright 2011 Trend Micro Inc. 1 Background Liwei Ren Research interests
Hot Topics in IT. CUAV Conference May 2012
Hot Topics in IT CUAV Conference May 2012 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.
Small Business. Leveraging SBA IT resources to support America s small businesses
Small Business Administration Information Technology Strategic Plan ( ITSP) 2012-2016 Leveraging SBA IT resources to support America s small businesses Message from the Chief Information Officer The Small
MORIAH CSD Instructional Technology Plan - Annually - 2015
LEA Information A. LEA Information 1. What is the total student enrollment based on the most recent BEDS Day submission? 2. 693 What is the student enrollment by grade band based on the latest BEDS Day
IT Strategic Planning at Princeton University. Nadine Stern Associate CIO for Operations and Planning December, 2013
IT Strategic Planning at Princeton University Nadine Stern Associate CIO for Operations and Planning December, 2013 Office of Information Technology: OIT Slide 2 Princeton University About me: VP for IT
IT Self Service and BYOD Markku A Suistola
IT Self Service and BYOD Markku A Suistola Principal Presales Consultant Why IT Service need to evolve? David Coyle, research vice president at Gartner, 2010**: "IT self-service is a great concept, enabling
DATA IN THE CLOUD. A Legal and Policy Guide for School Boards on Student Data Privacy in the Cloud Computing Era APRIL 2014 VERSION 1.
DATA IN THE CLOUD A Legal and Policy Guide for School Boards on Student Data Privacy in the Cloud Computing Era APRIL 2014 VERSION 1.0 DATA IN THE CLOUD DATA IN THE CLOUD A Legal and Policy Guide for School
2009 NASCIO Recognition Awards Nomination. A. Title: Sensitive Data Protection with Endpoint Encryption. Category: Information Security and Privacy
2009 NASCIO Recognition Awards Nomination A. Title: Sensitive Data Protection with Endpoint Encryption Category: Information Security and Privacy State: Ohio B. Executive Summary Protecting the confidentiality
Federal CIO: Cloud Selection Toolkit. Georgetown University: Chris Radich Dana Christiansen Doyle Zhang India Donald
Federal CIO: Cloud Selection Toolkit Georgetown University: Chris Radich Dana Christiansen Doyle Zhang India Donald Agenda Project Introduction Agency Cloud Challenges Toolkit Solution Overview Step 1:
03/06/2014. Bring Your Own Device: A Framework for Audit. Acknowledgement
Bring Your Own Device: A Framework for Audit Emily A Knopp, CPA, CISA Audit Director Angelo State University, Member of Texas Tech University System March 6, 2014 Texas Association of College of University
The SparkWeave Private Cloud & Secure Collaboration Suite. Core Features
The SparkWeave Private Cloud & Secure Collaboration Suite The SparkWeave Private Cloud is a virtual platform hosted in the customer s data center, completely independent from the physical storage hardware,
ios Education Deployment Overview
ios Education Deployment Overview ipad brings an amazing set of tools to the classroom. Teachers can easily customize lessons with interactive textbooks, rich media, and online courses. And students stay
1. The information we collect and how we collect it.
PRIVACY POLICY AND YOUR PRIVACY RIGHTS CountySportsZone.com aggregates, reports, and publishes high school sports information for jurisdictions across the state of Maryland. In this Privacy Policy, Affiliates
Thank you for visiting this website, which is owned by Essendant Co.
Essendant Online Privacy Policy Thank you for visiting this website, which is owned by Essendant Co. Please take a few minutes to review this Policy. It describes how we will collect, use, and share information
How To Understand Cloud Computing
Capacity Management for Cloud Computing Chris Molloy Distinguished Engineer Member, IBM Academy of Technology October 2009 1 Is a cloud like touching an elephant? 2 Gartner defines cloud computing as a
Wireless Networking Solutions for Schools. Assisting schools with the implementation of a trusted safe and secure wireless network.
Wireless Networking Solutions for Schools. Assisting schools with the implementation of a trusted safe and secure wireless network. Wireless networking for schools. As an accredited Ruckus Wireless Partner,
NSW Government. Wireless services (WiFi) Standard
NSW Government Wireless services (WiFi) Standard May 2014 CONTENTS 1. CONTEXT 2 1.1. Background 2 1.2. Purpose 2 1.3. Scope and application 2 2. STANDARDS GOVERNANCE 2 2.1. Standards to support the ICT
