Menu

Administrative Procedures

Administrative Procedure 143

Security of Information Resources

Background

Preamble:

Wild Rose School Division regularly makes information available to the public, including financial statements, public board minutes and materials, annual reports, school development plans and school newsletters. This information may be obtained at schools, the Wild Rose School Division office, and the Wild Rose School Division’s website at www.wrsd.ca. Some information, by its nature, is sensitive and confidential and must be kept to a higher standard. This procedure sets the expectations for information security and privacy, and applies to anyone using Wild Rose School Division information including, but not limited to, employees, agents, appointees, consultants, contractors, persons on secondment, volunteers, practicum students, student teachers, exchange teachers, and students.

 

Procedures

Procedure:

  1. Procedure Definitions

In this procedure,

  1. “information” means knowledge or factual data all information in the custody or under the control of the Wild Rose School Division, whether in electronic or other recorded format, and includes administrative, financial, personal and student information, and information about those who interact or communicate with the Wild Rose School Division;

  2. “personal information” means recorded facts or data about an identifiable individual, including

    1. the individual's name, home or business address or home or business telephone number;

    2. the individual's race, national or ethnic origin, colour or religious or political beliefs or associations;

    3. the individual's age, sex, marital status or family status;

    4. an identifying number, symbol or other particular assigned to the individual;

    5. the individual's fingerprints, blood type or inheritable characteristics;

    6. information about the individual's health and health care history, including information about a physical or mental disability;

    7. information about the individual's educational, financial, employment or criminal history, including criminal records where a pardon has been given;

    8. anyone else's opinions about the individual;

    9. the individual's personal views or opinions, except if they are about someone else; and

    10. student records.

  3.   “security” means broadly, the protection of information.  It is an overarching, multi-faceted approach designed to protect defined information assets.  Information security addresses technical and non-technical controls including

    1. access control

    2. telecommunications and network security

    3. information security governance and risk management

    4. software development security

    5. cryptography

    6. security architecture and design

    7. operations security

    8. business continuity and disaster recovery planning

    9. legal, regulations, investigations and compliance

    10. physical (environmental) security

2. Information security and privacy

  1. Only authorized persons may have access to information.

  2. All information must be maintained in a secure manner, in confidence and disclosed only if authorized by regulation or law including, but not limited to, the School Act, the Freedom of Information and Protection of Privacy Act, the Child Welfare Act, and the Income Tax Act.

  3. Only authorized persons may use, disclose, take, alter, copy, interfere with, or destroy information, and must do so according to law and Wild Rose School Division’s records management, procedures, and practices.

3. Safekeeping information

  1. Each person using Wild Rose School Division’s information is responsible for the management and safekeeping of information under their control by ensuring that there is adequate security to prevent unauthorized access, collection, use, disclosure or disposal of information.

4. Security measures

  1. Security measures must be used for:

    1. electronic information;

    2. access to recorded messages, voice mail and telephone

    3. answering machines; and

    4. access to and within buildings.

    5. the level of security measures must be consistent with the level of sensitivity of the information.

5. Cellular telephones, e-mails and faxes

  1. Caution must be used when conveying confidential information over insecure technologies such as cellular telephones, e-mail and faxes.

6. Sensitive or confidential information

  1. Records containing sensitive or confidential information must not be kept on desks or in places where unauthorized persons or members of the public may see or have access to them.

7. Secure storage of information

  1. Sensitive or confidential information must be stored in a secure location with restricted access, such as secure electronic storage, a locked room, or a locked filing cabinet.

  2. Care must be taken when transporting or transferring sensitive or confidential information so that it reaches its destination intact and without unauthorized access or disclosure.

  3. Google Apps For Education is governed by a detailed Privacy Policy, which ensures we (Google) will not inappropriately share or use personal information placed in our systems.

  4. The Google Apps Terms of Service contractually ensures that students, faculty, and staff are the sole owners of their data.

  5. The controls, processes and policies that protect user data in our systems have obtained a SAS 70 Type II attestation and will continue to seek similar attestation.

  6. Google complies with applicable US privacy law, and the Google Apps Terms of Service can specifically detail their obligations and compliance with FERPA (Family Educational Rights and Privacy Act) regulations.

  7. Google is registered with the US-EU Safe Harbor agreement, which ensures that their data protection compliance meets international standards.  *Note:  Although these laws have no legal standing in Alberta or Canada, consider that they demonstrate Google’s commitment to the protection of personal information of our users.

  8. Sensitive or confidential information must be stored in a secure location with restricted access, such as secure electronic storage, a locked room, or a locked filing cabinet.

  9. Care must be taken when transporting or transferring sensitive or confidential information so that it reaches its intended destination intact and without unauthorized access or disclosure.

  10. Information maintained in Wild Rose School Division’s Google Apps for Education should be restricted to user created work (documents, presentations, email, sites, etc and should not contain confidential information.

  11. Detailed information on Google Apps for Education’s security and privacy can be located on their website.

8. Disposal of information

  1. Any information that is no longer required for either administrative, educational, financial, legal or historical purposes, and the retention of which is not regulated by any provincial or federal law, may only be destroyed in accordance with records management procedures and practices.

  2. Any equipment or storage media that may have housed confidential information must be disposed of by Wild Rose School Division’s information services department, in accordance with their data destruction agreement with third parties.  

References

Legislative References:

 

School Act Section 60, 61

Freedom of Information and Privacy Act

Child, Youth and Family Enhancement Act

Income Tax Act of Canada

 

Board Policy:

 

Policy 11 Delegation

 

Cross References: