Ag e nda 2016 Sta te Priva c y L a w & Je ffc o s Pro g re - PowerPoint PPT Presentation

Sta te Priva c y L a w, I T Se c urity, a nd T e c hno lo g y Da ta Priva c y Adviso ry DPAC) Upda te Co mmitte e (T April 6,2017

Ag e nda • 2016 Sta te Priva c y L a w & Je ffc o ’ s Pro g re ss • I nfo rma tio n Se c urity Upda te • Da ta Go ve rna nc e Upda te • T DPAC Upda te • Que stio ns - Wra p Up

2016 Sta te Priva c y L a w - Priva c y L a w E xpe c ta tio ns (C.R.S. 22-16-101)

2016 Sta te Priva c y L a w - Pro g re ss Upda te T he Distr ic t’s foc us on pr ote c ting stude nt data pr ivac y is our c ultur e • I nfo rma tio n priva c y po lic ie s • So ftwa re re vie w/ tra nspa re nc y • Wo rk with sta te / lo c a l distric ts • Da ta Go ve rna nc e wo rk

I nfo rma tio n Se c urity I nfra struc ture Upda te

Se c urity Awa re ne ss Upda te : Sta ff T ra ining

Se c urity Ba sic s Co urse T o pic s • Co mmo n thre a ts to Je ffc o • K e e ping yo ur c o mpute r physic a lly sa fe • Pa sswo rd b e st pra c tic e s • K e e ping yo ur syste m up to da te • Online sa fe ty • Da ta sto ra g e b e st pra c tic e s • I nc ide nt re spo nse

Je ffc o ’ s 2016 Sta te Priva c y L a w Pr ogr e ss Update • na nc e is o ne o f the ke y me c ha nisms we use to c o ntinuo usly impro ve Je ffc o ’ s sta nc e o n da ta pr iva c y . Da ta Gove r • T o tha t e nd, we ha ve b uilt a n ope r a ting mode l a nd ma tur ity pla n fo r e ng a g ing a ll the ne c e ssa ry pa rts o f the b usine ss to e nsure da ta priva c y la ws a nd b e st pra c tic e s a re me t o r e xc e e de d. • One o f the c ritic a l o utc o me s o f the wo rk is to impro ve o ur unde rsta nding o f pre c ise ly whe r e stude nt da ta r e side s within Je ffc o , whe r e it flows a c r oss syste ms a nd out of Je ffc o , a nd wha t the a c c e ptable usa g e r ule s a r e fo r e a c h pie c e o f stude nt da ta .

Je ffc o ’ s 2016 Sta te Priva c y L a w Our Data Gove r nanc e Appr oac h • Je ffc o ’ s Da ta Gove r na nc e Committe e (DGC) ha s re pre se nta tio n fro m a ll c o re de pa rtme nts a nd me e ts re g ula rly to c o o rdina te o rg a niza tio n-wide DG/ DQ e ffo rts, ma ny o f whic h dire c tly impa c t Da ta Priva c y. • Je ffc o ha s a do pte d the Da ta ity (DMM) mode l to Ma na g e me nt Ma tur ide ntify, prio ritize , a nd me a sure pro g re ss. • Our DMM fo c us a re a s a re ma turing o ur o pe ra ting mo de l a nd g o ve rna nc e po lic ie s, e xpa nding o ur b usine ss g lo ssa ry, a nd impro ving da ta q ua lity within c ritic a l b usine ss a pplic a tio ns.

Je ffc o ’ s 2016 Sta te Priva c y L a w Re c e nt E xample s of Outc ome s • Je ffc o ’ s Da ta Qua lity Offic e pa rtne rs with a pplic a tio n o wne rs to ide ntify c ritic a l da ta a re a s tha t a re c a ndida te s fo r da ta q ua lity impro ve me nts. Sped: Documented providers for each student • T he Da ta Qua lity Offic e utilize s a DQ Immunizations: Automatic generation of unimmunized/under tify™ ) whic h va lida te s da ta sc or e c a r d (Ce r immunized students real-time (for outbreaks) a g a inst b usine ss rule s a nd a le rts use rs to e rro rs o n a da ily b a sis with g uida nc e fo r fixing the issue . • y: T he Da ta Qua lity Offic e is Busine ss Glossa r b uilding a syste m a nd pro c e sse s to c o lle c t da ta de finitio ns, usa g e rule s, line a g e , a nd Immunizations: 800 hrs/yr est. reduction in work effort for ?who??? mo re so we ha ve c o nsiste nc y, Sped: Reduced low value (correcting state submissions) work and tra nspa re nc y, a nd a n unde rsta nding o f increased high value (managing providers for students) work. e xa c tly whe re da ta flo ws within a nd o ut o f Je ffc o . Sped: $1.1M additional funding over 2 years Other potential opportunities in CTE, Medicaid - should • With the DQ Sc o re c a rd a nd the Busine ss look at all sources of district reimbursements/funding Glo ssa ry, we will ha ve c le a ne r da ta a nd a be tte r unde r sta nding of its flow a nd usa g e .

Je ffc o ’ s 2016 Sta te Priva c y L a w Pro g re ss Upda te T r anspar e nc y We bsite • Cle a r info rma tio n, unde rsta nda b le to la ype rso n o n the stude nt Pe rso na lly I de ntifia b le I nfo rma tio n (PI I ) c o lle c te d a nd ma inta ine d • L ink to da ta inve nto ry a nd dic tio na ry o r CDE inde x o f da ta e le me nts • L ist o f sc ho o l se rvic e c o ntra c t pro vide rs, se rvic e o n-de ma nd pro vide rs

I nfo rma tio n Se c urity - Mo ving F o rwa rd Controls 1. Inventory, Devices 11.) Secure Configurations for Network 2. Inventory, Software Devices 3. Secure Configurations 12.) Boundary Defense 4. Continuous Vulnerability Assessment 13.) Data Protection & Remediation 14.) Controlled Access 5. Controlled Use of Admin Privileges 15.) Wireless Access Control 6. Audit Logs 16.) Account Monitoring and Control 7. Email and Web Browser Protections 17.) Security Skills Assessment and 8. Malware Defenses Appropriate Training 9. Control Of Network Services 18.) Application software Security 10.Data Recovery Capability 19.)Incident Response and Management 20.)Penetration Tests

T DPAC Upda te - 2016/ 17 - Ne w me mb e rs intro duc e d, c ha rte r re vie w, ro le s e xpe c ta tio ns Se pte mbe r Oc tobe r - Co lo ra do Da ta Priva c y L a w intro duc tio n/ disc ussio n Nove mbe r - Ca nc e lle d De c e mbe r - 2020 visio n pre se nta tio n, te c h pla n intro duc tio n y - Re vie we d da ta priva c y pra c tic e s & sta nda rds F e br uar il/ May - Da ta Go ve rna nc e upda te / pro g re ss Apr

Que stio ns fro m the BOE