Ag e nda 2016 Sta te Priva c y L a w & Je ffc o s Pro g re - - PowerPoint PPT Presentation

Sta te Priva c y L a w, I T Se c urity, a nd T e c hno lo g y Da ta Priva c y Adviso ry Co mmitte e (T DPAC) Upda te

April 6,2017

Ag e nda

• 2016 Sta te Priva c y L

a w & Je ffc o ’ s Pro g re ss

• I

nfo rma tio n Se c urity Upda te

• Da ta Go ve rna nc e Upda te
• T

DPAC Upda te

• Que stio ns - Wra p Up

2016 Sta te Priva c y L a w - Priva c y L a w E xpe c ta tio ns

(C.R.S. 22-16-101)

2016 Sta te Priva c y L a w - Pro g re ss Upda te

T he Distr ic t’s foc us on pr

• te c ting stude nt data pr

ivac y is our c ultur e

• I

nfo rma tio n priva c y po lic ie s

• So ftwa re re vie w/ tra nspa re nc y
• Wo rk with sta te / lo c a l distric ts
• Da ta Go ve rna nc e wo rk

I nfo rma tio n Se c urity I nfra struc ture Upda te

Se c urity Awa re ne ss Upda te : Sta ff T ra ining

Se c urity Ba sic s Co urse T

• pic s
• Co mmo n thre a ts to Je ffc o
• K

e e ping yo ur c o mpute r physic a lly sa fe

• Pa sswo rd b e st pra c tic e s
• K

e e ping yo ur syste m up to da te

• Online sa fe ty
• Da ta sto ra g e b e st pra c tic e s
• I

nc ide nt re spo nse

• Da ta Gove r

na nc e is o ne o f the ke y me c ha nisms we use to c o ntinuo usly impro ve Je ffc o ’ s sta nc e o n da ta pr iva c y.

• T
• tha t e nd, we ha ve b uilt a n ope r

a ting mode l a nd ma tur ity pla n fo r e ng a g ing a ll the ne c e ssa ry pa rts o f the b usine ss

to e nsure da ta priva c y la ws a nd b e st pra c tic e s a re me t o r e xc e e de d.

• One o f the c ritic a l o utc o me s o f the wo rk is to impro ve o ur unde rsta nding o f pre c ise ly whe r

e stude nt da ta r e side s within

Je ffc o , whe r

e it flows a c r

• ss syste ms a nd out of Je ffc o, a nd wha t the a c c e ptable usa g e r

ule s a r e fo r e a c h pie c e o f

stude nt da ta .

Je ffc o ’ s 2016 Sta te Priva c y L a w

Pr

• gr

e ss Update

Je ffc o ’ s 2016 Sta te Priva c y L a w

Our Data Gove r nanc e Appr

• ac h
• Je ffc o ’ s Da ta Gove r

na nc e Committe e (DGC) ha s re pre se nta tio n fro m a ll c o re

de pa rtme nts a nd me e ts re g ula rly to c o o rdina te o rg a niza tio n-wide DG/ DQ e ffo rts, ma ny o f whic h dire c tly impa c t Da ta Priva c y.

• Je ffc o ha s a do pte d the Da ta

Ma na g e me nt Ma tur ity (DMM) mode l to

ide ntify, prio ritize , a nd me a sure pro g re ss.

• Our DMM fo c us a re a s a re ma turing o ur
• pe ra ting mo de l a nd g o ve rna nc e

po lic ie s, e xpa nding o ur b usine ss g lo ssa ry, a nd impro ving da ta q ua lity within c ritic a l b usine ss a pplic a tio ns.

Je ffc o ’ s 2016 Sta te Priva c y L a w

Re c e nt E xample s of Outc ome s

• Je ffc o ’ s Da ta Qua lity Offic e pa rtne rs with

a pplic a tio n o wne rs to ide ntify c ritic a l da ta a re a s tha t a re c a ndida te s fo r da ta q ua lity impro ve me nts.

• T

he Da ta Qua lity Offic e utilize s a DQ

sc or e c a r d (Ce r tify™ ) whic h va lida te s da ta

a g a inst b usine ss rule s a nd a le rts use rs to e rro rs o n a da ily b a sis with g uida nc e fo r fixing the issue .

• Busine ss Glossa r

y: T

he Da ta Qua lity Offic e is b uilding a syste m a nd pro c e sse s to c o lle c t da ta de finitio ns, usa g e rule s, line a g e , a nd mo re so we ha ve c o nsiste nc y, tra nspa re nc y, a nd a n unde rsta nding o f e xa c tly whe re da ta flo ws within a nd o ut o f Je ffc o .

• With the DQ Sc o re c a rd a nd the Busine ss

Glo ssa ry, we will ha ve c le a ne r

da ta a nd a be tte r unde r sta nding of its flow a nd usa g e .

Sped: $1.1M additional funding over 2 years Other potential opportunities in CTE, Medicaid - should look at all sources of district reimbursements/funding Immunizations: 800 hrs/yr est. reduction in work effort for ?who??? Sped: Reduced low value (correcting state submissions) work and increased high value (managing providers for students) work. Sped: Documented providers for each student Immunizations: Automatic generation of unimmunized/under immunized students real-time (for outbreaks)

Je ffc o ’ s 2016 Sta te Priva c y L a w Pro g re ss Upda te

T r anspar e nc y We bsite

• Cle a r info rma tio n, unde rsta nda b le to

la ype rso n o n the stude nt Pe rso na lly I de ntifia b le I nfo rma tio n (PI I ) c o lle c te d a nd ma inta ine d

• L

ink to da ta inve nto ry a nd dic tio na ry o r CDE inde x o f da ta e le me nts

• L

ist o f sc ho o l se rvic e c o ntra c t pro vide rs, se rvic e o n-de ma nd pro vide rs

I nfo rma tio n Se c urity - Mo ving F

• rwa rd
• 1. Inventory, Devices
• 2. Inventory, Software
• 3. Secure Configurations
• 4. Continuous Vulnerability Assessment

& Remediation

• 5. Controlled Use of Admin Privileges
• 6. Audit Logs
• 7. Email and Web Browser Protections
• 8. Malware Defenses
• 9. Control Of Network Services

10.Data Recovery Capability 11.) Secure Configurations for Network Devices 12.) Boundary Defense 13.) Data Protection 14.) Controlled Access 15.) Wireless Access Control 16.) Account Monitoring and Control 17.) Security Skills Assessment and Appropriate Training 18.) Application software Security 19.)Incident Response and Management 20.)Penetration Tests

Controls

T DPAC Upda te - 2016/ 17

Se pte mbe r

• Ne w me mb e rs intro duc e d, c ha rte r re vie w, ro le s e xpe c ta tio ns

Oc tobe r - Co lo ra do Da ta Priva c y L

a w intro duc tio n/ disc ussio n

Nove mbe r - Ca nc e lle d De c e mbe r - 2020 visio n pre se nta tio n, te c h pla n intro duc tio n F e br uar y - Re vie we d da ta priva c y pra c tic e s & sta nda rds Apr il/ May - Da ta Go ve rna nc e upda te / pro g re ss

Que stio ns fro m the BOE