Data Access Security Policy

September 16, 2013

Beginning in School Year 2013-14, all public charter Local Education Agencies (“LEAs”) and their constituent campuses will be responsible for ensuring that only authorized school staff have access to the school’s student-level data in DC PCSB’s data systems, including but not limited to ProActive, SharePoint, Epicenter, and Secure File Transfer Protocol (“SFTP”) sites.

Accordingly, each LEA will be responsible for the following:

Reviewing, before the beginning of each school year, staff access to all applicable data systems and notifying DC PCSB of any individuals who should not have access to the systems. DC PCSB will help schools in this process through training, documentation, and, as necessary, hands-on assistance.
Requesting additional staff access to DC PCSB’s data systems on an as-needed basis.
Notifying DC PCSB in writing of any contractors, consultants, or other third parties it has authorized to access the school’s student-level data and communicate with DC PCSB on its behalf.
Providing DC PCSB with the contract that delineates the measures in place to ensure compliance with the Family Educational Rights and Privacy Act (“FERPA”).
Notifying DC PCSB within five business days after staff or consultants with access to DC PCSB’s data systems leave their position or have their contracts terminated. DC PCSB will deactivate those individuals’ access to ProActive, SharePoint, Epicenter, and any other data systems in place within five business days of receiving the notice.
Prohibiting school staff from sharing logins to ProActive or Epicenter. If additional staff members need access to these databases, the school will request access for each individual.