Data Security Awareness 3/5/2015 Data Security Awareness Brenda Meyer, Migrant Data Consultant Mar 5, 2015
Objectives Why is collected and where is it stored Federal and State Student Privacy Laws How is the Student Information Used Student Data Destruction Student Information Safeguards State of Colorado Secure Server 2
Migrant Student Data Why Do We Collect Student Information? State and Federal Law Where is the information stored? Local file cabinets and state and local databases Who has access to student data? Authorized and authenticated migrant educational personnel Access is restricted and actively monitored 3
Federal and State Student Privacy Laws Student privacy procedures is fully adhere to the guidelines set forth in Federal and State law. Family Educational Rights and Privacy Act (FERPA) To access the FERPA click link below http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html Protection of Pupil Rights Amendment (PPRA) To access the PPRA click on link below http://www2.ed.gov/policy/gen/guid/fpco/ppra/index.html MSIX Rules of Behavior Colorado New Generation System (NGS) User Agreement NGS User Oath Identity Management - RITS 4
How Is Student Information Used? Individual Student Data Uses: Enrollment Placement Credit accrual Tracking of services Individual student growth Aggregated Student Data Uses: Federal and State reporting and funding Regional Performance Reports Program evaluation and measures Regional Improvement Plans 5
Student Data Destruction When is individual student information archived or deleted? All individual student data is encrypted and stored securely Access is restricted and actively monitored Individual student records are rendered non-individually identifiable this includes data stored on: Computer, Tablet, IPad CD/DVD Thumb drives Secondary storage technology (e.g. zip drives) Destruction of student records older than 10 years (NRG, Chapter XI, State Administration, C3) All sensitive student data housed on MEP funded retired desktop computer and/or laptop must be removed and destroyed prior to destruction The storage of all sensitive student data must be deleted or destroyed. This includes sensitive data placed in the student’s record 6
Student Information Safeguards How is the Information Safeguarded? Approved access control Strong password Protect access accounts, privileges, and associated passwords (E.g. Not sharing password and not logging on for others) Laptop/mobile device password locks Data Sharing Use of SASID must be isolated from student data and student names Strong encryption Secure Transit When disclosing sensitive student information to CDE, the information must be sent via CDE’s Secure File Transfer Protocol (SFTP) When disclosing sensitive student information to districts, the information must be encrypted and all safeguards must be used to restrict access 7
Migrant Student Information Access Users requesting access to State and Federal Migrant Student Information Systems must first complete training and must agree to comply with state and federal requirements. Each user requesting access must first have prior approval from the regional migrant director. The regional migrant director must then submit a request to the SEA requesting access on the individuals behalf. The SEA will grant access to authorized users it deems necessary. Each user must complete the Colorado NGS User Agreement, NGS User Oath Form, MSIX Application and Identity Management prior to being granted access to state and federal information systems. Each user must comply with the requirements. Failure to comply may result in disciplinary action up to and including denial of access and other consequences determined by appropriate entities. Upon termination from the Migrant Education Program, your Regional Director must submit a deactivation notice to the SEA. 8
Activity Form two groups of 5 How well are you aware of data privacy and security awareness? Each group has 1 minute to respond with the answer. Prizes will be awarded to the group with the most points. 9
CDE Secure File Transfer Server CDE’s Secure File Transfer Server (SFTP) provides a means to securely transfer sensitive data files. It meets the needs of CDE staff that send and receive sensitive data to and from external clients and collaborators. To access the server you need access to the Internet and a web browser. You must register and activate your account to receive and send files. 10
Register and Activate Your Account You will receive an email containing a delivery notification and a link to the User Registration form. Please follow these instructions: Click on the link to the User Registration form in the email. Complete the User Registration form by entering the required fields. [Click Register] You will receive an email containing an activation link along with your user name and an activation code. Click the [Activation Link] to activate your account; this will take you to the User sign in screen. You will also receive an email confirming account activation with a link to the User sign in screen. 11
Access to Secure Data The purpose of the CDE Secure File Transfer Server is for secure data transfer, not long-term storage. All data on this server is deleted periodically using a secure removal program. Data is purged 14 days after it is deposited. All data uploaded and downloaded to the secure server is encrypted in transit. Users have access only to the files they have uploaded or files that have been sent as a secure delivery to their account. User accounts on the CDE Secure File Transfer Server are valid as long as they are actively being used, otherwise after 90 days of inactivity the user account will be automatically removed. 12
Java Runtime Environment Note for External Users: To enhance the file transfers, it is highly recommended to have the Java™ Runtime Environment (JRE) be installed and integrated with your browser on your system. You may be asked the following. Click [Yes] 13
Create a User ID and Password 14
User Registration 15
Log In 16
Sign Out 17
Downloading a File When you receive an email notification of a secure delivery, click the link in the email or go directly to the server and sign in to CDE’s Secure File Transfer Server. Sign in to CDE’s Secure File Transfer Server (https://transfer.cde.state.co.us/bds) on the user sign in screen. Type your Username and Password. Click [Sign in] From the Home page, click [View Your Deliveries] Received. On the Your Deliveries: Received screen, click the [Subject link]. On the Your Delivery screen, click the [File Name Link] to download the file to your hard drive. The sender will receive notification that you have viewed the delivery. 18
Uploading a File Sign in to CDE’s Secure File Transfer Server (https://transfer.cde.state.co.us/bds) on the user sign in screen. Type your Username and Password. Click [Sign in] From the Home page, click [Create an Express Delivery]. On the Express Delivery screen: Enter recipient’s email address. Separate multiple addresses with commas or semicolons. Enter Subject. Type a brief secure message. This message will only be visible when the recipient signs in to view the delivery. Use the Browse button to search your system files and select a file. [Click Open]. You may upload multiple files. Click [Send]. This will securely upload the file to the server and send the recipient an email delivery notification with a link to the file. 19
Submitting files VIA the CDE Secure File Transfer Site 20
Step 2 and 3 Follow link and Click Received 21
Step 4 Click Message Subject 22
Step 5 Click Reply Securely 23
Step 6 Click Add File 24
Step 7 Upload File(s) 25
Step 8 Add a Message Send Reply 26
Step 9 Confirmation To Add Message 27
Step 10 File Successfully Sent 28
External vs. Internal Users External users can only receive packages. Internal users can receive, create and send packages. The SEA will determine who will require External or Internal access to the SFTP site. 29
Home Screen Click on [Home] to navigate back to the home screen options. Click on the [Help link] to access Q&A and Delivery server help. 30
Technical Support For all technical support issues, please contact the CDE Helpdesk at 303-866-6833 or by email helpdesk@cde.state.co.us Contact me by email meyer_b@cde.state.co.us 31
Thank you for Participating Enjoy the rest of the Conference! 32