-
Data Privacy
Internal Use of Data
The students’ and educators’ records that the Voorhees Township School District collects and stores are used for compliance, audit and evaluation purposes. This information is only available to employees and contract partners who have a responsibility and appropriate need for accessing the information. The district’s Technology Department is responsible for developing and implementing the policies and procedures that assure data is properly handled throughout the data lifecycle. As part of these processes, the Technology Department tracks the list of the specific individuals within the District who have access to student and educator data systems, as well as the specific data that are being requested.
External Use & Disclosure of Data
The Voorhees Township School District may release both identified and de-identified data through a formal Memorandum of Understanding (MOU) or Memorandum of Agreement (MOA) process, also known as Data Sharing Agreements. All Data Sharing Agreements must contain specific terms and conditions related to confidentiality, data privacy and security, record-keeping and data ownership. Each written agreement must clearly outline strict requirements that a research institution or institution of higher learning must agree to in order to receive data. In addition, all research requests are vetted by the district as part of their MOU/MOA process. The district must review and approve or reject all requests to conduct research using any student or school system data requested prior to submission. The contracting agency is responsible for ensuring that any research or analysis shared is “de-identified” so that individual students are not personally identifiable. Those requesting any data from the Voorhees Township School District must meet all criteria outlined in the MOU/MOA processes prior to obtaining data access. The district has the right to reject any research proposal submitted.
{processes defined in district policy 8330 – Pupil Records}
When providing or delivering data to any stakeholder using any delivery mechanism, the District maintains compliance with the Family Educational Rights and Privacy Act (FERPA), 34 CFR § 99.31. For more information on FERPA, please visit the United States District of Education’s Family Educational Rights and Privacy Act (FERPA) page.
If an individual is concerned about an alleged violation of a Data Sharing Agreement, a written complaint should be submitted to the Voorhees Township School District, including the specific allegations of fact(s) giving reasonable cause to believe that a violation occurred. The district will investigate all reasonable and timely complaints. The district may also conduct investigations without the filing of a formal complaint to determine whether a violation has occurred.
When contracting with vendors, the Voorhees Township School District follows all federal and state statutory and regulatory requirements to protect its data and data systems. Vendors must first pass a system architecture review, completed by the Technology Department. The review outlines the security infrastructure and database architecture to be used, detailing the encryption processes for storing Personally Identifiable Information (PII) or confidential data. All PII must be protected, classified and then disposed in accordance with district policy 8330 - Pupil Records.
Sensitive data transmission is only permitted using the secure file transfer methodologies that meet the state and federal security guidelines and the standards outlined by the Technology Department. The state may revise or change the file transfer methodology at any time, and contractors are required to conform to secure file transfer requirements. Data storage and protection are also subject to all state and federal requirements, including encryption for all data defined as confidential or PII, and contractors are required to conform to Payment Card Industry (PCI) Data Security Standards. When contracts with vendors expire or are terminated, the contractor is required to first return all data to the district, then erase, destroy or render unreadable all contractor copies of district data, in accordance with district policy 8330 - Pupil Records.
Certification in writing of the completion of that process must occur within 30 days of the contract end-date.