Delaware City Schools values the privacy of its students, employees, and families/guardians. Data privacy is your right to keep your person and your information to yourself. Because we spend so much time engaged in activities online, data privacy has become an extremely important issue and one that DCS takes seriously. We are committed to being trusted caretakers of personal information within our responsibility. DCS also encourages students, employees, and families/guardians to become educated on data privacy and security.
Delaware City Schools looks holistically at the collection, protection, use, and life cycle of our data. Technology is a key component of the process, but even more important are the processes around data use. Of critical importance are the people who carry out those processes and use the data.
People, processes, and technology are the framework for our technology governance. Read more in our DCS Technology Governance Guide.
Digital resources that require student accounts or collect and store student information are required to go through a formal evaluation process.
Formal Program Evaluation and Curriculum Adoption Process
Curriculum adoption of digital tools uses an evaluation rubric covering topics such as accessibility, interoperability with current systems, student and teacher account provisioning, and data privacy. Examples include Canvas, Savvas online textbooks, and Google Workspace for Education.
DCS Digital Resource Approval Process
Teachers who wish to incorporate supplemental digital tools into their classrooms must first check the SDPC DCS Listing. If the tool they wish to use has not already been evaluated, is not listed in the library, and requires student accounts and/or will store student information, they must request an evaluation.
The evaluation process consists of four possible steps. A tool may be denied at any point in the process and must successfully reach Step 4 to be added to the library as an approved tool. Examples of approved tools include Canva for Education and Blooket. Examples of denied tools include Epic! and Quizlet. The complete list of reviewed tools is available here.
Step 1 - Building Review
The teacher discusses the request with their building leadership
What problem are we trying to solve?
What additional benefits does this tool provide?
Where will this tool be used during the instructional day?
Do we already have a tool that meets this need?
Step 2 - District Review
The district admin teams discusses the request
Are there costs associated with this tool and if so, how will they be paid?
What are the training and onboarding needs for this tool?
Does this tool have interoperability with our current technology systems?
Will we be able to support it over time?
Step 3 - Data Privacy Review
Chief Technology Officer works with the vendor to secure a data privacy agreement (DPA)
Step 4 - Final Decision
Once the tool has passed building, district, and data privacy evaluations, both DCS and the vendor sign a data privacy agreement then the tool is added to the SDPC DCS Listing as an approved tool.
A data privacy agreement is a legally binding contract between a data controller and a data processor, which defines how data will be used. In this case, the data controller is Delaware City Schools, while the data processor is any third-party vendor we share student data with.
For schools, a data privacy agreement establishes several key parameters that govern what a third-party vendor can do with data, including:
Defining student data
Designating the vendor as a school official under FERPA
Establishing DCS ownership of the data
Limiting the use of data to only services defined by the contract
Requiring compliance with all applicable laws and regulations
Prohibiting disclosure of the data
Forbidding the use of data for advertising purposes
Determining the data destruction process
Depending on the vendor, it may take days, weeks or months to negotiate a DPA that works for both parties. Most vendors are willing to work with schools to come to an understanding.
Avoid keeping a handwritten or digital list of passwords
Turn On Multifactor Authentication Whenever Possible
Multifactor authentication (MFA) requires two of the three following elements to log in
something you know (like a password)
something you have (like a mobile device that can receive a one-time use code)
something you are (biometrics)
By enabling MFA, your account is much less likely to be hacked, even if your password becomes compromised. This is especially important for sensitive accounts like banking and health care. For more information on MFA, visit the Cybersecurity & Infrastructure Security Agency (CISA) website.
Check the Privacy Settings of the Digital Tools You Use
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
