DESSA, Social Sentinel - RSA 91-A Right To Know demand - student and personal data - Part 2 - Granite Grok

DESSA, Social Sentinel – RSA 91-A Right To Know demand – student and personal data – Part 2

Gilford School District

This was a more lengthy Right To Know I sent to SAU 73 Superintendent Kirk Beitler than what I sent to our Town Clerk / Tax Collector (and  modeled after Grokster Ann Marie’s one to SAU 16 Superintendent David Ryan). And answer he did.

—— Original Message ——

From: “Beitler, Kirk” <kbeitler@sau73.org>
To: “skipdcm” <Skip@granitegrok.com>; “GSD School Board” <sb@sau73.org>
Sent: 6/26/2020 3:23:03 PM
Subject: Response to questions

Good afternoon Mr. Murphy,

Please find the answers to your questions below.  There will also be some information attached to this email that I will refer to in the answers to your questions.

1)  The Gilford School District, SAU 73, does not use or employ social emotional learning software.  If we do any social emotional assessment of children it is in person with the consent of the parent.

2)  The Gilford School District, SAU 73, does not use or employ social media surveillance systems.  We do have a content filter that students and staff are aware of based on their signing of the Acceptable Use Policy.  I have included as an attachment Gilford School District’s Data Governance Manual that lists policies and RSA’s related to the school district’s responsibility connected to data governance.

3)  The Gilford School District has two areas where data on <Grandson> can be found.  First, we have <Grandson>’s  IEP in the ADORA system, managed by an outside entity (MSB), which uploads the IEP into NHESIS (the NH Department of Education system to house IEP’s).  Based on federal and state law the Gilford School District is required to upload student IEP’s into NHESIS and there is no opt out.  Secondly, <Grandson>’s information and his parent / guardian information is in our student information system, MMS.  This information is not shared at this time with the NH Department of Education because of <Grandson>’s preschool status.  Once <Grandson> becomes a kindergartener in the Gilford Elementary School we will be required to upload that information to the NH Department of Education.  None of the IEP information shared through NHESIS crosses the state line, again based on state law requirements.

4)  As for privacy contracts I am not certain what you are asking.  I am attaching the NH Department of Education Minimum Standards for Privacy and Security of Student and Employee Data.  As mentioned before I have also attached the school district’s Data Governance Plan, which addresses student data security and privacy.  I have also attached the NH Student Data Privacy Agreement, which is a consortium, Student Privacy Alliance, and this consortium has vetted software for school district’s across the state.  Many school districts in New Hampshire belong to this consortium.  I have also attached a copy of the Gilford School District Application Tools, which is a list of the software used in the school district that have been approved through the consortium.  Lastly, I have attached an “Exhibit E”, which is something that companies will sign with us as an agreement of privacy terms.

Respectfully,

Kirk

Kirk Beitler
Superintendent of School
Gilford School District
2 Belknap Mountain Road
Gilford, NH 03249

I am mulling over a couple of the answers – it’s the “defensive programming” mode one picks up after doing software engineering after a number of years (e.g., “how can this function be misused or outright abused”?). Anyways, here are the docs that Superintendent Beitler sent along:

GSD Data Governance Manual 4-15-19
NH_DPA_V1_No_Exhibit
GSD-Applications-Tools-posted.xlsx-Licensed-Software
NH DOE minimum standards for data security