Issue | Background | Findings | Conclusions | Recommendations | Responses | Attachments Summary of Keeping High School

Directory information (cf. 5125.1 - Release of Directory Information)

Informal notes compiled by a school officer or employee which remain in the sole possession of the maker, are used only as a personal memory aid, and are not accessible or revealed to any other person except a substitute

Records of the law enforcement unit of the district, subject to the provisions of 34 CFR 99.8 (cf. 3515.3 - District Police/Security Department) Mandatory permanent student records are those records which are maintained in perpetuity and which schools have been directed to compile by state law, regulation, or administrative directive. (5 CCR 430) Mandatory interim student records are those records which the schools are directed to compile and maintain for stipulated periods of time and are then destroyed in accordance with state law, regulation, or administrative directive. (5 CCR 430) Permitted student records are those records having clear importance only to the current educational process of the student. (5 CCR 430) Access means a personal inspection and review of a record, an accurate copy of a record or receipt of an accurate copy of a record, an oral description or communication of a record, and a request to release a copy of any record. (Education Code 49061) Disclosure means to permit access to or the release, transfer, or other communication of personally identifiable information contained in education records, to any party, by any means including oral, written, or electronic means. (34 CFR 99.3) Students AR 5125(b) STUDENT RECORDS Definitions (continued) Personally identifiable information includes but is not limited to the student's name, the name of the student's parent/guardian or other family member, the address of the student or student's family, a personal identifier such as the student's social security number or student number, and a list of personal characteristics or other information that would make the student's identity easily traceable. (34 CFR 99.3) Adult student is a person who is or was enrolled in school and who is at least 18 years of age. (5 CCR 430) Parent/guardian means a natural parent, an adopted parent, or legal guardian. (Education Code 49061) School officials and employees are officials or employees whose duties and responsibilities to the District, whether routine or as a result of special circumstances, require that they have access to student records. A legitimate educational interest is one held by officials or employees whose duties and responsibilities to the district, whether routine or as a result of special circumstances, require that they have access to student records. County placing agency means the county social service department or county probation department. (Education Code 49061) Changes to Student Records No additions except routine updating shall be made to a student's record after high school graduation or permanent departure without prior consent of the parent/guardian or adult student. (5 CCR 437) Only a parent/guardian having legal custody of the student or an adult student may challenge the content of a record or offer a written response to a record. (Education Code 49061) (cf. 5125.3 - Challenging Student Records) Retention and Destruction of Student Records All anecdotal information and assessment reports maintained as student records shall be dated and signed by the individual who originated the data. (5 CCR 431) The following mandatory permanent student records shall be kept indefinitely: (5 CCR 432, 437)

Name and address of parent/guardian of minor student a. Address of minor student if different from the above b. Annual verification of parent/guardian's name and address and student's residence (cf. 5111.1 - District Residency) (cf. 5111.12 - Residency Based on Parent/Guardian Employment) (cf. 5111.13 - Residency for Homeless Children)

Entrance and departure date of each school year and for any summer session or other extra session

Subjects taken during each year, half-year, summer session, or quarter, and marks or credits given (cf. 5121 - Grades/Evaluation of Student Achievement)

Verification of or exemption from required immunizations (cf. 5141.31 - Immunizations)

Date of high school graduation or equivalent Mandatory interim student records, unless forwarded to another district, shall be maintained subject to destruction during the third school year following a determination that their usefulness has ceased or the student has left the District. These records include: (Education Code 48918, 51747; 5 CCR 432, 437, 16027)

Parent/guardian authorization or denial of student participation in specific programs

Results of standardized tests administered within the past three years (cf. 6162.51 - Standardized Testing and Reporting Program) (cf. 6162.52 - High School Exit Examination)

Written findings resulting from an evaluation conducted to determine whether it is in a student's best interest to remain in independent study (cf. 6158 - Independent Study) Permitted student records may be destroyed six months after the student completes or withdraws from the educational program, including: (5 CCR 432, 437)

Any other rights and requirements set forth in Education Code 49060-49078, and the right of parents/guardians to file a complaint with the United States Department of Health, Education, and Welfare concerning an alleged failure by the district to comply with 20 USC 1232g

A statement that the District forwards education records to other agencies or institutions that have requested the records and in which the student seeks or intends to enroll Regulation SEQUOIA UNION HIGH SCHOOL DISTRICT approved: December 10, 1997 Redwood City, California revised: August 8, 2007 Students E 5125(a) STUDENT RECORDS Acceptable Encryption Algorythm Standards Purpose The purpose of this exhibit to Board Policy 5125, Student Records, is to provide guidance which limits the use of encryption to those algorithms that have received substantial public review and have been proven to work effectively. Additionally, this exhibit provides direction to ensure that federal regulations are followed, and legal authority is granted for the dissemination and use of encryption technologies outside the United States. Scope This exhibit applies to all Sequoia Union High School District employees and affiliates. Guidelines Proven, standard algorithms such as AES, Blowfish, RSA, RC5, and IDEA should be used as the basis for encryption technologies. These algorithms represent the actual cipher used for an approved application. For example, Network Associate's Pretty Good Privacy (PGP) uses a combination of IDEA and RSA or Diffie- Hellman, while Secure Socket Layer (SSL) uses RSA encryption. Symmetric cryptosystem key lengths must be at least 128 bits. Asymmetric crypto-system keys must be of a length that yields equivalent strength. Sequoia Union High School District’s key length requirements will be reviewed annually and upgraded as technology allows. The use of proprietary encryption algorithms is not allowed for any purpose. The export of encryption technologies is restricted by the U.S. Government. Residents of countries other than the United States should make themselves aware of the encryption technology laws of the country in which they reside. Enforcement Any employee found to have violated these guidelines may be subject to disciplinary action, up to and including termination of employment. Definitions Proprietary Encryption is an algorithm that has not been made public and/or has not withstood public scrutiny. The developer of the algorithm could be a vendor, an individual, or the government. Symmetric Cryptosystem is a method of encryption in which the same key is used for both encryption and decryption of the data. Asymmetric Cryptosystem is a method of encryption in which two different keys are used: one for encrypting and one for decrypting the data, e.g., public-key encryption. E 5125(b) STUDENT RECORDS Application Service Provider Acquisition Purpose This document describes Information Security's guidelines for Application Service Providers (ASPs) that engage with the Sequoia Union High School District. Scope This guideline applies to any use of Application Service Providers by the Sequoia Union High School District, independent of where hosted. Guidelines Requirements of Project Sponsoring Organization The ASP Sponsoring Organization must first establish that its project is an appropriate one for the ASP model, prior to engaging any additional infrastructure teams within the Sequoia Union High School District or ASPs external to the company. The person/team wanting to use the ASP service must confirm that the ASP chosen to host the application or project complies with this guideline. The Business Function to be outsourced must be evaluated against the following:

The Sequoia Union High School District retains the right to terminate access to any Sequoia Union High School District system at any time without prior notice.

All data collected, printed and/or stored on any device owned or leased by the Sequoia Union High School District is the property of the Sequoia Union High School District.

The Sequoia Union High School District retains the right to amend its policy and/or rules at any time without prior notice.

Employees understand that they will be held liable for any financial damages resulting from their illegal use of the Sequoia Union High School District's computer network and/or it's administrative applications. ACCEPTABLE USE POLICY ACKNOWLEDGEMENT I, _____________________________________________ (print first and last name), have read and understand the above Terms and Conditions of Use and agree to abide by them. I further understand that any violations of the regulations above is unethical and may constitute a criminal offense. Should I commit any violation, I may be subject to disciplinary action, from termination of technology access privileges up to termination of employment. Appropriate legal action may also be taken. Signature of User: ____________________________________ Date: _______________________ Name (print): ________________________________________