File: EHC* - Safeguarding Personal Identifying Information File: EHC* - Safeguarding Personal Identifying InformationNOTE: Colorado school districts are required by law to adopt a policy on this subject and the law contains some specific direction as to the content or language. This sample contains the content/language that CASB believes best meets the intent of the law. However, the district should consult with its own legal counsel to determine appropriate language that meets local circumstances and needs.
The Board is committed to protecting the confidentiality of personal identifying information (PII) obtained, created and/or maintained by the district. The Board directs district staff to safeguard PII in accordance with this policy, other Board policies concerning the creation, use, storage or destruction of PII, and applicable law.
The district shall implement and maintain reasonable security procedures appropriate to the nature of the PII to protect against unauthorized access, use, modification, disclosure or destruction. The district shall require third parties that create, maintain and/or obtain PII to also maintain reasonable security procedures appropriate to the nature of the PII designed to protect against unauthorized access, use, modification, disclosure or destruction.
The district shall ensure that records containing PII are appropriately destroyed when no longer needed and in such a manner as to make the PII unreadable or indecipherable, unless such record is required to be retained by applicable law.
In the event of a security breach, as that term is defined by state law, the district shall conduct a prompt investigation to determine the likelihood that personal information has been or will be misused and notify those Colorado residents affected by the breach, the Colorado Attorney General's office and consumer reporting agencies, in accordance with the notification and timeline requirements of state law.
LEGAL REF.: C.R.S. 24-73-101 et seq. (consumer data privacy laws applicable to governmental entities, including school districts)
CROSS REFS.: EGAEA, Electronic Communication
EHB, Record Retention
GBJ, Personnel Records and Files
JRA/JRC, Student Records/Release of Information on Students
JRCB*, Privacy and Protection of Confidential Student Information
COLORADO SAMPLE POLICY 2019