Digital Privacy in FCPS
Fairfax County Public Schools is committed to providing access to digital resources in a manner that respects and protects student privacy while maximizing learning opportunities for our students.
Digital Citizenship Strategies and Practices
FCPS takes a detailed approach to digital privacy. This approach includes:
- Training teachers and students to be good digital citizens.
- Putting in place Privacy Information Security Strategies and Practices.
- Following a process to identify, evaluate, and approve Instructional Technology.
Digital Citizenship topics include
- Media Balance and Well-being
- Privacy and Security
- Digital Footprint and Identity
- Relationships and Communication
- Cyberbullying, Digital Drama and Hate Speech
- News and Media Literacy
Educating Students
FCPS supports students through specific digital citizenship lessons and instruction that is embedded within their content curriculum. Teachers work to develop student skills and dispositions for being a good digital citizens by:
- planning learning experiences that give students the opportunity to be empathetic and socially responsible online citizens
- promoting student behaviors that encourage curiosity as they critically identify/examine online resources
- mentoring students in safe, ethical, and legal use of digital resources, including intellectual property.
All Fairfax County Public School staff have access to the K-12 Common Sense Media Digital Citizenship student curriculum, a variety of student interactives, and many additional resources to support instruction. All lessons are aligned to content curriculum, social emotional learning competencies, and Portrait of a Graduate attributes so that they can be easily embedded into content instruction, morning meeting, or advisory periods.
Visit the FCPS Digital Citizenship webpage for more information. For specific information about how your student is being taught Digital Citizenship, please contact your student’s school.
Instructional Technology Identification, Evaluation, and Approval
FCPS Regulation 3008 outlines the procedures for the identification, evaluation, and approval of educational technology products. The regulation
- describes the review process
- outlines the responsibility of the Instructional Services Department to conduct instructional reviews
- outlines the responsibility of the Department of Special Services to conduct assistive technology reviews
- outlines the responsibility of the Department of Information Technology to perform technical reviews.
Results from the review process for educational technology products are housed in the FCPS Digital Ecosystem Library (DEL). The DEL is available to both the public and FCPS staff. The DEL will inform staff of any conditions for use - including if the platform requires parent/guardian consent to use with students. The Department of Special Services uses the same review process outlined in Regulation 3008 and adds instructional resources for students with special needs to the DEL. For non-contracted products, the Department of Information Technology performs a technical assessment to validate the product can be securely accessed and adheres to appropriate technical security standards.
Privacy Information Security Strategies and Practices
FCPS provides extensive systems resources that manage student information in direct support of the learning process and the administration of instruction. Some major systems that maintain student information include the learning management system (Schoology), the student information systems (SIS, SASI, and SEA-STARS), the data warehouse (EDSL), and educational assessments (eCART). We believe in protecting the confidentiality, integrity, and availability of the student information in accordance with the value and risk of the data.
There is a trade-off between access to student information and the risk of unauthorized use—the more accessible student information is to more users, the greater the risk of unauthorized disclosure. To mitigate this risk, FCPS implements a comprehensive information security program to protect student information encompassing physical, network, systems, procedural, and user security (FCPS Information Security Policy—Regulation 6225):
a. Physical Security
The Network Operations Center (NOC) provides a secure, environmentally-controlled, and fire-protected facility that houses the servers, storage, and network communications systems that support the systems with student information. The NOC staff control, log, and audit access to the facility. The NOC staff monitor and staff the facility 24-7-365. System sponsors complete disaster recovery and business continuity plans for all systems. NOC staff execute backup and recovery procedures.
b. Network Security
FCPS implements a “defense-in-depth” network security model at core, distribution, and access layers of the FCPS network not only to prevent and detect intrusions, but also to ensure that network bandwidth is available for mission-critical educational applications. System administrators maintain and monitor enterprise firewall, perimeter access, intrusion prevention and detection devices, wireless authentication and encryption, and malware detection software. FCPS also implements and maintains the Internet access filter to comply with federal and state laws.
c. Systems Security
Sponsors of FCPS information systems ensure that proper controls are in place to address the integrity, confidentiality, and availability of systems and information. FCPS staff adheres to the “need-to-know” principle and implements a wide-range of security safeguards to control the access to student information, such as role-based security, unique user account, strong password requirement, and account management process.
d. Procedural Security
All students and parents must review the Acceptable Use Policy (Regulation 6410). FCPS conducts evaluations for all products using student information and conducts information security audits periodically. FCPS also establishes processes and procedures for student information retention, disclosure, and destruction practices (Regulation 2701).
e. User Security
All FCPS staff annually review Acceptable Use Policies and view the Computer Security Basics video on best practices. All users of the student information systems receive training (including security training) on the use of these systems. All Information Technology staff sign an additional confidentiality statement for the protection of personally identifiable information.
f. Contracted and Non-Contracted Cloud-based Application Security
In cases where FCPS contracts with a vendor to host student information externally, FCPS requires that the vendor adhere to the security requirements specified in a confidentiality addendum included in their contracts. This addendum identifies their responsibilities as a "school official" as defined by FERPA, includes requirements to safeguard FCPS information and obligations to remediate security breaches.
Many popular and valuable supplementary instructional tools are available not through contracts, but rather through Terms of Service (TOS) and include both free and paid tools. FCPS conducts technical evaluations for all products using student information (Regulations 3008 and 6710). For these supplementary tools, FCPS follows best practices identified by the Department of Education and the Federal Trade Commission by having a process for reviewing and approving technology at the District level. In 2014, FCPS was commended by U.S. Secretary of Education Arne Duncan for its application review process.
Federal and Local Laws, Policies, and Regulations
FCPS Regulations and Policies
- Student Rights & Responsibilities
- Appropriate Use of Resources R6410
- Privacy P1503, R2701, P2730
- Copyright R1425
- Selection and Use of Digital Tools R3007, R3008, and R6710
- FCPS Information Security Policy R6225