5556.10 | Definitions

  1. Administrative Security. Consists of policies, procedures, and personnel controls including security policies, training, and audits, technical training, supervision, separation of duties, rotation of duties, recruiting and termination procedures user access control, background checks, performance evaluation, and disaster recovery, contingency and emergency plans. These measures ensure that authorized users know and understand how to properly use the system in order to maintain security of data.
  2. Aggregate Data. Collected or reported at a group, cohort, or institutional level and does not contain personally identifiable information (PII.)
  3. Data Breach. Unauthorized acquisition of PII.
  4. Logical Security. Consists of software safeguards for an organization’s systems, including user identification and password access, authenticating, access rights, and authority levels. These measures ensure that only authorized users are able to perform actions or access information in a network or a workstation.
  5. Personally Identifiable Information (PII). Includes a student’s name; the name of a student’s family; the student’s address; the student’s social security number; a student education unique identification number or biometric record; or other indirect identifiers such as a student’s date of birth, place of birth or mother’s maiden name; and other information that alone or in combination is linked or linkable to a specific student that would allow a reasonable person in the school community who does not have a personal knowledge of relevant circumstances, to identify the student.
  6. Physical Security. Describes security measures designed to deny unauthorized access to facilities or equipment.
  7. Student Data. Data collected at the student level and included in a student’s education record.
  8. Unauthorized Data Disclosure. The intentional or unintentional release of PII to an unauthorized person or untrusted environment.