• Data Security and Privacy

     
     
    In the Public Schools of Brookline, we care deeply about safeguarding the privacy of student, staff, and family information. We work closely with all vendors to ensure that their confidentiality and security practices meet or exceed industry standards and adhere to the expectations contained in the federal Family Education Rights and Privacy Act (FERPA), Children’s Online Privacy Protection Act (COPPA), and Protection of Pupil Rights Amendment (PPRA).
     
     

    What are FERPA, COPPA, and PPRA? 

    The Family Educational Rights and Privacy Act (FERPA) is a federal law that affords parents the right to have access to their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records.  When a student turns 18 years old, or enters a post-secondary institution at any age, the rights under FERPA transfer from the parents to the student. Further information can be found here.
     
     
    The Protection of Pupil Rights Amendment (PPRA) is a federal law the specifically requires parental consent for student surveys that ask about particular and sensitive topics or behaviors, including political affiliations, illegal behavior, sex attitudes, or income. Further information can be found here.
     
     
    The Children’s Online Privacy Protection Act (COPPA) is a federal law that protects the online privacy of children under the age of 13. COPPA imposes requirements on operators of websites or online services regarding the collection and use of personal information about children. Further information can be found here.
     
     

    FERPA Annual Notice

    The Public Schools of Brookline is required to provide notice to all parents and students regarding their rights under FERPA. The Annual FERPA Notice is available here.
     
     

    Directory Information

    FERPA allows the PSB to release certain information (known as “directory information”) about students without parental consent. Directory information is information that is generally not considered harmful or an invasion of privacy if released. The Directory Information Notice is available here.
     
     
    The primary purpose of directory information is to allow the District to celebrate the accomplishments of its students by sharing information with the community. This may take the form of, among other things, press releases to the local media, public announcements at School Committee meetings, and the posting of information on social media (including Twitter, Facebook, and official district websites).
     
     
    Directory information can also be disclosed to outside organizations without a parent’s prior written consent. Outside organizations include, but are not limited to, companies that manufacture class rings or publish yearbooks, colleges and universities, and scholarship providers. Additionally, the Federal Elementary and Secondary Education Act requires the District to provide all branches of the military with names, addresses, and telephone listings for students unless parents/guardians have advised that they do not want this information disclosed for this purpose.
     
     
    If you do not want the Public Schools of Brookline to disclose directory information from your child’s education records without your prior written consent, you must notify the District. You can do this in two ways:
     
    1. Complete the Data Verification process for your child through the Aspen Parent Portal. Instructions are available for the Data Verification process here.
    • Log in to Aspen and initiate the Contact Verification workflow
    • Towards the bottom of the workflow, you will be asked to update your child's permissions and consents.
    • Check off each item for which you do not grant permission for directory information to be disclosed
    2. Complete the following form and return it:
    • Via email to datateam@psbma.org
    • Or via mail to:
      Public Schools of Brookline
      Office of Strategy and Performance
      333 Washington Street, 5th Floor
      Brookline, MA  02445 
     

    Data Partners, Tools, and Applications

    The district uses the following tools and applications to collect, maintain, and aggregate student, staff, and operational data and information:
     
     
    Aspen Student Information System is used to collect and maintain all student data, including demographics, contact information, grades and outcomes, course enrollments, student schedules, attendance, discipline, IEPs, program participation,  and parental consents. 
     
    Destiny Library Management System is used to maintain our library assets and to manage students’ and staff members’ access to those resources. 
     
    Naviance is a high school guidance tool that enables counselors and students to manage college entrance test scores (SAT, ACT) and college applications.
     
    NutriKids is used by the Food Services Department to manage students’ lunch accounts, cafeteria operations, and menu planning.
     
    Registration Gateway is the district’s online registration portal for new and returning families to complete their registration paperwork online from any computer.
     
    Canvas Learning Management System is in use at the high school and across some grade levels in our K-8 schools. It is used by teachers and students to manage assignments and homework within and outside of the classroom. 
     
    Health Office Anywhere is used by the school nurses to manage students’ medical records. 
     
    BlackBoard Connect enables schools and the district to quickly notify families and staff about important information via telephone or email.
     
     • Google education applications are used by students and staff for individualized learning, collaborative work, and document sharing. 
     
     

    Data Security 

    Employees that are granted access to student records are provided this access on a “need to know” basis. Role-based permissions are utilized to ensure that everyone has just the amount of access that they need to do their job well. All database access is password-protected and updated routinely. All vendors must provide statements to document that they meet the highest standards for data privacy and technology security.