Campus Links

Cybersecurity and Data Privacy

Data Privacy PolicyGoose Creek CISD has taken action to ensure that all student data is handled securely and in compliance with all state and federal legislation. Through rigorous processes and high standards of compliance, our goal is to not only abide to state and federal law, but to provide students, parents, and our community with the resources and information needed to protect student privacy. This is accomplished by a process of continual improvement of security practices. The district employees the principle of least privilege and role based security to ensure that data is only accessed by those that have a legitimate educational purpose. A multi-layered defense is also employed to ensure that your data remains protected. As the technology landscape is constantly changing, these processes are reviewed at least annually to make sure they are still relevant and provide strong protection. In an effort to achieve these goals, the Goose Creek CISD Technology Department seeks to implement the following programs:

 

  • Trusted Learning Environment Seal Program - The CoSN Trusted Learning Environment (TLE) Seal program is the nation’s only data privacy framework for school systems, focused on building a culture of trust and transparency. The TLE Seal was developed by CoSN in collaboration with a diverse group of 28 school system leaders nationwide and with support from AASA, The School Superintendents Association, the Association of School Business Officials International (ASBO) and ASCD. School systems that meet the program requirements will earn the TLE Seal, signifying their commitment to student data privacy to their community. TLE Seal recipients also commit to continuous examination and demonstrable future advancement of their privacy practices.

    CoSN has awarded the Trusted Learning Environment (TLE) Seal to Goose Creek Consolidated Independent School District (GCCISD) in 2022 and 2024. The TLE Seal is a prestigious national distinction that school districts earn for demonstrating a commitment to protecting student data through modern, rigorous policies and practices.

    TLE Seal thru August 2026


  • Texas Cybersecurity Framework - The Texas Cybersecurity Framework is a self-assessment to determine cybersecurity risks. While local governments and K-12 organizations are not required to submit a Cybersecurity Plan to the State, using the framework helps to align security goals and practices with other government entities and institutions of Higher Education across the State of Texas.

 

The district uses data to support a variety of processes throughout the district including supporting student learning, evaluating teachers, improving instructional and operational practices, and complying with various state and federal requirements. For more information on who uses student data, see this infographic.


GCCISD uses many applications to encourage learning through innovation. See this page for more information on approved/denied applications and the process for requesting a free or paid app.

 

Website Privacy Policy: Goose Creek Consolidated Independent School District (Goose Creek CISD or GCCISD) is committed to respecting and protecting your privacy as a visitor to our websites. This includes the Here, We Grow Giants site. We will only collect, store and use your personal information for defined purposes. Goose Creek CISD values accountability and transparency at all levels including ensuring that student data privacy and security are a top priority. For more information on what data is collected as well as records management, see the Data Governance tab.

Student Data Collection and Security Fact Sheet

Employee Data Privacy Handbook

Data Governance Guidelines

* Handbooks, procedures and guidelines are reviewed at least annually to provide updates that align with changes in laws/regulations and the constantly changing technology landscape. 

 

Sharing Data with Vendors/Third-Parties

Goose Creek CISD takes the privacy of both student and staff data very seriously. Before procuring services or contracting with a third-party, a security risk assessment is performed. Much like a credit score is used in the lending process, a security risk score can reveal risks that a company would present and the likelihood they would suffer a data breach or other security incident. Goose Creek continuously monitors these third-parties in order to manage any risk that may occur and take appropriate proactive measures to keep district data secure. Secondly, if data will be shared with a vendor/third-party, a signed Data Privacy Agreement MUST be in place before a contract is signed. The current Data Privacy Agreement in use is the TX_NDPA_v1r6.

 

Records Management Board Policies

CPC (LEGAL) - OFFICE MANAGEMENT: RECORDS MANAGEMENT

CPC (LOCAL) - OFFICE MANAGEMENT: RECORDS MANAGEMENT

FL (LEGAL) - STUDENT RECORDS

FL (LOCAL) - STUDENT RECORDS

*Board Policy is reviewed regularly to ensure that they align with all current laws and regulations.

GCCISD Resources

 

For Teachers

Make sure you identify which students have restrictions on what their personal information and pictures can and cannot be used for by running the following report.

Security Tips - How to Handle Sensitive Information
06/27/2024
Handling Sensitive Information

Sensitive information, including confidential information or information that is for internal use only, should be handled with care. A lot of times, your organization’s sensitive information may include information such as intellectual property, trade secrets, or security configurations.

It’s important to take caution when handling this information so that you can protect yourself and your organization from cybercriminals. Follow the tips below to help protect sensitive information:


Properly Dispose of Documents

When you no longer need to use a document, make sure that you properly dispose of it. Instead of placing a document in a trash bin, use a shredder to shred the document. If you place a document in a trash bin, cybercriminals can easily search through the bin and find the document. Then, the cybercriminals can easily read and steal any sensitive information on the document.


Clean Your Desk

Look around your desk. How many documents are laying on your desk, available for someone to grab or view? Be sure to clean your desk to protect sensitive information. If you’re not using documents, put them away in locked drawers. Cybercriminals could impersonate maintenance staff and cleaning crews to steal documents off of your desk after work hours.


Encrypt Your Digital Documents

Does your organization give you a laptop or other electronic device to use for work? What would happen if that laptop or other device was missing or stolen? All the documents on the device could easily be read, copied, or sold. To prevent cybercriminals from accessing and stealing your documents, consider encrypting sensitive documents. If your documents are encrypted, cybercriminals will be less likely to read them. If you suspect that sensitive documents have been lost or stolen, immediately tell your manager.


If your organization's sensitive information was stolen or lost, your organization could be at risk of paying fines and losing trust. Protect your organization's sensitive information like you would protect your own social security number, credit card information, or healthcare information.


Scam Of The Week: School Board Election Phishing
06/26/2024

No one is immune to being targeted by phishing attacks. In this week’s scam, cybercriminals targeted candidates in a local election. During any election season, many candidates post information about themselves online or on social media sites. Scammers can use this information to craft targeted attacks on the candidates. In the specific attacks mentioned below, the scammers pretended to be another election candidate. This type of attack is known as Business Email Compromise (BEC).

In one of the attacks, the scammers emailed an election candidate. In the email, they impersonated someone else who was also running for election. The scammers explained that they needed the victim to purchase $500 in Apple gift cards and send them via email. When this didn’t work, the scammers later sent a separate email that appeared to come from DocuSign. This email contained an attachment that directed the victim to a fake login screen that prompted them to enter their user credentials in order to continue. If the victim had fallen for either of these scams, the scammers would have been able to steal both money and login credentials from the victim.
 
Follow these tips to avoid falling victim to a BEC scam:

  • Be wary of any unsolicited emails or calls asking you to buy gift cards or transfer money, even if they appear to be from someone you know. Verify the request through another channel before acting.
  • Be extra vigilant during high-profile events like elections when scammers may increase phishing attempts.

Remember, the information that you post online is publicly available for anyone to see. Scammers can use this information to target you with more realistic phishing attacks.


Security Tips - The Dangers of Using Messaging Apps on Work Devices
06/12/2024

Messaging apps such as WhatsApp, Discord, and WeChat are a great way to keep in touch with friends and family. But not all messaging apps are safe to use on your work device. Unapproved messaging apps may contain vulnerabilities that cybercriminals can exploit. If the cybercriminals are successful, they could gain access to your organization's network and other sensitive information.


Receiving Messages from Cybercriminals

Cybercriminals can use these apps to send you messages that contain malicious links or attachments. The messages may promise free items, inform you about an overdue bill, or prompt you to download an attachment for work. If you click the links or download the attachments, you may unknowingly download malware on your work device!


Third-Party Apps with Hidden Features

Cybercriminals can also create third-party apps to change your messaging app experience, such as making the app pink. While the third-party app may actually make your app pink, it can also grant cybercriminals access to your device. Once cybercriminals gain access, they can view any organization information on your device. 


What Can I Do to Stay Safe?

Follow the tips below to protect yourself and your organization from these types of scams:

  • It's best to keep work and personal use separate. Only use work devices for tasks required by your job.
  • Follow your organization’s policies on downloading apps on work devices. If you’re unsure, learn who to contact for guidance.

Never share personal or sensitive information through unsecured apps. Be especially cautious if you don’t know the person messaging you.


Privacy & Security Discussion Topic Ideas


Phishing Emails
- Have you noticed any phishing emails to share with others? What clues did you notice that made you aware that it was not legitimate? How should these emails be reported? Should general SPAM be reported as Phishing?

Social Engineering
- Have you received phone calls using social engineering techniques trying to get you to give information to someone that you do not know? What did you do to verify their identity before sharing information?

Current Events
- What are some recent cyber attacks or data breaches in K-12 from news sources? How we can better be prepared to prevent a similar attack at Goose Creek CISD?
- What recent cybersecurity/data privacy news have you seen and how could it impact us?
- What are upcoming/recent laws or regulations around privacy and cybersecurity that would impact Goose Creek CISD?

Applications & 3rd Party Systems
- Have you used a new app, program, or website lately? Did you make sure you knew what data is being collected/transmitted and if it is being protected? How did you verify?
- Why is it important to vet our applications for security, privacy, or content concerns?
- Thinking about using a new app? Discuss the vetting process and assign someone to submit it for review.

Data Privacy Webpage
- What data do you collect on students? Review the Data Fact Sheet.
- Review resources on Data Privacy site

Data Breach Notice
- If you became aware of a potential data breach, who would you notify?
- What is the role of the District's cybersecurity coordinator? Who is this at Goose Creek CISD?

Data Privacy Curriculum
- How are you implementing data privacy in your classrooms?
- How do you integrate the Digital Citizenship Curriculum in your classrooms?
- What discussions have you had with students, parents, teachers, or staff about privacy/security?

Disaster and Recovery
- How do we protect data when in a disaster (fire, flood, hurricane, cyber attack, school shooting, etc)?
- How would we recover from a disaster and is that documented?

Cybersecurity and Privacy Training
- Has everyone completed the required trainings on Cybersecurity and Privacy?
- What is something each person learned from the Texas Cybersecurity training.
- What is Board Policy CQB and why is it important?

Handbooks

Employee Handbook

Student Handbook (English)

Student Handbook (Spanish)

* Handbooks, procedures and guidelines are reviewed at least annually to provide updates that align with changes in laws/regulations and the constantly changing technology landscape. 

 

Board Policy

CQB - Cybersecurity

*Board Policy is reviewed regularly to ensure that they align with all current laws and regulations.

 

Laws/Regulations

FERPA - Family Education Rights and Privacy Act

PPRA - Protection of Pupil Rights Amendment

COPPA - Children's Online Privacy Protection Act

CIPA - Children's Internet Protection Act

 

GCCISD Resources

Employee Data Privacy Handbook

Third-Party Data Privacy Video

Agenda Discussion Topics

Security Access Procedure

GCCISD Digital Safety

Digital Citizenship Curriculum

 

Are you considering an application?

Is the app already approved or denied?

 

You must follow the approval process to request apps for student use. Teachers may research apps they wish to use. Consider the resources below before using a third-party application (website or app). If you feel the app is a good candidate, please follow the approval process listed below or on the Ed Tech webpage.

  1. First ask yourself these questions:
    Checklist for Choosing Tools Worth Your (and Your Students') Time
    Educational App Evaluation Checklist

  2. Second make sure you understand how the data is being used. To protect student data as well as the security of other district systems, you need to understand the importance of App Vetting. Things to look at are the privacy policy, is the data encrypted, can you request deletion of data, is the data strictly used for educational purposes, is the data protected, is the app appropriate for the targeted age group, etc.
    What is App Vetting and Why is it Important?
    Vetting Apps Across the District (RED FLAGS to watch out for)

 

Vetting Process

iPad App Approval Video HOW-TO

iPad App Approval Process

iPad App Approval Workflow

 

Data Privacy

Educator's Guide to Student Data Privacy

Protecting Student Privacy While Using Online Educational Resources

Privacy Basics - Facebook

Privacy Basics - Twitter

 

Laws, Regulations and Standards

COPPA 101

FERPA 101

ISTE Standards for Modeling Digital Citizenship

 

Ransomware

Ransomware References for IT Staff

Ransomware References for Teachers and School Administrators

Press ENTER key to focus on the active panel