Superintendent Bill Olsen on May 28, 2014

Security of Student Information Discussed

The following is Part One of an overview from the May 28, 2014 School Committee meeting. For Part Two, click here.

Video of the meeting will be available on the Westford CAT website.

7:30 p.m. – The meeting began with recognitions from Superintendent Bill Olsen and Chairman David Keele.

School Committee members Terence Ryan and Angela Harkness were not present, although Harkness arrived at 7:39.

7:39 p.m. – During Superintendent Olsen’s update, he thanked Day School principal Kevin Regan for appearing with him on public access television and praised him and his team for work they have done related to math. He later announced that the Day School has raised $28,000 for new technology.

Olsen also thanked the East Boston Camps for restricting access in the near future for safety reasons.

A decision will be made before the end of June whether the school district will go with the PARCC or MCAS assessment test next year, which will require School Committee approval.

Olsen also thanked Annette Cerullo regarding the graduation of Genevieve Johnson from Westford Academy. Johnson dropped out of high school in 1936 to work during the Great Depression.

Superintendent Bill Olsen on May 28, 2014

Superintendent Bill Olsen on May 28, 2014

7:48 p.m. – School Committee member Erika Kohl asked the board regarding the date of the Superintendent’s evaluation, noting that it will be later than the second week of June.

Keele noted that there will likely be a special meeting specifically for that evaluation.

Harkness updated the board on a $100,000 grant for the East Boston Camps and thanked Assistant Superintendent Christine Francis for her information regarding to PARCC.

School Committee member Margaret Murray echoed the congratulations to Johnson and asked for more information on the fundraising efforts at the Day School, which was provided by Regan.

7:51 p.m. – Regan returned to to discuss Elementary School student handbook approval along with Nabnasset School principal Susan Dubois.

Dubois told the board about a variety of updates ranging from indoor recess for when bears are reported near schools to a redo of the food services policies.

This past year was the first year the Grade 3 to 5 schools were made in electronic formats.

Kohl asked the principals about a revision regarding withholding recess as a disciplinary measure.

Regan said that when a student breaks a code of conduct, various steps are taken such as having lunch in the office or withholding office, although it is a step not taken lightly, and it is not done for an extended number of days.

Kohl asked if ADHD had a factor, with Regan saying changes in behavior are taken into account, and Olsen adding that it is always seen as a last resort in extreme circumstances and students’ civil rights are always taken into account.

Keele made a motion to approve the changes to the student handbook, it was approved unanimously.

7:58 p.m. – Westford town technology director Mike Wells began a presentation on Phase 3 of WISP (Westford Information Security Policy)

All data was divided into categories ranging from Level 0, or public information to private information at Level 3, saying that Level 2 and 3 information should not be e-mailed or faxed and that along with Lucy Smith, Wells identified 177 different data collections at Level 2 or Level 3 in the School Department.

Wells said that not all medical data, such as allergic reactions, are not Level 3.

The Selectmen and town counsel have approved the WISP following a multi-year process, and now the policy has hit its implementation stage throughout town government, including the schools.

The question at hand is how to incorporate the approved guidelines into all the town’s departments and how departments can continue to conform to it.

Sustaining the policy also requires the IT department to be able to encrypt data if needed and document exceptions where needed.

The creation of a handbook documenting implementation of the policy and what is sensitive information so school department employees can properly follow the policy.

In response to a question from School Committee member Tom Clay, Wells said that the policy was related to a series of security issues as well as coming into compliance with state regulations.

School Committee member Arthur Benoit asked if there were any policies on good passwords, preventing things such as birthdays and names.

Wells said these policies were in place and there are actually state standards regarding password strength.

Kohl asked Wells about his role in implementation, which Wells said he came into by default, although much of the implementation of the policy is not IT related.

Kohl then asked if there should be a committee, with Wells agreeing, saying on the town side there was a broad group of employees to help implementation.

Olsen said that the school department deals with a significant amount of sensitive information and discussed Mike’s role in implementation.

Kohl said that there may be a need for non-school information security personnel to help implement the policy.

Murray asked if there was any possibility of merging databases, with Wells saying that some data was removed due to the town not needing to keep it, such as checks.

Murray then asked if there was a breach of information, what the response would be.

Wells said that under state law, the owners of the data and the attorney general would need to be informed and an effort would need to be made to recover the data. However, there was no elaboration other than how an employee can act once this occurs.

Murray said that a notification on the board level should happen if a breach occurs.

Lastly, Murray asked if there was a check-off list regarding certain issues with technology, and he was curious if that was all online.

Wells said it was all on paper, but if there was value in putting it online, it would be put there.

Murray thanked Wells for his efforts and said that IT departments are often understaffed and urged the elimination of paper data.

Olsen then said that one of the biggest issues is staff members who leave data on laptops and then leave them in cars, where they can be stolen.

Wells said that over 50 percent of breaches come from theft, and that under 20 percent of breaches come from hacking.

Benoit asked about a “common desktop” that would prevent the need for data to be kept on a single device, with Wells responding that it was difficult due to the vast amount of Mac users, however he noted that the goal is to place data on a secure service rather than removable drives whenever possible.

Benoit said that the school district needs to look at things differently to secure data, and that he is guilty of the same types of behaviors.

Kohl asked what the next step is in implementation and that she hoped that full implementation could occur by early next year. Olsen said he would bring a plan in place and asked Wells to return at some point.