ITR005 – Forensic Request Rule
Purpose
This Information Technology Rule defines the parameters for forensic requests of student or employee data.
Forensic Requests
A forensic request is defined as a request for data about a user’s activities, files, email, or other information for the purpose of investigating potential behavioral infractions or other investigatory requests such as Public Records requests.
Exceptions
Reports containing anonymized or aggregated information are not subject to this rule. Reports and information gathered and used by Computing Services in troubleshooting service problems, implementing services, or improving services are also exempted from this rule.
Determine Feasibility
Requestors may begin a forensic request by working with Computing Services to determine the technical feasibility of the request. Information shared during this step must only be about generalized capabilities – no information about actual results can be shared.
Authorization
Forensic requests for student data must be authorized by the Director of Student Services, or by the Director of Security for cases regarding physical security. Forensic requests for staff data must be authorized by the Associate Superintendent for Human Resources or a designee that may be authorized under specific circumstances.
In some cases, when it is expected that data gathering may be a lengthy process, Computing Services staff may begin searches prior to receiving authorization. In such cases, no information from or about the search, including indications of success or failure may be shared with the requestor until confirming authorization is obtained.
Authorization must be provided via a recognized request workflow system, email or in writing and must include the parameters of the request. Authorization granted via the service request system will be logged and stored on that system and any other form of authorization will be stored on the service request system with the corresponding request.
Perform Search
Forensic requests are performed on a number of systems. Those systems, used in forensic searches, and their primary administrator are listed in ITR005P that is available to LPS administrative staff upon request.
Return Results
Results will be provided to the authorizing administrator and, for student data searches, to the requestor. All data related to the request, its authorization, parties to whom information was provided and method of information provisioning will be stored in the service request system.
What does this mean to me?
It is true that nothing students or staff do on district technology can be done in secret, or entirely obscured. However, no one gets access to records or logs of technology use without making a forensic request. Any request for student data must be authorized by the Director of Student Services, and requests for staff data must be authorized by the Associate Superintendent for Human Resources.
- Taxpayers have the right to request specific information about staff technology use in the form of a public records request. Keep this in mind when you send your emails and instant messages, type comments in those Google Docs, view those non-work web pages, or anything else you do on an LPS device. That information could be publicly disclosed, or read in a courtroom some day.
- Because taxpayer funds were used to pay for the technology, we should avoid using the technology (laptop, email, etc.) to support any political or religious viewpoints, or promoting anything that profits us financially.
- When valid Freedom Of Information Act (FOIA) requests are made by citizens, LPS must comply by providing that data. However, the data will be reviewed and any FERPA protected student information will be redacted prior to providing it to the public.
- As an employer, LPS reserves the right to investigate employee behaviors when necessary. Anything accessed (viewed,) created, or stored on your computer will be assumed to be your responsibility, because you should be the only person with access to your account.