Data Privacy

LPS cares deeply about protecting students. 

We go to great lengths to protect them physically. This is evident in many ways; secure entrances, background checks on staff members, regular drills to prepare for dangerous situations like tornadoes, fires, intruders, or other disasters, and much, much more.

It’s important to us that you also know that we also care deeply about protecting our students DIGITALLY. We go to great lengths to make sure that the interactions a student is having online are safe and appropriate, that the data we collect about them as they go through school is securely held, and that we are helping students to continue to make good digital decisions when they are not under our watchful eye. These digital efforts are often less visible than our physical security efforts, so we assemble the following information to increase awareness of these important measures that are happening in LPS every day.

If you are left with questions about our data security practices in LPS,  please reach out to us through ConnectNow by selecting Technology Services as your category.

ConnectNow
Data security padlock

Federal Statutes

There are many “layers” of digital protections that follow your student as they go through their day. It is easier to understand them if we break them down by layers of protection & caring. We will start with some Federal statutes that protect all children and their data in America.

FERPA

Family Educational
Rights and Privacy Act
20 U.S.C. § 1232g; 34 CFR Part 99

Protects the privacy of student education records. The law applies to all schools that receive funds from programs of the U.S. Department of Education. 

Learn more about FERPA

COPPA

Children’s Online
Privacy Protection Act
20 U.S.C. § 1232g; 16 CFR Part 312

Imposes requirements on operators of websites or online services that collect personally identifiable information from children under 13 years of age.

Learn more about COPPA

CIPA

Children’s Internet
Protection Act
47 U.S.C. § 254

Requires schools to have a web content filter limiting children’s access to obscene or harmful content and a plan to educate students on topics of digital citizenship.

Learn more about CIPA

Community Presentations

Computing Services is happy to present about the many different ways in which we strive to protect students digitally with the same level of effort we protect them physically. Much of the information on this page is contained in their presentation.

  • How LPS Cares for our Students in the Online World

If you are interested in having a Computing Services staff member share this slide deck with your teacher, parent or community group please reach out via the ConnectNow! tool and select “Technology Services.”

ConnectNow

District Initiatives

After addressing the Federal statutes we move closer to home. Following are a number of different school district initiatives, tools and supports to protect all of our students in LPS.

Chief Technology Officer

Computing Services (CS) is comprised of 60+ staff members grouped into functional work teams. Information security and IT governance are amongst the areas handled by our Chief Technology Officer (CTO).

Kirk Langer
Chief Technology Officer
klanger@lps.org
402-458-3131

Information Security Officer

As a testament to our commitment to data security in LPS, we were the first school district in Nebraska and one of the first in the country to hire a full time Information Security Officer (ISO).  Our ISO manages and oversees the use and security of LPS data, and plays a key role in the development and implementation of data security rules and guidelines.

Seth Ristow
Information Security Officer
iso@lps.org
402-458-3135

Board of Education Policies

The LPS Board of Education regulates professional performance and student expectations through Policies & Regulations that are enforced by the departments of the District and building Administration. LPS Policy around the digital safety & security of students is primarily found in the following areas:

Data Governance

The CTO coordinates the efforts of nineteen school and district committees who collectively contribute to the development of goals and principles that define how information technology rules, procedures, practices, resources and architectures are established, deployed, managed, secured and maintained.

Learn more about Data Governance

IT Rules & Procedures

LPS information technology rules (ITR) and information technology procedures (ITP) for staff members describe responsible use and/or expected behavioral norms related to District technology resources. All staff are expected to annually acknowledge that they have reviewed posted rules, procedures and practices.

Learn more about ITR/P

Instructional Technology Tool Selection

A strategic component of the ongoing data security work in LPS is an Instructional Technology Tool (ITT) evaluation process. Buildings and teachers who wish to use tools that use or store LPS student data must select a previously approved ITT, or request that the ITT committee review the new tool.

Learn more about selecting ITTs

The Matrix

The Matrix catalogs applications, extensions, websites and other digital tools reviewed by the District ITT Evaluation Committee. This matrix provides school leaders and teachers with additional information connecting research-based instructional strategies, tool functionality and curricular connections. After identifying an instructional need, teachers and school leaders are encouraged to review the LPS ITT Matrix when considering Instructional Technology Tools.

View the LPS ITT Matrix

The Portal

In an effort to make it easier and more secure for teachers to get students logged in to those web services, the district has set up the student Chromebooks to start at a site called “The Portal”. The Portal includes a button that takes students directly to approved web services, and passes their credentials to most services in a secure manner. 

Web Content Filtering

Based upon CIPA guidelines, LPS maintains and configures an “Internet Content Gateway” (aka: the web filter) that applies to all devices in LPS. Staff devices are filtered while on the LPS network. Student Chromebooks are filtered everywhere they go, including school and home use. Filter considerations include:

  • Gambling
  • Pornography
  • Sites that allow for circumventing of web filters (Anonymous Proxies)
  • Access to sites that directly support instructional objectives and outcomes.
  • Bandwidth maintenance
  • BoE Policy enforcement
  • Uncategorized sites
Learn more about web filtering

Single Sign-On

LPS has implemented an identity management environment that allows staff and students to use their LPS username and password to access approved ITT capable of Single Sign-On (SSO). Only ITT capable of SSO are approved, meaning that any ITT that requires students to manually “set up” an account may not be used. The reason for this ‘SSO only’ parameter is to significantly reduce the variability in ways that students login to services they need to use, thus creating greater security and decreasing wasted time in class with different logins & passwords.

Multi-Factor Authentication

One of the many steps LPS takes to better secure the data of our students and employees is multi-factor authentication (MFA). MFA is an extra step in the sign-in process whenever LPS staff are accessing tools while away from their building. They must successfully present two or more pieces of evidence (factors) that they REALLY are a person who should be able to access the system. The first factor is the username and password they usually use. The second factor is a one time code sent to a device they have registered with the District.


Phishing Education

The proliferation of “social engineering” attacks directed at staff members requires ongoing training on identity access. LPS attempts to provide natural training opportunities for staff about phishing and spam tactics. One way we do this is by delivering our own “phishing” messages to LPS employees that help us learn lessons about these tactics in a safe way.

Learn more about phishing

Building Processes

Each individual building has processes and expectations set & modeled by Principals and staff.  A few of the common ones are shared here. 

Parent Acknowledgement

Legally, parent permission is required before any device may be assigned to, or used by an LPS student. This includes all building technology and all access to online systems, with the exception of required LPS and state assessments. This is accomplished by asking parents to sign a “Parent Acknowledgement (PA) of Instructional Technologies” once each in elementary, middle, and high school during the enrollment or online registration (census form) process. 

The Parental Acknowledgement document serves some important purposes for LPS:

  • This acknowledgement is part of our agreement with the parents of the minors in our care regarding digital identity, data privacy, and information security at LPS.
  • It clearly indicates to parents that their child will be using devices in the school building that can access the internet.
  • The signature of the parent serves as the parent’s consent to allow LPS to manage which ITTs (Instructional Technology Tools) may gather PII (Personally Identifiable Information) about their child, per COPPA, FERPA, PPRA, and other Federal and State laws. 
  • Establishes that use of the devices is a privilege and students must demonstrate appropriate caution and responsibility when using them.

Digital Citizenship

LPS has a list of Key Concepts that are taught to all K-12 students from within the existing courses. Teachers use lessons, digital games, and other materials to help students tackle cyberbullying, internet safety, and other digital dilemmas head-on within common LPS classes. It includes materials from a number of sources, including Common Sense Media and Google’s ‘Be Internet Awesome’ program.

Learn more about the LPS Key Concepts in digital citizenship
Common Sense Media's Digital Citizenship Curriculum
Google's 'Be Internet Awesome' program.

Student Passwords

LPS stresses the importance of password security with students. If a student feels that another student knows their password, they should enter a help ticket and/or ask a trusted adult for help resetting their password IMMEDIATELY.

stuhelp icon

Student tickets can be entered by clicking the “StuHelp” button in the portal.

However, parents SHOULD have access to their minor student’s password so that they can sign in and see exactly what their student’s digital learning experience & tools look like.

Ask your student to share their password with you. Even better, ask them for a tour of the digital tools they use for school.

Contact your school to get your student’s password if needed.

Teacher Tools

LPS provides a number of teacher tools (and the training to use them) that can be used to monitor and maintain a safe classroom environment.

Responsible Use
Agreement (RUA)

Each student in LPS has access to a Computing Device. Use of the device is a privilege and students must demonstrate appropriate caution and responsibility when using it. Depending upon your grade level, this process looks different. The language and instructional processes used are age appropriate.

  • Kindergarten – 5th grade students review & sign an RUA each year (in age appropriate contexts) prior to using classroom Chromebooks. The RUA is used by teachers to frame proactive classroom discussions that instruct students about appropriate behaviors when using devices and network services in the classroom setting, as opposed to behaviors they may express when using devices in a personal (home) setting. Digital citizenship lessons also address student ownership of personal behaviors and the consequences that can arise from them.
  • 6th-12th grade students acknowledge the RUA each time they sign into their Chromebooks, along with digital citizenship lessons in various classes. You can review the RUA that secondary students abide by here.

The RUA serves to encourage alignment with PBiS protocols as a Tier-1 Universal Support for setting building expectations around the use of devices in all classroom settings across the building.

Hāpara

Hāpara Highlights is a Chromebook activity monitoring tool. It allows teachers to proactively set up an appropriate tab environment on student Chromebooks so that the whole class is looking at the right web page at the right time. It also features the ability to focus student work to specific browser tabs, as well as eliminating distractions during work time. 

PRIVACY NOTES:

  • Hāpara does not allow teachers or any other LPS staff the ability to control student Chromebooks when they are off of the LPS network.
  • Hāpara does not allow teachers or any other LPS staff the ability to access the camera on student Chromebooks.
Learn more about Hāpara in LPS

Safe Searching Tools

Not every search should be a “Google” search.

LPS Students and staff have access to a library of high quality digital content linked from your school building’s library media web page. This content is available from school or home.

Digital resources provided there are appropriate for emerging readers all the way through college bound students, including read-aloud and translation features.

Resources include…

  • eBooks (Fiction & Non-fiction)
  • Encyclopedias in three languages
  • Databases of periodicals, newspaper and reference resources
  • Streaming video, audio. newsreels, sound effects, music tracks, and images
  • Historical, genealogical and census information
  • Research bibliography and note-taking tools
Learn more about the digital resources provided by LPS

Zoom Meetings

You’ve probably heard some horror stories from the internet or national news broadcasts about “zoombombing” and other security concerns that come along with remote learning. You should know that LPS is not using the free version of Zoom, so we can set our students’ environment up to be more appropriate for our educational uses. This has been our practice for many years prior to COVID-19 related remote learning, and continues to be the case. For example:

  • Because of an integration with our student information system, student meetings are uniquely generated by period and require LPS credentials to join. 
  • Meetings begin with a waiting room enabled. This puts the teacher in control of who is admitted to their meeting room, and when.
  • Private chat between meeting guests (students) is turned off.  Students can chat with the host (teacher) but not with each other.
  • Screen sharing is limited to the meeting host (teacher). A teacher can choose to allow student screen sharing.

These changes (and a handful of others) dramatically reduce the likelihood that obscene disruptions could occur in our environment.

Constant Adjustments

LPS stays alert to Zoom’s recommendations around best practice for enterprises of our size and type. In consultation with our curricular and instructional specialists, we regularly adjust settings and update teaching staff with improved strategies to boost student engagement and maintain a secure learning environment.   

Enterprise Accounts

Staff who host Zoom meetings for LPS (with students, parents or with other staff) are required to use their LPS Zoom account. It is not optional. LPS provisions each staff member with a paid & licensed account that is part of our “enterprise” in Zoom. This strategy allows staff members to inherit security settings LPS has adjusted and provides features that do not come with free Zoom accounts.

Security in our Google Apps

Google Workspace for Education is the primary productivity tool set available to LPS students. All LPS students utilize Chromebooks for many learning opportunities.

Considering this, it is important that we look carefully at the security practices of Google and its services. 

Google refers to its set of services for schools as “Workspace for Education.” LPS licenses an upgraded version of this environment called “Education Plus.” Designed for teaching and learning, accounts in our LPS domain are managed by LPS administrators.

Below you will find commonly asked questions, as well as a list of resources that will allow you to look deeper into any issues of privacy or security on your own.

 

Privacy & Security Center
Terms of Service Agreement
Security Whitepaper
Guardian’s Guide to Privacy & Security

Education and personal (free) Google accounts are completely separate. Digitally and physically. All user data in our accounts is owned and managed by LPS, not Google.

School-issued accounts use ad-free Google Workspace for Education tools like Google Classroom, Docs, Slides and Gmail. LPS admins set data loss prevention policies to protect students and families.

Chromebooks are managed at scale by LPS administrators who use identity and access policies, filter inappropriate content, restrict app installations and enforce many user level security settings. All third-party authentications or data integrations are reviewed and approved by LPS admins. 

Why are kids using free tools?

They aren’t, really. Student and staff accounts in an educational domain like ours are different from a free Gmail account in many important ways. 

Only verified educational institutions can participate in the “Workspace for Education” program. This separation  allows Google to maintain different licensing, terms of service, and privacy standards than those that apply to the business or general public’s tools. 

Who owns the content produced in Google Workspace for Education?

The Google Apps Terms of Service contractually ensures that Lincoln Public Schools are the sole owners of our student, faculty, and staff data. Not Google.

Who can see our content?

Google does not look at our content. Google employees will only access content that we store on apps when an administrator from LPS grants Google employees explicit permission to do so for troubleshooting.

Who is our content shared with?

Google does not share your content. Google does not share personal information with advertisers or other 3rd parties without your consent.

Google complies with applicable US privacy law, and the Google Workspace for Education Terms of Service specifically details obligations and compliance with FERPA (Family Educational Rights and Privacy Act) regulations.

How is student Chromebook data used?

Google’s systems do compile and collect data from Chromebook usage, but it is only used after the information has been completely scrubbed of identifying information about individual users. This data is used to improve the services they provide. 

Is Google tracking the location of my Chromebook?

LPS has specifically disabled “geolocation services” on student Chromebooks, which prevents Google from seeing the geo-data associated with the “where” of the Chromebook use by students.

LPS and Google can see the IP address (network address) of the WiFi network that the Chromebook is using, but not its physical coordinates.

Is Google Workspace for Education FERPA compliant?

The Terms of Service for Google Workspace for Education specifically address this question as follows:

5.4 FERPA
The parties acknowledge that (a) Customer Data may include personally identifiable information from education records that are subject to FERPA (“FERPA Records”); and (b) to the extent that Customer Data includes FERPA Records, Google will be considered a “School Official” (as that term is used in FERPA and its implementing regulations) and will comply with FERPA.

Are there ads in Google Workspace for Education?

No. There are no ads in Google for Education core services and they do not collect or use student data for advertising purposes or create advertising profiles. K-12 Google for Education users also don’t see ads when they use Google search while signed in to their Google for Education accounts.

Where is my content stored?

Our data is stored in Google’s network of data centers. Google maintains a number of data centers, the locations of which are kept discreet for security purposes. Access to data centers is very limited to only authorized select Google employees personnel.

Is my content safe from others when it is running on the same servers?

Yes. All user accounts are segmented and protected via virtual lock and key that ensures that one user cannot see another user’s data. 

Google Workspace for Education has received a satisfactory SSAE 16 Type II audit. This means that an independent auditor has examined the controls protecting the data in Google Apps (including logical security, privacy, Data Center security, etc) and provided reasonable assurance that these controls are in place and operating effectively.

Parent Considerations

We are often asked about safety & security topics that parents should know or be aware of. Here are a few things that we’d like parents to know.

VPN use by students

We would like to take a moment to make Parents aware of VPNs (Virtual Private Networks), a technology becoming more commonly used amongst middle and high schools students in Lincoln Public Schools.

If you are unfamiliar with VPNs, they are a software tool (in many cases a phone app) that allows you to “tunnel” in and out of networks unseen. When a trusted VPN is used appropriately, it is a security tool that can shield your personal data from potential hackers.

In order to comply with Federal regulations and to provide a more focused learning environment, LPS does everything possible to limit internet traffic on our WiFi and our LPS provided Chromebooks to educational resources. LPS students often use VPN tools on their personal devices (cell phones brought from home) in order to bypass the LPS content filters.

Students are unable to install VPN software on an LPS Chromebook, but we want parents to be aware of a few of the potential dangers in allowing your student to use a VPN on their personal phones to hide their internet traffic:

  • Should a student be in a life threatening situation in which police needed to track their phone to locate them, this would be made impossible.
  • When students are obscuring their cell phone use from parents, it makes them easier targets for sex trafficking or other dangers.
  • A VPN server is usually located abroad and free ones can be used to steal the very data they claim to be protecting.
  • A free VPN tool runs on advertising. The types of ads they target to their users are often not appropriate for minors.
  • Free VPN traffic could easily be intruded by malware that infects devices.

There are dozens of free VPN tools available for iOS and Android devices. A sampling of titles is below. If you find any of these apps on your students’ phones, we suggest that you have a conversation with them about why they use the app.

Betternet
Hide.me
HexaTech
Hotspot Shield
KeepSolid
NordVPN
Norton VPN
Opera VPN
PrivateTunnel
ProtonVPN
Seed4.Me
Speedify
SurfEasy
TunnelBear
Turbo
VPN in Touch
VPN Proxy
VPN Master
Windscribe

Who can see the camera on the Chromebook my child is using?

The Chromebook does not run a Macintosh or Windows operating system. You cannot install applications on the device in the same way that you would on Mac or Windows. Because of this, the Chrome OS is a far more secure platform, and much less likely to be “hacked” by an outsider who would then access the camera.

There are no tools in use at LPS that would allow teachers or other technical staff access to the camera on a Chromebook at any time, from any location.

LPS teachers and staff use a tool called Hāpara to monitor student Chromebook screens and browsing history while on an LPS network. Hāpara denies LPS teachers and technical staff access to the Chromebook camera at any time, regardless of location.

I’ve read that the Wi-Fi being used in our schools can cause cancer.

We are not aware of any scientifically significant studies that have concluded that Wi-Fi causes biological harm on a cellular level. 

The products we use for our Wi-Fi access points (routers) are evaluated by the vendor to ensure they conform to safety limits adopted by such agencies as the Federal Communications Commission (FCC), the World Health Organization (WHO) , the International Commission on Non Ionizing Radiation Protection (ICNIRP) as well as several others, and are used across the globe.

The IARC – International Agency for Research on Cancer (part of the World Health Organization) has labeled short wave radio frequencies such as those used in wi-fi as “Group 2B.” To give you a little context, Group 2B includes coffee, ginkgo biloba extract, aloe vera, and pickled vegetables. This means that they are possibly, but not probably carcinogenic to humans. In other words, WiFi is just as dangerous as pickles, according to scientists.

If you have concerns, Computing Services would be happy to to do some spot checks in your child’s building to measure the wifi signal strength there, and report those numbers to you. Reach out to us through the ConnectNow link at the top of this web page.

– This response was paraphrased from advice provided by Dan Layton, CTO, Zionsville Community Schools, Indiana.