At District 158, we take information security seriously.
To maintain the confidentiality and integrity of the District information and data including our student data, District 158 has implemented targeted processes and procedures. These can be categorized as:
- Systems that control where key information is stored;
- Access security practices and internal controls that restrict who has rights to view, add/delete, or edit information;
- Physical access controls to District data centers and key networking equipment.
How is access to student data managed?
District 158 follows best practices in establishing and managing system and network access security. Access to student data is managed and controlled through what is known as role-based security. This means that the type and amount of access to student data and other information is governed in our systems by the role which any staff member holds along with what information they require to perform their job as a trusted member of District 158 staff. Staff members must go through a process to gain access to authorized information that includes successfully logging into the District network or one of the systems they use as part of their job duties.
Once a staff member logs in using this method, the internal application controls, role based security, and application permissions restrictions are engaged which limit the data read, write, add, or delete functionality and are specific to a staff member’s role in the District.
The District also follows all rules set forth by state and federal government such as the Federal Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act (HIPAA). For more information regarding these laws, please refer to the following links:
Where is student data held and where does it go?
The primary repository of student data is our Student Information System, PowerSchool. PowerSchool maintains student demographics, household contact information, enrollments, attendance, grades, schedules, transcripts, discipline, bus, lockers, health, IEP, and LEP information. The District does not retain Social Security Numbers within any system.
In addition to the PowerSchool system, the District also maintains multiple supporting systems that assist in running daily operations. Based on need, some student data is routinely transferred between these applications through a variety of secure and encrypted system integration processes.
Physical access to the data centers and the servers that house this data are limited to a small group of network and application administrators in the IT Department. These data centers are also secured with fire protection and power backup capabilities. We also take routine backups of key systems and data which are securely stored and protected.
With the evolution of cloud based solutions, the District also subscribes to some externally hosted applications which are integrated with our student information system through encrypted data communications. Below is a list of various outside agencies that the District provides data to and/or receives data from. Data transferred includes basic student information such as names and schedules so student can log into applications and access curricular materials configured by the District.
- Haiku LMS
- Pearson Successnet
- Curriculum Loft
- Spelling City
Additionally, the District provides testing agencies such as ACT, PARCC, NWEA, etc. with basic student identification as part of the testing and scoring process. The District reports all required data to the Illinois State Board of Education (ISBE) and other government agencies.
Google Apps for Education
The District provides all students with a Google Apps for Education Account. This account allows them to collaborate and share documents with their teacher and fellow students and is an essential component of the classroom. We share limited information with Google solely for account creation purposes. This data, and any data created as a function for using a Google Apps for Education account, belongs to District 158. This type of account is different than having a personal gmail account. Google does not scan student content or email for advertising purposes as they do with regular consumer accounts.
Please review the Google Apps for Education Privacy Statement at: