Wondering how you might secure Chromebooks inexpensively in your classroom environment? As Chromebooks become more popular, securing them inexpensively becomes a higher priority, as this one Texas school district shared recently:We are just getting started with a Chromebook deployment, and I am looking for lockable storage/charging cabinets that will hold at least 20 Chromebooks and allow them to charge overnight.  They don't need wheels.  I just need a way to lock up and charge classroom sets of Chromebooks.  Do any of you have anything like this that you really like?  One district shared that they make their own:Other school districts included the following options:CDWG Laptop Cart - $695.25District Comment: "We love our carts and they are fairly inexpensive but sturdy. You have to order the surge protection separately, but access from the back of the cart is easy. We order them from CDWG. They hold 20 any type of device. They are compact."Lock-n-Charge Cart - Request a quoteDistrict Comment: "Best thing I've seen. I've purchased a variety of sizes and they are wonderful."Tripp-Lite - $1300District Comment: "Tripp-Lite has a product line a lockable charging stations."MY RECOMMENDATIONOf course, for 20 Chromebooks, I wonder why not use a 6-device capacity Copernicus TechTub from Troxell?Copernicus' Premium Tech Tub is easy to move around your facility, so it can go where you or your students go. Made of heat-resistant ABS plastic, it provides rugged yet lightweight storage with ventilation to keep devices cool. Holds up to six devices, depending on model (previous model only held five). Now supports more Chromebooks™ including the 11" models of the most popular brands - Dell, HP, Acer, Asus and Samsung. NEW Taller lid accommodates a wider range of Chromebooks™NEW Adjustable dividers to accommodate up to six devices and cases.NEW Cable management channel to keep cables organized, out of sight, and in-line with each device; Cable management for power strip cord (on back)Internal six-outlet power strip (previous model had external mounted power)Locking block and pin to lock tub to counters and tablesTwo padlocks with the same keysTroxell offers great pricing (one district reported $172) and well-worth it! That's about $688 for 4 TechTubs, each holding 6 Chromebooks each...and we're talking about popular 11-inch Chromebook models from Dell, etc.My contact at Troxell is Trenton Brackley ((800) 352-7912 x6304; trenton.brackley@trox.com).What solution would you recommend?Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

After the TCEA System Administrator Conference on October 30, several districts met to discuss the Texas Textbook Nightmare (click this link to catch-up) visited upon school districts by digital textbook publishers!Source: http://bit.ly/1RdfJojMary Mitchem (Georgetown ISD) shares her thoughts and an awesome rubric Curriculum Depts can use to avoid pitfalls when choosing a digital textbook provider.This is an awesome rubric! I shared it with several staff members and I am taking it to our admin meeting Tuesday. I can also see how this would help bring the technology team into the decision making process so every purchase can be supported with current equipment and systems we have in place. Thank you! Source: Feedback from one school district. TCEA TEC-SIG members (not a member? Why not join up?) accessed this resource first!TEC-SIG Membership$20.00Regular Membership + TEC-SIG$65.00More important, Mary shares a rubric that SHOULD be adopted by all Texas School District Curriculum Departments BEFORE they decide what digital textbooks to embrace:I wanted to follow up with an email to TEC-SIG about our recent Austin-area district meetup with Clever on October 30th to discuss instructional systems management, and specifically, the recent textbook adoption digital resource setup issues.We had been expecting 10 districts but due to the weather that day (torrential rain, flooding, and tornadoes) - we ended up with just five districts, but it was still a fantastic discussion about the other TEXTBOOK TORNADO we had all survived. We had both instructional and technology staff represented and we all shared very common experiences and frustrations with our instructional systems.One of the light-bulb moments for me personally was when we were talking about how much money was spent on this recent adoption compared to the less-than-stellar quality of the products we received. Georgetown ISD also did an SIS RFP this year, but our textbook adoption ended up being double the cost of our SIS contract. Our SIS RFP process involved at least 50 phone interviews with other districts, a 700+ item requirements list, an online survey, and 2 site visits. Our SIS will provide online assignments, a teacher/student/parent portal, and ALL of the other features such as scheduling, PEIMS, attendance, etc. that we need to run our district - at HALF the cost of our recent textbook adoption.So why are we spending twice as much on our instructional content, which is increasing delivered in a technology system rather than a textbook, but only evaluating content rather than system requirements during the evaluation process? It's no surprise that the result is systems that are woefully inadequate for our needs and outrageously overpriced for what they deliver to our districts.In brainstorming this issue, we decided that districts needed an objective set of scoring criteria for instructional systems that evaluated not only the content quality, but the other features that can make or break the delivery of that content, including data integration, user account management, and more. We worked on a rubric in our meeting and at this point we would like your feedback on these criteria. Ultimately, we would like to have a common set of criteria we can use to help our instructional teams in vetting these systems.INSTRUCTIONAL SYSTEMS CRITERIA: https://docs.google.com/document/d/1FE1IJc8LkysStybfPb208K2gIFV8a6IKm7FQbNsdzrI/edit?usp=sharingPlease comment, share with others, and/or email me with changes or things we might have missed. One possible way that we think Clever might help us in this process is by hosting a nation-wide site that provides districts a way to share ratings and reviews of instructional systems based on these criteria - it would be great to share that information with our adoption committees and curriculum departments as they consider these purchases.Thanks in advance for any feedback you can provide on this rubric or the ideas we brainstormed in this meeting!Mary MitchemInformation Systems Manager Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

Note from Amy Mayer, actual Texan:I spoke to Bill Mackenzie, bmackenzie1@ugcloud.ca, a counterpart of ours in Canada, yesterday. Bill sincerely recommended creating these technical collaboratives in Texas. They’ve had great success in other states and in the great states to the North (and I don’t mean Oklahoma, I mean Canada). If you want to join, please fill out this form: bit.ly/joincollabIf you have any questions I can answer, please feel free to contact me at amy@friedtechnology.comTexas Google for Education Technical Collaborative OpportunityThe Google EDU team and its educational partner Amplified IT are establishing Technical Collaboratives in Texas to support districts implementing Google Apps for Education. What is a Technical Collaborative?Collaboratives allows schools to regularly interact virtually and in person to share their experiences as well as questions with other schools and experts such as Amplified IT and the Google EDU team. Amplified IT has created GAfE Technical Collaboratives in Virginia, California and Iowa in the US, as well as Alberta and Ontario in Canada. Staff from participating districts are meeting regularly with both the Amplified IT technical team and Google’s EDU staff learning what’s new with GAfE and doing deep dives on a variety of topics including security and AD integration. This collaborative approach means that districts are no longer isolated in their approach to GAfE.  Member schools are also realizing significant cost savings when purchasing third-party applications through the increased purchasing power of their Collaborative.Learn MoreTo learn more about GAfE Technical Collaboratives please visit www.gafecollab.com.Sign UpTo register your interest in joining our Technical Collaborative please click on the following link: bit.ly/joincollabEverything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

Oh no! My favorite passwork keeper is now vulnerable! I should have known it couldn't last:If you are a KeePass user like me, then beware. denandz just posted a tool in github that can break your KeePass password safe. . .this tool is named KeeFarce. It allows extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url’s are dumped into a CSV file in %AppData% Tools like KeeFarce reminds us that password managers could represent a single point of failure that could be exploited with severe repercussion by hackers.Source: BlackMoreApps Fortunately, this appears to only affect Windows users, not GNU/Linux or Mac users. Thank goodness. In the meantime, you may want to encrypt your Keepass password file with something like Secure Space Encryptor (SSE), AEScrypt, or MiniLock for added protection.Mac/Windows/Linux computer? Get the cross-platform version of Secret Space Encryptor (SSE).Chromebook or use Google Chrome? Try Minilock for individual file encryptionEverything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

Every time I check my Twitter feed, I get a notice of a data breach occurring at a business or school district. That's why it's critical school leaders come up with a Safeguarding Sensitive Data Plan for their district. Below, you'll find some of my efforts along with my colleagues' efforts in developing a District plan. Your feedback is welcome!Image SourceSome points to keep in mind:Avoid using the term "data breach" should your district experience one.If you become aware of a potential loss of sensitive confidential data, make sure you notify TASB so they can help you from the get-go (this should be like the first phone call you make after becoming aware of the problem).Put a policy in place (there are plenty online to choose from, and I've included one further below that's adapted from other sources). Here's one example.Provide professional learning to all staff. Here's one possibe approach.Remember, it's not just digital...paper is important to protect, too.Overview A data security breach occurs any time there is unauthorized access to school district data, including FERPA and/or HIPPA data. Other terms you may encounter when referring to data breaches include a loss of "personally identifiable information," as well as "personal health information."  Lost laptops and misplaced USB flash drives are the top two main cause of data breaches in schools.The District is putting this policy in place for the following reasons:Ensure that District’s staff and student print and digital information remains confidential and only those who should access that information, canPrevent unauthorized individuals from changing staff’s and/or students’ sensitive information.Verify that your information is available when you need it (by making encrypted, secure backup copies and, if appropriate, storing those secure, encrypted backup copies off-site)To accomplish this, you need to secure, not only physical copies of the data (e.g. print-outs in locked file cabinets) but also encrypt digital copies of that data.Defining TermsConfidential, Sensitive or Personally Identifiable DataThe SCHOOL ISD is committed to protecting confidential, sensitive data. Personal Information means any information relating to an identified or identifiable person (employees and consumers) and includes, for example, a person’s name, physical address, phone number, e-mail address, social security number (SSN), credit card numbers, driver’s license numbers, passport numbers, date of birth, savings account, checking account, insurance policy or other health account or financial account number or information, and health or disability information. Personal Information includes employee background checks, including credit reports, and any records that are derived from this information. Additionally, Personal Information includes consumer credit reports and any records that are derived from this information that relate to an identified or identifiable consumer.Family Educational Rights and Privacy Act (FERPA)K-12 educators and support staff are largely unaware of the threats and vulnerabilities associated with the information systems they use.  For example, private student data can be stolen, lost, and/or exposed to the public. This threat is especially pertinent as educators and support staff are obligated to protect sensitive information such as Student Test Numbers under the Family Educational Rights and Privacy Act, or FERPA, which is one of the nation’s strongest privacy protection laws.  These individuals need opportunities to learn about the threats and countermeasures associated with information protection. (Source: Purdue University - Data Security in K-12)Protected Health Information (PHI) and/or HIPPAThe SCHOOL ISD is committed to compliance with the health information privacy and security requirements set forth by federal law and the regulations of the U.S. Department of Health and Human Services. These requirements dictate that the privacy of personal or protected health information (PHI) received by or generated through certain District employee health plans be protected from improper use or disclosure. Protected health information generally includes personally identifiable health information that is maintained by or on behalf of a HIPAA-covered health plan, including information in writing, electronic medium, and oral communications. Protected health information does not include health information that is maintained by the district in its role as an employer (e.g., information maintained in relation to FMLA or worker’s compensation). The HIPAA security rule applies to personally identifiable health information that is in electronic form. Privacy and security safeguards will be implemented to ensure the confidentiality, integrity, and availability of protected health information created, received, maintained, or transmitted by the Plan, including information in electronic form, whether it is being stored or transmitted. Consequences of NOT Securing DataData breaches leave people six times more likely to become victims of identity theft, according to a survey this year by Javelin Research. There can be various consequences to not securing data, such as the following:Direct costs are incurred by the school district for having to notify individuals whose confidential data has been compromised, as well as notify credit agencies.The cost of paying for credit protection for individuals affected.The school district may suffer damage to reputation.Staff may be disciplined or terminated depending on the severity of the data breach.Laptop theft facts that make encryption of confidential data important:Statistics show that as many as one in ten laptops will be stolen or lost from an organization over the lifetime of each computer.86% of security practitioners report that someone in their organization has had a laptop lost or stolen.56% report that it resulted in a data breach.Encryption of data stops cyber criminals from stealing data on laptops.Ninety-seven percent of stolen computers are NEVER recovered. That means that confidential data could be out there indefinitely, waiting like a time-bomb to explode until someone discovers it and then uses it. What could have been done differently in each of these cases (Appendix 4: Case Studies)? Encryption of the data being transmitted via email, or stored on a computer, USB flash drive or web site. Encrypting the confidential data is the single-most important step that could have been taken.Plan for ImplementationThe SCHOOL ISD Plan shall implement and maintain these policies and related procedures to manage the selection, development, implementation, and maintenance of security measures to protect sensitive data (both personally identifiable and health information) and manage the conduct of the District employees in relation to the protection of the protected health information as follows: Authorization. Only District employees designated by the Privacy and Security Official as requiring access to protected health information will be given such access.Training. District employees, including management, authorized to use and disclose protected health information will receive annual training, including privacy and security awareness. Initial training upon hiring; annual refreshers required trainings.Response, Reporting, and Sanctions. Issues of non-compliance with this Policy or the Privacy and Security Rules must be reported promptly upon discovery to the Incident Response Team.Breach Notification. The Plans shall comply with the District’s breach notification policy.Physical Safeguards. Plan members’ protected health information shall be secured in a locked file cabinet used solely for the purpose of storing this information. Paper documents containing protected health information shall be shredded before being discarded. Electronic files containing protected health information, if any, shall be password protected. Unattended work stations and terminals will prevent unauthorized access to protected health information by closing files when not at the computer. A facsimile machine used to transmit and receive protected health information shall be in a secure location. Physical access to systems containing electronic protected health information shall be limited, as reasonable and appropriate, to individuals authorized to use those systems.Technical Safeguards. To the extent protected health information is maintained electronically, access to electronic information systems or software programs will be provided to only those persons who have been granted access rights.Minimum Necessary. When using, disclosing, or requesting PHI, the Plans shall take reasonable and appropriate steps to ensure that only the minimum amount of PHI necessary is used, disclosed, or requested, consistent with HIPAA’s minimum-necessary rule.Contracts with third party entities for storage of District’s data in the cloud.  This has been a hot topic at conferences.  There is specific contract language that should exist within contracts including, storage, security, disposal, etc.  This is what the Walsh Anderson advertisement was referring to.Incident Response TeamDesignate someone who will lead the team but train everyone on what to do.PlanGather thorough, extensive documentation of events leading up to and immediately following the discovery of the breach.Enable clear and immediate communication with everyone in the District about what happened, and how they should respond to any external inquiries.Facilitate immediate notification and activation of the designated response team, especially legal counsel, to determine whether law enforcement and/or other regulatory agencies need to be involved.Participate in identification of the cause of the breach and implementation of whatever steps are necessary to fix the problem.Manage development of messaging and deployment schedule for notifying those whose data was compromised, based on counsel from lawyers who will review state laws, compliance regulations, and other mandates affecting what the messaging must say and how soon notification must occur, as well as what compensation to affected victims should be provided.Notify TASB should be the first step; we have data breach coverage, and they have worked with 3rd party vendors with respect to post-data breach protocol.Data Breach Prevention ChecklistDistrictCommunicate protocols for handling data to all stakeholders. This needs to include paper form, district owned devices, personal devices, and third-party contracts for data.  Challenge will be to identify all stakeholders and what data they currently work with and/or store.  Determine appropriate levels and types of training; implement training for new employees; develop refresher trainings annually for all employees.Monitor prevention measures on a timely basis.Establish an incident response team with clear expectations as to role to play.Conduct an inventory of sensitive data assets.Categorize data so that end-users know how to protect data.Implement a communication plan for all stakeholders, including partners.Heighten awareness of how critical it is to safeguard data.Maintain up to date firewall and content filtering system.Require safeguarding sensitive data for all staff in the Responsible Use Agreement.Provide web visitors/users with terms and conditions for the use of the school district’s web site, network and systems, prohibiting the collection of information through the use of bots and other types of hacking.Incorporate the District’s Vendor Access Policy into the vendor’s contract to lessen the school district’s risk of a data breach.All district hard drives and storage media will be wiped (e.g. DBAN) or destroyed as appropriate prior to being made available for auction or released to public and/or community.CampusPractice steps--modeled via professional learning--to safeguard sensitive data consistently.Learn how to communicate effectively to District Incident Response Team with critical information about what data was lost, the source of the data, the media (e.g. USB, email with attachment, paper), number of individuals affected, etc.Establish processes for shredding paper and digital data while maintaining records retention policies when appropriate.IndividualPractice steps to safeguard sensitive data consistently (refer to list)Lock your workstation when you step away from it.Encrypt sensitive data that includes staff/student information.Lock confidential documents.Avoid opening sensitive data on personal mobile devices and/or removing them from a secure campus location.Engage in healthy data protection practices.Practice encryption of sensitive data, including emails, files.Maintain secure passwords and protect passwords using a "password-keeper."Response ChecklistDistrictReceive a report of an alleged data breach from an individual to District personnel (this could be from an employee or a vendor). Need to establish process and protocols for identifying and reporting different types of data breach. Establish chain of command reporting for staff to ISD.Establish chain of command for contracted services data breach reported to ISD..Conduct a forensic analysis of data breach to determine reportable incident.If data is unencrypted, law requires that a data breach be reported to the Incident Response Team, law enforcement, and affected individuals. If data is encrypted, no data breach occurred.Types of notice to affected individuals: Per a recent session at TASB, third-party vendors are able to assist with this process and the cost is included within the coverage type.  Written notice to last known home address for the individual.Telephone notice.Email notice if a valid email address is available (e.g. staff).Substitute Notice. This involves conspicuous posting of data breach notice on the School District web site and notification to major media outlets. CampusPractice steps to safeguard sensitive data consistentlyCommunicate effectively to District Incident Response Team should a breach occur.ReferencesEdTech, How Schools Can Mitigate Data Risk. Available online 07/22/2015 at http://www.edtechmagazine.com/k12/article/2014/10/how-schools-can-mitigate-data-risksHIPAA Privacy Policy. Available online 07/22/2015 at http://www.brf.org/wp-content/uploads/tiedejul/523.5-HIPAA-Privacy-Policy-10-3-13.pdf DRAFTI. IntroductionThe SCHOOL ISD collects and works to safeguard sensitive data, such as personally identifiable information (PII), as well as data classified as Family Educational Rights Protection Act (FERPA) and/or Health Insurance Portability and Accountability Act (HIPAA) protected data. This can include data such a person’s name, physical address, phone number, e-mail address, social security (SSN), credit card numbers, driver’s license numbers, passport numbers, data of birth, savings account, checking account insurance policy or health account or financial account number or information, and health or disability information. Unauthorized access, use, or disclosure of sensitive data can seriously harm individuals by enabling the opportunity for identity theft, blackmail or embarrassment. The disclosure of sensitive data can also cause the SCHOOL ISD to suffer a reduction in public trust and can create a legal liability.Sensitive data collected and/or used should be considered protected data and must be protected when in digital format and/or print format. This policy covers students, employees and others on whom the SCHOOL ISD may have such information. The policy applies to all persons exposed to sensitive data, its storage mechanisms (how the information is stored, e.g. paper, electronic, other media) and modes of transmission.II. Purpose and ScopeThe purpose of this policy is to ensure (a) that employees understand the need to safeguard this information, and (b) that adequate procedures are in place to minimize this risk of improper disclosure of sensitive data. Access to sensitive data may only be granted to authorized individuals on a need to know basis. This policy seeks to ensure the security, confidentiality, and appropriate use of all sensitive data processed, stored, maintained, or transmitted on the SCHOOL ISD’s computer systems and networks. This includes protection from unauthorized modification, destruction, or disclosure, whether intentional or accidental.III. PolicyThe SCHOOL ISD supports the protection of individual privacy. As such, it will comply with all applicable laws that govern the collection, storage, transfer, use of, and access to sensitive data.The SCHOOL ISD shall strive to minimize collection of sensitive data to the least amount of information required to complete a particular transaction or to fulfill a particular purpose related to the academic or business needs of the institution. Employees should limit any request for sensitive data to the minimum necessary or appropriate to accomplish the District’s purpose for which it is requested.All sensitive data in the possession of the SCHOOL ISD is considered confidential unless:The data owner has authorized the release of information designated as "Directory Information" by the District; orThe data owner has otherwise authorized its disclosure.The SCHOOL ISD requires that sensitive data--such as that listed below--must be stored and transferred in encrypted format when digital, and kept secure when in paper form.Consistent with applicable law and District policy, custodians of sensitive data shall take reasonable and appropriate steps to:limit access to and further use of or transfer of such informationensure that the information is maintained in a form and manner that is appropriately secure in light of the nature and sensitivity of the information.How to Protect Sensitive DataElectronic Storage and DisposalDo not store sensitive data on a portable, mobile device (e.g. USB drive, CD, laptop) in decrypted format.Do not store sensitive data in public files accessible via the Internet (e.g. Dropbox, non-District GoogleDrive). Do not download sensitive data from District databases (e.g. Eduphoria, Data Dashboard) unless legally required or for standard district practice.Do not transmit sensitive data to external parties via email or the Internet unless the connection is secure and/or the information encrypted. Refer to http://tinyurl.com/ecbesafe for help on how to encrypt/decrypt information).Safely wipe (a.k.a. "digital shredding") storage media when disposing of equipment.Contracts with third party entities for storage of District’s data in the cloud will be signed to ensure protected storage, security and disposal of data in alignment with District policy is assured. The District will require the vendor to detail in the contract how data is securely stored, who has access and use of the data, as well as how data is transferred or shared among users internal to the third party and/or other authorized users. Third party entities will also be expected to detail how data will be destroyed at the end of the contract term and a copy returned to the District.Physical Storage and DisposalDo not publicly display sensitive data or leave sensitive data unattended, even on your desk or on the desk of a co-worker.Do not take sensitive data home.Do not discard sensitive data in the trash. Shred sensitive data when it is no longer needed.SecurityLock your computer when unattended.Lock offices, desks, and files that contain sensitive data when unattended.Eliminate the use of forms that ask for sensitive data whenever possible.Password-protect all accounts with access to sensitive data.Do not share passwords and do not document passwords.Legal Disclosure RequirementsDo not share sensitive data with anyone unless required by law, specific job responsibilities, or business requirements. Be prepared to say "no" when asked to provide that type of information.Do not communication sensitive data designated by the Family Educational Rights and Privacy Act (FERPA).Notify your supervisor immediately if you suspect sensitive data may have been compromised. The Texas Association of School Boards (TASB) will be notified of any situations in which sensitive data is compromised, and apprised of the details of that situation. Laws and Regulations relating to Sensitive DataFERPA -- Family Educational Rights and Privacy Act. Limits the disclosure of "education records" defined as those records that are: (a) directly related to a student, and, (b) maintained by or on behalf of the District.A record is "directly related" to a student if it is "personally identifiable" to the student.A record is "personally identifiable" to a student if it expressly identifies the student by name, address, birth date, social security number, ID number, or other such common identifier.Examples of "education records" include registration records, transcripts, papers, exams, individual class schedules, financial aid records, disability accommodation records, individualized education plans, and placement records.HIPAA -- Health Insurance Portability and Accountability Act. Imposes privacy and security standards addressing the use, disclosure, storage and transfer of "protected health information.""Protected health information (PHI)" means "individually identifiable health information," which is any information that identifies an individual and relates to the individual’s past, present, or future physical or mental health or condition.Examples of information that should be treated as "protected health information" at the District include employee benefit information, worker’s compensation claim information, student health services information, and student counseling information.GLB -- Gramm-Leach-Bliley Act. Requires implementation of a written information security program for "customer information.""Customer information" means any record containing "nonpublic personal information" handled or maintained by or on behalf of the institution about a customer of that institution.Examples of "customer information" at the District include financial records of employees, students and/or their parents (such as cashier’s accounts, or information related to financial aid), and donors.PCI-DSS -- Payment Card Industry Data Security Standards. Requires implementation of security standards surrounding the authorization, processing, storage, and transmission of credit card data. The security standards apply to electronic and paper credit card data. Credit card data is defined as the first six and/or the last four digits of any credit card provided by a customer to conduct business. If all digits of credit card are used, then name, card expiration date, and source code are considered credit card data and must be protected.Texas Identity Theft Enforcement and Protection Act. Requires implementation and maintenance of reasonable procedures to protect information collected or maintained in the regular course of business from unlawful use or disclosure, including personal identifying information and sensitive personal information.IV. Disciplinary ActionViolation of this policy may result in disciplinary action, up to and including termination of employment pursuant to the District’s Employee Handbook and Responsible Use Agreement.V. Review and ResponsibilitiesResponsible Party: Assistant Superintendent of FinanceReview: Every 2 years, on or before September 1VI. Approval_________________________________________________Superintendent of Schools_________________________________________________Effective DateAdapted from the Texas Southern University Personally Identifiable Information Policy 04.06.28. Available online at http://tinyurl.com/qyb3xww 10/15/20159 Simple Steps for Safeguarding Sensitive DataAs SCHOOL ISD employees, we are all afforded access to a variety of confidential or sensitive data. This data, which may include personally identifiable information, pertains to students, parents, and/or employees. Below, please find a list of steps you can take to model responsible data practices in line with our Responsible Use Agreement and District Policy.CONVERSATION1. Avoid discussing sensitive data in the presence of unauthorized personnel. If they are not authorized to view sensitive data, then they are not authorized to hear about it either.PAPER DOCUMENTS2. Avoid sharing sensitive documents with unauthorized individuals. This includes allowing others to view documents as well as giving them copies of documents.3. Store sensitive documents in a lockable file cabinet or drawer.4. Shred documents before disposal.DIGITAL5. Don’t allow others to view your computer programs unless you are present to monitor activity and operate the technology. Also, be sensitive to prevent unauthorized viewing of confidential data or misuse of data while another is viewing content, even when you are present.6. When away from your desk area, lock your computer. This will keep unauthorized personnel from accessing and using your computer.7. Avoid saving sensitive data in unencrypted format directly to your computer. This includes places such as your Desktop, MyDocuments, or your hard drive. If your computer/laptop/tablet is stolen, any sensitive data stored there will be accessible by the thief and anyone else who touches that device. Also, do not save sensitive data in unencrypted format to external storage devices such as thumb drives, CDs, and "cloud storage." Get encryption software appropriate for Your DeviceFile Encryption?Mac/Windows/Linux computer? Get the cross-platform version of Secret Space Encryptor (SSE).Chromebook or use Google Chrome? Try Minilock for individual file encryptionAndroid device? Get Secret Space Encryptor (SSE) for Android from Google Play store.Text/Email Encryption?iOS/iPhone/iPad device? Get Paranoia Text Encryptor (PTE)Any device? Text Encryption (save then open in your web browser)You may also want to get a copy of File Shredder for Windows to securely delete information from your Windows computer.PASSWORDS8. Avoid sharing your passwords. In fact, it is a direct violation of district policy to share your password with other staff. If an issue arises, contact the EC Technology Operations Office for assistance at 210-649-2343.9. Avoid storing your passwords in an unencrypted text file or cloud storage (e.g. GoogleDoc). Instead, take advantage of a "password locker" type program. More information on developing and securely storing your passwords is available online at http://tinyurl.com/safeguardpasswordsEverything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

On my work commute, I had a visceral reaction to a sign from a university. I forget the university, but the gigantic billboard next to the highway certainly grabbed my attention. In red letters, Fit in. caught my eye and my gut-level reaction was, "No way!" I immediately second-guessed myself. Am I so rebellious, so anti-authority, anti-establishment that fitting in is now a bad thing? We evolved as human beings to fit in. If you did not fit in to the village of 150 people and the chief got mad at you, you were kicked out, the tigers would find you and you would die. So we were trained to fit in, to do what we're told, to buy into the norm.Today, the ideas is the currency, not the ability to do what you're told. If you want to make an impact in this world, you better overcome your fear of being different and stand out from the crowd. (Read More Seth Godin)As I've shared previously, my desire as a K-16 student was to fit in whenever possible. Even during my early career years, the goal wasn't to do extraordinary things--unless helping students be extraordinary using writing and technology isn't ordinary--but to get a job and keep it. Some time in the last 20 years, my vision has changed. "Fit in" is good advice for college students when that phrase means, Find some place that aligns with your core values and beliefs, that will help you dig to bedrock of your soul and tap into the wellspring of power that lies latent inside you. Watching my daughter go through interview process with a university that could swing her up into the stars, it occurs to me that "fitting in" is terrible advice when it means, "Do what you can to fit in, don't rock the boat, support the status quo." The reason my daughter gets access to awesome university opportunities--scholarships that can take her far farther than my wife and I could with our meager education pay--is because she's 1) Obsessed about pursuing her academic passions; 2) Unwilling to sit still and be quiet, instead reaching out to make connections; and 3) She's darn smart!Now, what happens when you think of technology, pedagogy and content? If we were to personify those 3 areas, it would be easy to imagine technology as the child who is constantly being told to "fit in," right? Think about the conversation:Pedagogy says, "You can't do nothing without me, baby!" Content cries out, "You ain't got nothing without me, honey!" and Technology replies, "I guess that must be true."A quote from a recent MyNotes article really has stuck with me, and I'm going to share it again:Digital design is, neither learning about technology nor learning with technology, but learning creativity and innovation through technology. http://tpck.org/Now, while many educational technology folks know about this already, it's worth revisiting the idea of TPACK:The TPACK approach goes beyond seeing these three knowledge bases in isolation. On the other hand, it emphasizes the new kinds of knowledge that lie at the intersections between them. Considering P and C together we get Pedagogical Content Knowledge (PCK), Shulman’s idea of knowledge of pedagogy that is applicable to the teaching of specific content. Similarly, considering T and C taken together, we get Technological Content Knowledge (TCK), the knowledge of the relationship between technology and content. At the intersection of T and P, is Technological Pedagogical Knowledge (TPK), which emphasizes the existence, components and capabilities of various technologies as they are used in the settings of teaching and learning. Finally, at the intersection of all three elements is Technological Pedagogical Content Knowledge (TPACK). True technology integration is understanding and negotiating the relationships between these three components of knowledge. A teacher capable of negotiating these relationships represents a form of expertise different from, and greater than, the knowledge of a disciplinary expert (say a mathematician or a historian), a technology expert (a computer scientist) and a pedagogical expert (an experienced educator). Effective technology integration for pedagogy around specific subject matter requires developing sensitivity to the dynamic, [transactional] relationship between all three components. (Source: http://tpck.org/)When people ask, where does technology fit into the grand scheme of teaching, learning and leadership? We have to step back and ask ourselves, do we really want technology to "fit in," or do we want to find that sweet spot, unleash the coiled energy that lies at the base of the relationship between Pedagogy, Content, and Technology?Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

State Board of Education to explore digital textbooks and technology use in Texas schoolsThe State Board of Education will host a learning roundtable on Tuesday, Nov. 17, in Austin to explore the increasing use of digital textbooks and technology in the classroom and hear from state and national experts in the field. The Learning Roundtable - Educating the Digital Generation Summit begins at 8:30 a.m. in the House Appropriations Hearing Room (room E1.030) in the State Capitol Extension. The meeting will be livestreamed over http://www.house.state.tx.us/video-audio/. "We are in a transition time as more and more districts embrace the promise of digital education," said Donna Bahorich, chair of the State Board of Education. "However, moving to digital content in the classroom brings a significant set of challenges, such as network connectivity and capacity in closing the digital divide; gaps in digital skills of staff, teachers and students; the complexity of the variety of devices and content; cost, support and obsolescence; and student security and privacy. Our goal is to better understand where we are today and what Texas should be doing over the next five years to ensure our students and teachers have the best environment possible for learning and success."Invited presenters include: ·         Brendan Desetti, director of education policy for the Software & Information Technology Association, who works with stakeholders to identify educational trends. ·         Jay Diskey, executive director of the Association of American Publishers’ PreK-12 Learning Group, who directs the group’s advocacy, public policy development and operations. ·         Lan Neugent, interim executive director of the State Educational Technology Directors Association, who has first-hand experience with online testing and statewide instructional technology resource teacher deployment. ·         Anthony Swei, co-founder of EducationSuperHighway, who is on the forefront of leading the nationwide effort to provide network capacity and connectivity to allow digital learning for every K12 student. ·         Chuck Weaver, chair of the Department of Psychology and Neuroscience at Baylor University, who is widely published on the topics of reading and education, memory and language, and the relationship between confidence and memory. ·         Jon Wilkins, managing director of the Federal Communications Commission, who will discuss the E-rate program which provides discounted telecommunications, internet access, and internal connections to eligible schools and libraries.Texas superintendents, publishing company representatives, district textbook managers, open educational resources providers and technology experts will also present during the learning roundtable. The speakers have been asked to cover a number of questions during their presentations. Brief biographies of the invited speakers are available online.In addition to the full day's discussion, there will be an after-action report capturing all the recommendations from panelists that is intended to be helpful to the legislature, governor and lieutenant governor, particularly with their focus on increasing connectivity for every classroom.______________________________________________________________________________The 15-member State Board of Education regularly oversees an extensive instructional materials adoption process. The board creates an adoption cycle that calls for new materials in the Foundation Curriculum areas every eight years. Adoption of new materials for subjects in the Enrichment Curriculum may extend beyond eight years.Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

A district-level administrator has a GoogleSheet with 500 Social Security Numbers for students and they accidentally drag it into a publicly shared GoogleDrive folder. A data breach has just occurred. What happens next?If you take advantage of the right solution--like those reference in this email below--you can mitigate the negative effects of these "accidents." But are these solutions even necessary? You decide.This video from SysCloud, one of the vendors which I mention below, covers the basics of concerns:Do you have the technology in place to catch that error? Here are two possible solutions, but they aren't the only ones....Solution #1 - CloudLockMyNotesFind out more online at https://www.cloudlock.com/products/google-apps/Several organizations use CloudLock to protect their content in mergers and acquisitions to safeguard data, as well their own internal data.Many organizations--some of the ones mentioned included GSA, BBVA, 100s of colleges/universities, Texas Technical College, Austin Community College, DART in Dallas, 250 K-12 schools (Lufkin ISD)91,000 apps discovered that students can sign-in with Google10 million users1 billion files monitoredOne example shared was Kaizena - it allows students to use their GoogleApps login to get into apps that may be compromised in the future.Kim Kardashian app breach used as an example.10 critical controlsPromote digital citizenship and end-user awarenessstudent welfareobjectionable lang and contentstudents sharing externally and domain widepublic or domain wide sharing of student recordsstaff sharing student info externallyPII + student record information handlingIEP information handlingDiscover and control 3rd Party appsEncrypting sensitive and confidential data in Google DriveControlling against VPN (qualifies as suspicious behavior by students). They use these to get around network firewalls.CloudLock recommends focusing on these areas for cloud security:Compromised accountscloud malwaresensitive datacompliancesecurity administrationCost-free, commitment-free commitment available.Solution #2 - SysCloudMyNotes from their DocumentSome of their core features include:Granular Level Control: Flexibility to create policy scopes at every level for greater policy controlDocument Policy Security: Implement granular data access controls through security policiesManual Control: Administrators can unshare or take complete control without waiting for user to take actionDocument Sharing Visibility: Gain visibility into users, documents and internal/external sharing of your dataMessaging: Customizable messaging templates for policy announcements and policy violation notificationsIn-depth Auditing: Keep track of user access and actions with full audit capabilitiesEnd user exception management portal (self service)They provide compliance audit reporting and security policy templates for FERPA, CA 1584, HIPAA, PCI, CIPA They provide online backup of all GoogleApps accounts and the ability to export them as PST files which can be opened with Mozilla Thunderbird and other apps (e.g. MS Exchange)SysCloud Backup software is secured with a Starfield Technologies SSL Web Server Certificate. Transactions on the site are protected with 128-bit Secure Sockets Layer (SSL) encryption.Complete data backup is done under a secured channel. The inbound data from source domain is completely encrypted using 512 bit encryption and stored in the destination.Software connects to the domain Google API servers using OAuth and doesn’t require any passwords to the source email accounts.Hosted by Amazon (AWS)Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

When a hurricane, typhoon strikes a remote area, as a citizen of the U.S. where every surface appears paved, every destination has an asphalt road leading to it, I am always amazed that the only way for people to help is to walk, climb, float or fly. It's a frightening thought--help is a helicopter flight away.Source: http://bit.ly/1PCO69s"In a country where we expect free wifi with our coffee," said President Obama in June 2013, "we should definitely demand it in our schools." Many would go so far as to say, we need it in our children's homes, too. As the Internet becomes even more essential to student success, it's clear that more needs to be done to connect families at home.Case Study: As I recorded here, 1:1 Infrastructure for Equitable Mobility, large Texas districts like Dallas ISD have put in a lot of blood, sweat, money and tears to get students connected at home. Dallas ISD did a wireless study to discover  how the District can provide a wireless connection to students, which do not have any internet connections, throughout the Dallas urban area. They found several possible options, including setup of an 802.11 wireless mesh system homing back access points to nearest school or network location, microwave antennas for hard to reach places, local internet service providers, issuing WiFi hotspots, and private LTE.Wow, that's fairly mind-boggling! What should the role of schools be in making this happen? Per a this study, CoSN Infrastructure Survey Highlights Broadband Progress and Troubling Gaps, there is an expectation schools provide access to students at home.And this is reflected in some of the presentations I've seen at Conferences, not unlike Dallas ISD. I've seen an increasing push for school districts to cover the cost of creating networks so that students can have Internet access at home."For some families, $9.95 a month is still too much," Leonard said. "Also, one hard-wired computer per family doesn't necessarily work in our world anymore. If I'm giving kids iPads and MacBook Airs to bring home, those are not hard-wired devices. They work in a wireless environment. Even if you did hardwire one of them, you can only have one computer on that hard-wired system at a time. You need a router." Source: Bandwidth for All, THE Journal When you consider that EVERYTHING is on the Web, I can't imagine many schools arguing that this isn't essential. Internet is a utility, like telephones, electricity....many rural schools are looking to expand bandwidth by installing fiber optics, either between buildings or across parts of the community. "They have to negotiate right of way, or even crossing rail road tracks," he said. "That's where it takes a lot of work and leadership in the local community. It may take five years. In many cases, the community may look to bond funds or other sources in addition to the E-rate program to get that funding in place." Source: Bandwidth for All, THE JournalFor all schools, getting their pupils connected at home can be a daunting task. Comcast's effort, laudable as it is, isn't getting the job done in San Antonio, Texas, USA.We need a better solution. What is your district doing?Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

"What are your District Technology KPIs?" I asked a colleague. "In fact, do you even have KPIs?" His response drew a chuckle."It's on my bucket list." Funny, isn't it?  The KPIs that help gauge our success, generate insights, are perhaps the last thing we think about. Yet, KPIs can help us be more strategic about what we do daily in edtech. Can you imagine if we identified CSFs and KPIs for housework? What our homes would look like?Image Source: http://www.bscdesigner.com/kpis-vs-csfs.htmWhen I first started down the road of trying to better track what was going on in regards to professional development, I had access to a lot of information. That said, I needed to boil it down to simple visuals others could understand at a glance. I didn't realize it, but I was playing around with a concept known as Key Performance Indicators:The purpose of KPIs is to create an easy-to-understand visual representation of metrics, integrating and automating data analysis from a few key systems and share the data with stakeholders. The goal is to "create conversations about the data."Source: Adapted from THE Journal, December, 2013 issueKey = Important/RelevantPerformance = Doing, Carrying out, ExecutingIndicator = Point out, Tell, Show (Source: RMIT University)Setting up KPIs means you need to figure out what data is relevant and important to you, your stakeholders:A KPI is a selected indicator considered key for monitoring the performance of a strategic objective, outcome, or key result area important to the success of an activity and growth of the organization overall. Source: http://smartkpis.com/blog/2011/04/Some possible KPIs for technology management that come to mind include the following:Outstanding support tickets/work orders for a campus or locationPurchase order number to date for technology acquisitionsTotal value of purchase orders to date for technology acquisitionsResponse Time for Work OrdersWhat are your District's KPIs for Technology?Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure