Skip to main content

Crandall ISD

One Community. Every Student. Excellence for All.

Schools

Popular Links

  1. Departments
  2. Technology & Innovation
  3. Technology Laws and Regulations

Technology Laws and Regulations

Technology Laws and Regulations

Our Privacy Pledge

As we live in a more digital society, student data privacy and safety continues to be a top priority in Crandall ISD. We want our stakeholders to feel secure in knowing how student and staff information is being used. 

Crandall ISD’s Internet Safety & Responsible Use Policy

  • Crandall ISD utilizes password protection resources for all data. CISD staff uses multi-factor authentication to help protect resources and maintain security. All data is housed domestically in order to ensure United States data privacy guidelines are utilized. 

     

    Some specific strategies utilized by Crandall ISD are as follows:

    • External vendors must agree to the Texas Data Privacy Agreement. 
    • All data uses SSL encryption in transit meaning that all data is encrypted while being transferred via the internet. This is a standard security protocol and ensures that all data transmitted between the web server and browser remains encrypted.
    • Email data utilizes Transport Layer Security (TLS) preferred encryption for inbound and outbound messaging order to provide privacy and data integrity during communication. 
    • The district is currently utilizing the Trusted Learning Environment framework for data policies and practices.

  • School Operations

    We collect data such as addresses, phone numbers, and age to ensure student safety and accurate reporting to help run our school operations efficiently.

     

    Improving The Education Program

    We collect results from local, state, and national assessments to provide teachers, administrators and parents with important information about students, programs, and school performance. This data helps us improve the educational programs we offer and provide experiences specific to our student needs.

     

    Responsible Stewardship and Financial Integrity

    We collect program and financial data to provide assurance that our operations and resources are used in a responsible manner. In addition, we want to make sure the resources and operations we employ lead to student success. We strive to maintain high ethical standards and demonstrate integrity, honesty, and trustworthiness as a district.

     

    Measuring Student Progress and Performance and Meeting Individual Needs

    We collect data such as attendance, grades, and participation in school-sponsored extra-curricular activities to enable students to succeed. We also collect data from surveys and other feedback to improve teaching and learning and address other issues important to students and their families.

  • Family Educational Rights and Privacy Act (FERPA)

    The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education

    The Texas Local Government Records Act, Chapter 201

    States that public school district employees have an obligation to correctly and efficiently maintain the records in their possession to comply with standards for public access, parent/student access, and legal or audit purposes.

    Children's Online Privacy Protection Rule (COPPA)

    COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.

    Google Privacy Policy

    Google takes security seriously, with industry-leading safeguards and privacy policies that put you in control of your school’s data. Here’s how you know that students and educators are protected.


    Children's Internet Protection Act (CIPA)

    The Children's Internet Protection Act (CIPA) was enacted by Congress in 2000 to address concerns
    about children's access to obscene or harmful content over the Internet.

    Protection of Pupil Rights Amendment (PPRA)

    PPRA (20 U.S.C. § 1232h, 34 CFR Part 98) affords parents of students certain rights regarding, among
    other things, participation in surveys, the collection and use of information for marketing purposes, and
    certain physical exams.

    Protecting Children in the 21st Century Act (2007)

    Amends the Communications Act of 1934 to require the Federal Communications Commission (FCC) to issue regulations for promoting a safe internet for children.

    Texas House Bill 18: SCOPE Act

    The SCOPE Act requires covered digital service providers to provide minors with certain data protections, prevent minors from accessing harmful content, and give parents tools to manage their child’s use of the service. The SCOPE Act is highly relevant to Texas school districts. The new law specifically relates to protecting minors from harmful, deceptive, or unfair trade practices in connection with the use of certain digital services and electronic devices, including the use and transfer of electronic devices to students by a public school.

    Texas Data Privacy and Security Act (2024)

    The Act grants Texas residents several key rights over their personal data. It also establishes privacy protection safeguards that apply to companies that “conduct business in [Texas] or produce a product or service consumed by residents of [Texas]” and that collect, use, store, sell, share, analyze, or process consumers’ personal data.

    HIPAA In Texas Schools

    HIPAA Privacy Regulations are federal laws that govern the use and disclosure of confidential health information.

    USDA Children’s Free and Reduced Disclosure

    The Healthy Meals for Healthy Americans Act of 1994, PL 103-448, amended Section 9(b)(2)(C) of the National School Lunch Act (NSLA) (42 USC 1751(b)(2)(C)) to allow, without consent, limited disclosure of information about the free and reduced-price meal or free milk eligibility.

    Payment Card Industry Data Security Standard (PCI DSS)

    Is a set of security standards formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International and American Express. Governed by the Payment Card Industry Security Standards Council (PCI SSC), the compliance scheme aims to secure credit and debit card transactions against data theft and fraud.

    David's Law

    David's Law (Spanish)

    “David’s Law” requires school districts to include cyberbullying in their district bullying policies and notify a child’s parents if he or she is a victim or alleged aggressor of bullying. It allows for schools to collaborate with law enforcement when serious or life-threatening cyberbullying situations arise.

    Texas HB 3834: Cybersecurity Training for State and Local Governments

    Security awareness training requirements for state employees.

    Texas Senate Bill 820

    Relating to a requirement that a school district adopts a cybersecurity policy.

    Texas Senate Bill 1893

    SECTION 1.  Subtitle A, Title 6, Government Code, is amended by adding Chapter 620 to read as follows: CHAPTER 620.  USE OF CERTAIN SOCIAL MEDIA APPLICATIONS AND SERVICES ON GOVERNMENTAL ENTITY DEVICES PROHIBITED Sec. 620.001.  DEFINITIONS. In this chapter:(1)  "Covered application" means:  (A)  the social media service TikTok or any successor application or service developed or provided by ByteDance Limited or an entity owned by ByteDance Limited; or  (B)  a social media application or service specified by the proclamation of the governor under Section 620.005.

    Texas Cybersecurity Framework

    The Department of Information Resources (DIR) developed the Texas Cybersecurity Framework (TCF) in collaboration with other government entities and the private sector. It uses a common language to address and manage cybersecurity risk in a cost-effective way, based on business needs, without placing additional regulatory requirements on agencies. 

    Internet Safety Plan