Professional Documents
Culture Documents
For further information, please call Patrick Luce, Coordinator, Network Security, (213) 241-1343 or
email patrick.luce@lausd.net.
I. INTRODUCTION
Although this technology will dramatically reduce the administrative effort required to provide
student transcripts, it also has implications for the protection of those student records. A single
CD can contain up to one thousand student records. The District has a legal obligation to
protect student cumulative records from unauthorized access. Poor security procedures within a
school could result in the compromise of these student records.
II. ENCRYPTION
Each student record CD is “encrypted” in order to protect the data it contains. “Encryption” is
the process of scrambling data so that it is not recognizable unless the user has a “key” to
access the data. “Decryption” is the process of using a key to unscramble the data back into a
recognizable form.
BULLETIN NO. K-32 -2- Information Technology Division
February 4, 2003
Each student record CD has a key known only to personnel within ITD. The key will be
installed directly onto up to two workstations at a school by ITD. The CD will only be readable
on workstations designated by the school, with special software installed under the supervision
of ITD. However, if a CD is left inside a machine and the machine is accessed or taken by an
unauthorized party, that unauthorized party will have access to the student records located on
that CD.
Each CD is also protected with a password to be entered by school personnel. This is to guard
against casual access to student records in the event that the CD is left in a machine. However,
in the event the machine is accessed or taken by an unauthorized party, it provides little or no
protection of the student records on the CD. As such, all LAUSD employees are responsible
for taking the appropriate steps, as outlined below, to secure student records distributed via
CDs to local schools.
General
• All encrypted CDs may only be handled by employees (not students) of the District who have
read this policy and sign a formal agreement to follow all terms of this policy (Attachment A).
All agreement statements must be kept on file at the school site.
• Unauthorized personnel may not handle the CDs or access them at any time for any reason.
• Non-LAUSD employees may not handle the CDs or access them at any time for any reason.
• All encrypted CDs must be stored in a locked drawer or file cabinet when not in use. The CDs
must be stored separately from the workstation(s) from which they may be accessed.
• All workstations with decryption software installed must be in a location secure from public
access. The workstations must also be in a room or office that is locked after business hours.
• All student data CDs have a password that protects against casual access. This password must
be stored in a separate location from both the student CDs and the workstation(s) from which
the student CDs are accessed.
• In the event that an encrypted CD is lost or stolen, notify the Network Security Branch of ITD
immediately at (213) 241-1343. The remaining CDs at the school may be confiscated and re-
issued with new encryption keys at the discretion of ITD Security. If the school is re-keyed, a
new copy of the decryption software will be loaded on designated workstations at the school
by ITD representatives.
• In the event that a workstation used to access student data CDs is stolen, notify the Network
Security Branch of ITD immediately at the phone number shown above. The remaining CDs at
the school may be confiscated and re-issued with new encryption keys at the discretion of ITD
Security. If the school is re-keyed, a new copy of the decryption software will be loaded on
designated workstations at the school by ITD representatives.
###
LOS ANGELES UNIFIED SCHOOL DISTRICT
Information Technology Division
Employee Statement for the Use of Encrypted CDs Containing Student Records
In addition to the requirements for the handling of encrypted CDs, I understand that the information
contained on the CDs is subject to all other District policies and procedures that are in effect to
protect student confidentiality. I understand that improper disclosure of student information in any
form is prohibited by law, and that a disclosure resulting from my failure to comply with these
procedures may result in disciplinary action, including termination.
School Name:____________________________________________________________________
Principal Name:___________________________________________________________________
Principal
Signature:_________________________________Date:__________________________________
This document is for the internal use of the Los Angeles Unified School District (LAUSD)
Information Technology Division (ITD).