If you receive a message indicating that an email you sent was blocked, you may have Personally Identifiable Information (PII) in the blocked email. The message notifying you that your email was blocked should read as follows:
Delivery has failed to these recipients or groups:
(Last name, first name, email address of the recipient)
ATTN: This email contains Personally Identifiable Information (i.e. SSN). For more info: helpdesk.stancoe.org
Your message wasn't delivered due to an e-mail rule restriction created by the recipient's organization e-mail administrator. Please contact the recipient or the recipient's e-mail administrator to remove the restriction.
What is PII?
According to the California Civil Code § 1798.29), Personally Identifiable Information includes:
- Social Security Numbers
- Individuals’ names or initials
- Driver’s License Number
- Financial Information such as bank account, credit card or debit card numbers
- Medical Information
- Insurance Information
Sending Documents with PII Safely
SCOE provides many options for sharing data instead of using email. You can work with the Information Systems and/or Technology Services Departments to find the method that works best for you. Contact the Helpdesk at 209-238-4357, firstname.lastname@example.org, or submit a request for help through our website: https://helpdesk.stancoe.org
Safely Storing PII
If your work requires storing files with PII, please store files in your network folder. Do not save files with PII on your desktop, on a USB or on a portable hard drive. USBs and portable devices can be easily lost or stolen. The network folders are backed up nightly and are secured.
Protecting PII Data
Cyber criminals use PII for identity theft that can take years to recover from and a lot of effort to clean up your credit history. We are all a target! Victims of identity theft can get assistance from the federal government: https://www.identitytheft.gov/.
As a government agency, we are all mandated to protect student and employee data. We are all responsible for safeguarding our data.
Lost or Stolen Devices
If you have a lost or stolen iPad, Chromebook, desktop/laptop or other device, please immediately report it to Helpdesk by filling out this form. Login on the form by entering SCOE_1\yourusername and your network password. If you have any questions, please contact the Helpdesk at 209-238-4357 or email email@example.com.
SCOE Board Policy Data Privacy Guidelines
Employee Use of Technology - BP/AR/E 4040
Release of Directory Information - BP/AR/E 5125.1
Student and Family Privacy Rights - BP/AR 5022
Student Records - BP/AR 5125
Websites/Community Relations/Social Media - BP/AR 1113
Privacy Protection Laws
FERPA - The Family Educational Rights and Privacy Act of 1974 (FERPA) is a federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
COPPA - The Children's Online Privacy Protection Act (COPPA) is a law created to protect the privacy of children under 13. The Act was passed by the U.S. Congress in 1998 and took effect in April 2000. COPPA is managed by the Federal Trade Commission (FTC).
CIPA - The Children's Internet Protection Act (CIPA) was enacted by Congress in 2000 to address concerns about children's access to obscene or harmful content over the Internet. CIPA imposes certain requirements on schools or libraries that receive discounts for Internet access or internal connections through the E-rate program – a program that makes certain communications services and products more affordable for eligible schools and libraries. In early 2001, the FCC issued rules implementing CIPA and provided updates to those rules in 2011.
AB 1584 - Schools must contract directly with vendors for services that involve PII. To see a checklist for compliance: https://www.f3law.com/downloads/Technology%20Contract%20Checklist%20w%20Sample%20AB%201584%20Contract%20Addendum.pdf
CA Ed Code 49073.1 - Privacy of Pupil Records: https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=EDC§ionNum=49073.1.
SB 1177 - Student privacy: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201320140SB1177
SOPIPA - Student Online Personal Information Protection Act (SOPIPA). The law prohibits sharing student data and using that data for targeted advertising on students for a non-educational purpose. The law took effect on January 1, 2016. It requires operators to implement and maintain reasonable security procedures and practices to protect student data. It also requires operators to delete a student’s information at the request of the school or district. Operators can be anything of the following: Educational websites, Online services, Online applications, and Mobile applications.
CPRA - The California Public Records Act (Statutes of 1968, Chapter 1473; currently codified as California Government Code §§ 6250 through 6276.48) was a law passed by the California State Legislature and signed by the governor in 1968 requiring inspection or disclosure of governmental records to the public upon request, unless exempted by law.
FOIA - The basic function of the Freedom of Information Act is to ensure informed citizens, vital to the functioning of a democratic society. https://www.foia.gov/
HIPPA - The Health Insurance Portability and Accountability Act of 1996 is United States legislation that provides data privacy and security provisions for safeguarding medical information.
Civil Code 1798.29 - Mandated disclosure of breach of security by agency that owns or maintains computerized data. Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California (1) whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person, or, (2) whose encrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person and the encryption key or security credential was, or is reasonably believed to have been, acquired by an unauthorized person and the agency that owns or licenses the encrypted information has a reasonable belief that the encryption key or security credential could render that personal information readable or useable.