Table 1. Pupil Records Contents
 

Access without parental consent is provided to school and district employees and trained volunteers, but is restricted to records for which a legitimate educational interest exists. Thisaccess privilege also extends to members of a school attendance review board, and officials and employees of a public school into which a student intends to enroll. However, not all categories of pupil records must be forwarded when a student transfers across schools. Table 2 documents the categories of information which must be provided when a student moves between school districts.

Table 2. Pupil Record Transfer
 

In some instances, personally identifiable information from pupil records can be released directly to outside agencies without parental consent. One obvious example is an emergency, when student information must be released to protect the health or safety of a student or other person. Agencies processing student financial aid applications, or schools involved in school accreditation, are also eligible to receive pupil records. Finally, organizations conducting studies for, or on behalf of, educational agencies may obtain copies of pupil records. In each case, however, these records are considered privileged information, and may not be shared with any person, agency or organization other than the one to whom they were originally released.

Any time a personally identifiable portion of a pupil record is shared with an outside source, a log of persons and organizations requesting or receiving information must be maintained. This log is available to inspection only by a parent, school official responsible for pupil records, or state or federal authority. School districts are not obligated to maintain a log of releases of non-personally identifiable pupil information. This allows school districts to release statistical data to any public agency, private non-profit college, university, or educational research organization without making an official record of this transaction.
 

The following is extracted from Office of Information Technology-Security and Risk Management Guidelines, Section 6, produced by the Department of Finance, Office of Information Technology, State of California, 1992.

Guidelines

6.0 General Comments

State policy requires that each agency identify the automated files and data bases for which it has responsibility. The designated owner of the automated file or data base is responsible for classifying that information. Each agency is also responsible for identifying those applications of information technology that are critical to agency operations.

Classifying of information is a statutory obligation. All State information falls into one of two categories with respect to its disclosure. As defined by the California Public Records Act (Government Code Chapter 3.5, Sections 6250 through 6265) information either "open to the public" or public information, and information which is "not open to the public" or confidential information. For purposes of these guidelines the terms "public" and "confidential" information will be used.

Classifying information into the categories of public or confidential serves to properly indicate, if and when and under what conditions, information is to be disclosed. The Public Records Act does not specify what security measures or controls are to be used in protecting the information.

In order to provide the proper degree of protection it is necessary to further classify information. To resolve this problem a third classification called sensitive information has been established which relates to the security measures and controls necessary to protect either public or confidential information from unintentional or unauthorized disclosure, modification, destruction and/or denial of use.

6.1 Public Information

Public information is all information held by the State on which no legal restrictions have been placed regarding its disclosure. Public information may be further classified as sensitive with regards to the security measures established for its protection and preservation.

6.2 Confidential Information

Confidential information requires special precautions to protect it from unauthorized or accidental access, disclosure, or dissemination. Automated information systems which process confidential data require adequate controls to safeguard against accidental or unauthorized disclosure. Confidential information is defined as follow:

• Information maintained by State agencies that is exempt from disclosure under the provisions of the California Public Records Act (Government Code Section 6250-6265).
• Information classified as personal by the California Information Practices Act of 1977.
• Information that is exempt from disclosure by other applicable State or Federal laws.
• Information, the disclosure of which is limited by contractual obligations, including proprietary computer software, proprietary information, and trade secrets.

Both confidential or public information can be categorized as sensitive information. Sensitive information may require special precautions to protect it from unauthorized disclosure, accidental or intentional modification, destruction or denial of use. Assigning information to sensitivity category helps in defining the security measure that is appropriate for its protection.

There are four levels of sensitivity. The sensitivity levels, S1 through S4, refer to the level of protection that are warranted for a specific file of information or data. It is the department's responsibility to review its electronic information with respect to the Public Records Act, the Information Practices Act, and other State or Federal statutory or regulatory requirements which may apply in determining the sensitivity category and the security measures reasonable and prudent with respect to the protection of that information.

S4 Information which if accidentally or intentionally disclosed, modified or destroyed would constitute an invasion of privacy or result in harm to the individual. Information typical of this category may consist of medical, financial, welfare information, or records pertaining to pending litigation. Operational information or data, such as, personal identification numbers, codes or passwords, etc.

S3 Information which if disclosed, modified or destroyed would have a serious negative impact on the State operations. Included in this category would be financial or investment information. Information or data suppled to the State in confidence, such as, geological or geophysical data, plant production or market or crop reports, etc.

S2 Information which if disclosed, modified or destroyed may have an adverse impact on a department's activities. Information typical of this category are civil service examinations, scoring keys, or competitive bids, etc.

S1 Information needed for the day-to-day operation of government. Information in this category should not contain data which can be related to the identity of an individual, result in a negative fiscal impact to the State, or adversely impact State operations. Information typical of this category is accounting information, statistical information, procedures, policies, published regulations, operational directives, etc.

6.4 Displaying Sensitivity Category

To insure that the proper degree of protection is applied to information that has been printed all reports should display the sensitivity category on the job separator pages and report heading located at the top of each page.

6.5 Protective Cover

Reports that are designated sensitive category three and four (S3 and S4) are to be placed in a protective cover for transport to the proper recipient. Depending on the size of the report the protective cover can consist of an envelop, box, or cabinet. It is not necessary to use a protective cover if report(s) are printed in a controlled environment at the recipients facility.

 
For questions about the content of this product, please contact Lee M. Hoffman.