February 6, 2018
Data Security and Privacy Plan
Educational Vistas Inc.is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the Educational Vistas Inc. site and governs data collection and usage. By using the Educational Vistas Inc. sites, you consent to the data practices described in this statement.
Educational Vistas’ programs and data are housed at TurnKey in Latham which is a secure data Center. TurnKey is a 24/7 monitored facility that restricts physical access to the servers. The servers are also appliance and firewall protected from outside access. There are only 3 of our technicians allowed into the data center and the data center is required to call our offices before granting anyone access to the servers. The center requires physical sign-in to the facility as well. Data is housed on multiple redundant load-balanced servers within the facility. Backed up data is encrypted and has to be restored to the data center before it can be used.
Encryption in Motion
The data center uses https:// to encrypt the data to and from the end points.
Encryption at Rest
Data at rest refers to data that is not moving, data on a drive, or backed up data. For example, this may be a file from a customer. Our internal policies restrict us from putting any client data on a laptop, or USB, or personal devices. Client data can only be accessed through the secure server. Any backed up data is encrypted and cannot be accessed without being restored to the data center.
Staff Training related to the Law(s)
Staff is instructed and trained to not store, remove, or share any customer data. We only use the customer’s information in training the customer at the customer’s site. Staff is trained on HIPAA Privacy, Security Rules, GLBA, which talks about safeguard procedures against fraud or identity theft and instruction about computer security, and FISMA (Federal Information and Security). We also comply with FERPA, which includes hiring contractors to minimize security risks. Every employee and contractor is required to sign a confidentiality agreement as part of their employment package.
Breach Plan and Notification Process
Our IT security company WLS monitors the servers for Security related Breaches. We require immediate Notification of any security breach so we can in turn immediately notify our clients that a breach has occurred, and what was breached. We have, to this date not had any security breach.
The Educational Vistas Inc. Web site use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize Educational Vistas Inc. pages, or register with Educational Vistas Inc. site or services, a cookie helps Educational Vistas Inc. to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Educational Vistas Inc. Web site, the information you previously provided can be retrieved, so you can easily use the Educational Vistas Inc. features that you customized.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Educational Vistas Inc. services or Web sites you visit.
Security of your Personal Information
Educational Vistas Inc. secures your personal information from unauthorized access, use or disclosure. Educational Vistas Inc. secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information (such as a credit card number) is transmitted to other Web sites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
Educational Vistas Inc. encourages you to review the privacy statements of Web sites you choose to link to from our sites so that you can understand how those Web sites collect, use and share your information. Educational Vistas Inc. is not responsible for the privacy statements or other content on Web sites outside of the Educational Vistas Inc. and Educational Vistas Inc. family of Web sites.
Process and Policy to restrict data access to only those with educational interest
The login and security policies within the program restrict access to the data to individuals that need access to the data. The district will specify to us who is allowed to access the information in the programs. The district also has the ability to change the level of access individuals have within the programs. Normal access is program dependent, e.g. teachers see own students, principals their building, etc. Educational Vistas can also use secure LDAP, GOOGLE Authentication, or SAML Authentication to allow the district’s active directory server or other district used authentication to provide an additional restriction on top of the security the programs provide.
Data Disclosure (Statement of Use or Purpose)
Educational Vistas does not use client data. Client data is the property of the client. We do not share client information or client data with anyone. In our services to client district we use client data within the programs for many reasons. Examples would be: To show a teacher which students missed specific standards, print student answer sheets for assessments, build Teacher SLOs, spin assessment data by student for use for teacher driven professional learning, use disaggregated data to set target scores for the district, for the districts to do state reporting like the Civil rights reports, VADIRS, DASA, Discipline Reporting, APPR upload to level 0, parent communication templates or to assist setting initial RTI goals based on assessment scores. Data is used within the programs in order to provide additional data back to the Client District for their use.
Data return or destruction upon end of contract or contract termination
Educational Vistas will remove all customer data from our servers after receiving a written request from the customer to do so. We will also allow the customer to download extracts of the data before we remove it.
Security protocols related to any subcontractors
Subcontractors are required to adhere to the same level of security as our internal staff. We require contractors to sign documents stating they will safeguard the data and not use or share any of the districts data.
Ability to Challenge Data Accuracy
Much of the data we house comes from outside systems such as the district’s Student Information System (SIS). We do have the ability to validate data on import to our system(s) and send email notifications to someone at the district that data may be missing that could cause inaccurate reporting to occur. Our Data Sync tool does this automatically if the district wants it. In the StaffTrac APPR system, where evidence can be entered by multiple users, the district can turn on the ability for the data to be user-, time-, and date-stamped. In the SafeSchoolsNY program, the system tracks who reported and who recorded each incident. The district also has the ability to change their own information in order to correct anything that is not accurate. We make it our priority to ensure data accuracy within the programs.
Changes to this Statement
Educational Vistas Inc. will occasionally update this Statement of Privacy to reflect company and customer feedback. Educational Vistas Inc. encourages you to periodically review this Statement to be informed of how Educational Vistas Inc. is protecting your information.
Educational Vistas Inc. welcomes your comments regarding this Statement of Privacy. If you believe that Educational Vistas Inc. has not adhered to this Statement, please contact Educational Vistas Inc. at firstname.lastname@example.org. We will use commercially reasonable efforts to promptly determine and remedy the problem.