Privacy Statement
Lloydminster Public School Division created this website as a resource for visitors to gain access to information related to the school division and the resources and services we provide.
We respect the privacy of our visitors and this page summarizes the privacy and practices that are in effect for Lloydminster Public School Division websites.
Our websites do not automatically gather any personal information from you. Personal information is only attained if you offer it voluntarily, typically via email or contact form, or via registering online in the secure area of this site.
Cookies
A cookie is a file placed on your computer with your temporary internet files while you are visiting a website. LPSD may employ cookies in order to track how users interact and use our site. No personal information is stored in cookies, nor do we collect personal information from you without your knowledge as you browse this site. We may cookies to aid in the collection of anonymous statistical information such as browser type, screen size, traffic patterns and pages visited. This information is then used to improve our service to you. If you wish, you may change the settings on your web browser to deny cookies or to warn you when a cookie will be placed.
Google Apps
Lloydminster Public School Division uses Google Apps for Education allowing all students and staff to communicate and collaborate. Documents and/or files, as well as emails, sent or received by Lloydminster Public School Division, are stored on servers located outside of Canada and subject to foreign laws.
Privacy and Security for Google Apps in LPSD
Ownership and types of data on Google Apps
User-created work (e.g. documents, presentations, email, sites, etc.) are saved on Google servers. All of a user's data is owned by the user and the school division and Google makes no claim on the content.
- Google Apps is governed by a detailed Privacy Policy, which ensures we (Google) will not inappropriately share or use personal information placed in our systems.
- The Google Apps Terms of Service contractually ensures that students, faculty, and staff are the sole owners of their data.
- Because faculty, staff & students own the data they put into Google Apps, we believe it should be easy for your users to move their data in and out of our systems.
- The controls, processes and policies that protect user data in our systems have obtained a SAS 70 Type II attestation and will continue to seek similar attestation.
- Google complies with applicable US privacy law, and the Google Apps Terms of Service can specifically detail their obligations and compliance with FERPA (Family Educational Rights and Privacy Act) regulations.
- Google is registered with the US-EU Safe Harbor agreement, which ensures that their data protection compliance meets international standards. *Note: Although these laws have no legal standing in Alberta or Canada, consider that they demonstrate Google’s commitment to the protection of personal information of our users.
Lloydminster Public School Division is using Google Apps for staff and student work. Student work includes, but isn't limited to lesson plans, essays, quizzes, videos we create, etc. The data Google is collecting and which is stored on Google's servers includes student login information (First Name, Last Name, User name, password). LPSD is satisfied that Google's privacy policies and security measures regarding the protection of personal information are protected in accordance with the FOIP Act and LPSD policies. However, under U.S. law LPSD cannot guarantee against the possible secret disclosure of information to a foreign authority as a consequence of foreign laws. The risk associated with a possible "secret disclosure" is one LPSD is willing to live with in order to benefit from the tremendous educational, collaborative features of Google Apps for Education.
Advertising and commercialization
No advertising to students, faculty, or staff. Google Apps for Education is not only free, it's also completely ad-free -- which means your school's content is not processed by Google's advertising systems, and advertising is not shown to an users - staff or students.
Google's Privacy Principles
You may have heard about changes to Google's privacy policies to simplify how they are communicated. These changes don't change anything from our Google Apps for Education perspective: This from the VP of Enterprise, Amit Singh:
“Enterprise customers using Google Apps for Government, Business or Education have individual contracts that define how we handle and store their data. As always, Google will maintain our enterprise customers’ data in compliance with the confidentiality and security obligations provided to their domain. The new Privacy Policy does not change our contractual agreements, which have always superseded Google’s Privacy Policy for enterprise customers.”
FOIPP regulations and Google Apps for Education
Some key points:
- The Alberta/Saskatchewan Freedom of Information and Protection of Privacy Act (FOIP) governs the collection, use and disclosure of personal information by schools.
- Jurisdiction on the world wide web is in no way a certainty – we are responsible for the collection, use and disclosure within the Division and on behalf of the Division by it's employees.
- Some considerations – who is collecting, using, disclosing personal information – where the personal information is being collected - where is the person is located, etc.
- If a school is going to use a website (e.g. Google Apps) as a teaching tool and thereby direct students there, the school will have to take responsibility for reading user agreements and privacy policies - can be difficult to understand and unreadable.
- Google Inc. is considered to be an “employee” of your district for the services it is contracted to perform for it under the Alberta FOIP act. Therefore your district is accountable under the FOIP Act for the actions of its “employee”. Under Section 38 of the FOIP Act it is our responsibility to protect the personal information that we are responsible for. The FOIP Act requires that we make reasonable security arrangements to protect personal information against such risks as unauthorized access, collection, use, disclosure or destruction. Consequently we need to be satisfied that Google can meet this standard.
Age restrictions in Google Apps EDU
If you are using Google Docs within Google Apps Education Edition for your school domain, it is the school jurisdiction’s responsibility to ensure that the provisions of the FOIP Act are met. This includes ensuring the security of the data, limiting access and notifying parents that the data is stored outside of Canada and subject to U.S. laws. Parental consent under the FOIP Act is required when the school district/school discloses personal information of students to 3rd parties that are outside of the district (that we have not contracted service to). Google Apps is an extension of the classroom and we do not ask parent consent for students to access Google Apps. Per the Google Apps Education Edition Agreement, any school administering Google Apps Education Edition acknowledges and agrees that it is solely responsible for compliance with The FOIP Act, including, but not limited to, making parents aware of the collection of students' personal information used in connection with the provisioning and use of the Services by the Customer and End Users. If students/schools are posting information outside of Google Doc where the general public may have access to the information or 3rd party applications are collecting personal information then parent consent is required.
Parental notification could take place in form of an "Acceptable (or Responsible) Use of Technology agreement granting use of Google Apps and/or other technology services at the school, or a informational letter sent home. In your FOIP Declaration. For more information on complying with The FOIP Act click on the link http://www.servicealberta.ca/foip/
Access to personal information
It is important to communicate to all users that the following persons, positions or employee categories have access to student logins, and through this, to their Google Apps accounts and information.
- Google Apps domain administrators have access to all Google Apps accounts (staff or student), account settings (usernames, passwords, alias'), and user-created sites. The domain administrators can:
- View statistics regarding your account, such as information concerning your last login or data storage usage;
- Change your account password, suspend or terminate your account access and your ability to modify your account;
- Access or retain information stored as part of your account, including your email, contacts and other information; and,
- Receive account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.
- Delete your account and all data associated with that account.
- With Google Apps, students/staff can export their files when they leave LPSD. The Google Apps administrator for will determine when data will be removed/deleted from Google Apps. Under normal circumstances accounts will be deleted one year after the user leaves LPSD.
Access to individual staff and student accounts (both Share (Google) Apps and LPSD Network resources)
- School technicians have access to staff and student accounts at their assigned schools or departments.
- School Administrators and SIS personnel have access to student accounts at their schools.
- Teachers have access to student accounts for those students enrolled in their classes.
- These persons can:
- Access or retain information stored as part of your account, including your email, contacts and other information; and,
- Receive account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.
Confidential information and how Google handles it
Google operates one of the most robust networks of distributed datacenters in the world (read more about them here). The protection of the intellectual property on these servers is critically important to us -- in fact, employees at Google, Inc. rely upon the same Apps production environment used by our education customers.
Google Apps brings you the latest technologies and some of the best practices in the industry for network application security and user privacy, as summarized below:
- It's your content, not ours. Your Apps content belongs to your school, or individual users at your school. Not Google.
- We don't look at your content. Google employees will only access content that you store on Apps when an administrator from your domain grants Google employees explicit permission to do so for troubleshooting.
- We don't share your content. Google does not share personal information with advertisers or other 3rd parties without your consent.
- We sometimes scan content. And for very good reasons, like spam filtering, anti-virus protection, or malware detection. Our systems scan content to make Apps work better for users, enabling unique functionality like powerful search in Gmail and Google Docs. This is completely automated and involves no humans.
- Note that there are a few common-sense exceptions to the points above, like valid legal processes and maintaining the safety and security of our systems.
The section below is from section 6 of the Google Apps for Education Agreement
- 6.1 Obligations. Each party (Google and Lloydminster Public School Division) will: (a) protect the other party’s Confidential Information with the same standard of care it uses to protect its own Confidential Information; and (b) not disclose the Confidential Information, except to affiliates, employees and agents who need to know it and who have agreed in writing to keep it confidential. Each party (and any affiliates, employees and agents to whom it has disclosed Confidential Information) may use Confidential Information only to exercise rights and fulfill obligations under this Agreement, while using reasonable care to protect it. Each party is responsible for any actions of its affiliates, employees and agents in violation of this Section.
- 6.2 Exceptions. Confidential Information does not include information that: (a) the recipient of the Confidential Information already knew; (b) becomes public through no fault of the recipient; (c) was independently developed by the recipient; or (d) was rightfully given to the recipient by another party.
- 6.3 Required Disclosure. Each party may disclose the other party’s Confidential Information when required by law but only after it, if legally permissible: (a) uses commercially reasonable efforts to notify the other party; and (b) gives the other party the chance to challenge the disclosure.
Protecting your Network Login ID and password
Staff and students in access Google Apps using their assigned network login ID's and passwords if you're using Single-Sign-On or Active Directory Integration.
It is important for all users to protect their passwords. Some tips for protecting your password include:
- Do not give your password to anyone else, except in the case of students sharing their password with their parents or legal guardians (your teachers have access to this information already).
- Do not write your password down. Memorize it.
- If you change your password make it into something that is easy for you to remember, but not easy for others to guess.
- Do not use your login name as your password
- A good idea is to use a jumble of letters and numbers that mean something to you. For example, if your grandparents love going to Phoenix every winter, how about gmagpaluvsun or something like that (you get the idea).
- If you feel like your password has been compromised, let your teacher (or for staff, contact your school technician) know as soon as possible and then change your password
Awareness of terms of use and privacy information for users accessing Share (Google) Apps through student and staff accounts
Make all reasonable efforts to ensure that all Google Apps users are made aware of LPSD's acceptable use guidelines with regards to the services. Students who will have Google Apps accounts created must not only agree to the "Google Apps terms of service" (presented to them the first time they log in, see below), but they, along with their parent or legal guardian, must also have access to the COMPUTER NETWORK STUDENT REGISTRATION FORM.
Our responsibility under the FOIPP Act is to ensure that LPSD has made reasonable security arrangements to protect personal information against such risks as unauthorized access, collection, use, disclosure or destruction. In addition LPSD needs to inform users as to what information we're collecting and which information Google may use and have access to, and that their data including e-mail will be stored outside of Canada and subject to foreign laws.
For example, in order to set up students with Google Apps accounts to be access through the portal, we will set up synchronization between our Active Directory (AD) and Google. What this means is that a students first & last name, username (e.g. t.dude) will be sent to Google but will NOT be associated with a school name. In effect, a students personal information (name) is stored on Google servers. The AD sync process does not include password, so staff and student network login passwords are never sent to Google.
Staff and students should also be aware of who has access to their accounts and information stored on Google. This includes notification of what the domain administrators (at LPSD) can do with their account:
Google's privacy policy is quite clear about who owns the data, and who has access to the data. Google only accesses aggregate information to improve service. In addition, Google follows the Safe Harbour principles and they are registered with the U.S. Department of Commerce's Safe Harbour Program. Although these laws have no legal standing in Alberta or Canada, LPSD believes that they do demonstrate Google’s commitment to the protection of personal information of our users.