Middletown Public Schools                                                               No. 4150

 

CONFIDENTIALITY OF INFORMATION

I. POLICY STATEMENT

The School Committee recognizes its legal and ethical obligation to protect the confidentiality of student, employee, and District information. All confidential information shall be safeguarded against unauthorized access, use, disclosure, or dissemination in accordance with federal law, Rhode Island General Laws, and Rhode Island Department of Education (RIDE) regulations and guidance.

No employee, contractor, volunteer, or agent of the District shall access, use, or disclose confidential information except as authorized by law, School Committee policy, or administrative procedures, and only where a legitimate educational or operational interest exists.

II. PURPOSE

The purpose of this policy is to:

1. Ensure compliance with federal and Rhode Island laws governing confidentiality and data privacy
2. Protect the privacy rights of students, families, employees, and other stakeholders
3. Establish clear expectations for the handling of confidential information
4. Prevent unauthorized disclosure or misuse of protected information

III. SCOPE

This policy applies to all District employees, School Committee members, contractors, consultants, volunteers, and any other individuals or entities acting on behalf of the District.

IV. DEFINITIONS

A. Confidential Information

Confidential information includes, but is not limited to:

●        Personally identifiable information (PII) as defined in FERPA (34 C.F.R. § 99.3)

●        Student data as defined under the Rhode Island Student Privacy Act (R.I. Gen. Laws § 16-71)

●        Educational records

●        Personnel and employment records not subject to disclosure under law

●        Health and medical information

●        Financial and operational data not designated as public

Confidential information includes any information protected under federal or Rhode Island law or designated confidential by the District, including but not limited to:

●        Student academic, disciplinary, attendance, and assessment records

●        Special education and disability-related information (IDEA/Section 504)

●        Demographic data

●        Parent/guardian contact information

●        Student identifiers and login credentials

●        Digital records, metadata, and communications

●        Employment application and personnel information

B. Educational Records

Records, files, documents, and other materials directly related to a student and maintained by the District or a party acting on its behalf, as defined by FERPA.

C. Legitimate Educational Interest

A need to access information in order to fulfill professional responsibilities, consistent with FERPA and District policy.

D. Unauthorized Third Party

Any individual or entity without a legitimate educational or operational interest in the information, as defined by law or District policy.

E. Senior Administrator

The Superintendent, Assistant Superintendent, Director of Finance/Administration, building principal, or designee authorized by the Superintendent.

V. POLICY REQUIREMENTS

A. General Confidentiality Obligations

All individuals covered by this policy shall:

1. Access confidential information only when necessary to perform assigned duties
2. Maintain the confidentiality of all protected information
3. Refrain from unauthorized disclosure or discussion of confidential information
4. Comply with all applicable federal and Rhode Island laws and District procedures

B. Prohibited Conduct

Staff and other covered individuals shall not:

●        Access confidential information without authorization

●        Disclose confidential information to unauthorized individuals

●        Use confidential information for personal gain

●        Store confidential information on unauthorized or unsecured devices

●        Remove or transmit confidential information outside District systems without authorization

C. Safeguarding Information

All staff shall:

●        Secure physical and electronic records at all times

●        Follow District data security and acceptable use protocols

●        Use only District-approved systems and encryption methods

●        Maintain a “clean desk” environment

●        Prevent unauthorized viewing or access to confidential materials

D. Data Retention and Disposal

Confidential information shall be maintained and destroyed in accordance with:

●        Rhode Island records retention requirements

●        Municipal and District retention schedules

●        Applicable federal laws

E. Breach Reporting

All individuals must immediately report:

●        Unauthorized access, disclosure, or use of confidential information

●        Loss or theft of devices containing confidential data

●        Any suspected or confirmed data breach

Reports shall be made to a supervisor and/or a Senior Administrator immediately.

The District shall respond to breaches in accordance with the Rhode Island Identity Theft Protection Act and applicable RIDE guidance.

 

 

F. Separation of Employment

All confidential information remains the property of the District. Individuals must return all materials upon separation of employment or upon request. Confidentiality obligations continue after separation.

VI. DISTRICT RESPONSIBILITIES

The District shall:

1. Establish administrative procedures to implement this policy
2. Provide training on confidentiality, data privacy, and security
3. Maintain safeguards to protect confidential information
4. Ensure vendor compliance with the Rhode Island Student Privacy Act
5. Implement data governance and incident response protocols

VII. DISCIPLINE

Violation of this policy may result in disciplinary action, up to and including termination of employment, consistent with:

●        Applicable collective bargaining agreements

●        Rhode Island law

●        District policies

The District may also pursue legal remedies where appropriate.

VIII. PUBLIC RECORDS COMPLIANCE

Nothing in this policy shall be interpreted to conflict with the Rhode Island Access to Public Records Act (APRA). Confidential records, including student and certain personnel records, shall not be disclosed except as permitted by law.

IX. LEGAL REFERENCES

Federal Law:

●        Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g; 34 C.F.R. Part 99

●        Individuals with Disabilities Education Act (IDEA), 20 U.S.C. § 1400 et seq.

●        Section 504 of the Rehabilitation Act of 1973

●        Protection of Pupil Rights Amendment (PPRA), 20 U.S.C. § 1232h

 

Rhode Island Law:

●        Rhode Island Student Privacy Act, R.I. Gen. Laws § 16-71

●        Rhode Island Identity Theft Protection Act, R.I. Gen. Laws § 11-49.3

●        Rhode Island Access to Public Records Act (APRA), R.I. Gen. Laws § 38-2

●        R.I. Gen. Laws § 16-2 (General Powers and Duties of School Committees)

●        R.I. Gen. Laws § 16-39 (Education Records and Appeals)

Regulations & Guidance:

●        Rhode Island Department of Education (RIDE) Data Governance and Privacy Guidance

●        RIDE Student Data Privacy and Security Standards

●        U.S. Department of Education FERPA Guidance

 

 

1^st Reading - January 27, 2022

2^nd Reading and Approval – February 17, 2022

Review - April 16, 2026

3 Year Review Due - April 2029