Data Privacy at Hempfield

  • Hempfield takes its obligations and legal requirements to protect student data very seriously. Board Policy 830 outlines the guidelines used for data storage and management, access control, and third-party interactions. All software being used for the storage of personal or financial data is vetted and reviewed before being implemented. 

    Pennsylvania is one of the few states that does not currently have any laws governing student data privacy. Federal laws govern when certain information may be disclosed, shared, or accessed by third parties and vendors, but this does not always cover everything that an authorized vendor may do with the data once access has been granted. As of September 2023, Hempfield and IU13 have joined the Student Data Privacy Consortium, a national organization that has developed a legal framework for education providers to secure additional guarantees from third parties and vendors about how student data is used once they gain access to it. The data privacy agreements are legal documents signed by the vendor and the district that stipulate what data is being shared, what can be done with the data, how it is being stored and secured, and how it will be destroyed when no longer needed. These agreements help ensure that the district will be notified of a security breach should one occur, that student data will never be used for unauthorized purposes, and what information security standards have been put in place to safeguard the data.

    Securing these agreements with each vendor is a time-consuming process. Districts within IU13 are able to cosign each other's agreements to cut down on the time required. Work securing signed agreements started in December 2023 and is ongoing. More information about the Student Data Privacy Consortium and Hempfield's agreements can be accessed via the links on the right of this page

App Review Prorcess

  • District staff use a variety of applications, apps, and websites for instructional purposes.  Some are purchased by the Technology Department for the entire district to use, some are purchased by specific departments, and others are distributed or made available by vendors for free.  Free resources must still go through a review process in the same manner as a purchased piece of software.

    1. A teacher or staff member locates an app or website they wish to use with students.
    2. The staff member consults with one of the district's Instructional Technology Specialists to determine if the resource has already been vetted or if there is an alternative that has already been approved.
    3. If no alternatives exist, the staff member submits a request in the district's technology support system officially requesting the app or website be approved for use.
    4. Instructional Technology Specialists review the request for appropriate educational content, absence of advertising, and other basic criteria.
    5. Adminstrative staff review the resource's terms of service and privacy policy to determine if it is safe to use.
    6. If the resource clears all steps of the review process, the teacher is informed it is safe to use.
    7. Technology staff deploy the app to district iPads, ensure the website is accessible through district content filters, or allow authentication via Office 365 or Google.
    8. The resource is added to the list of district apps and software.


    Many websites permit authentication via Microsoft or Google which includes the district's domains in both of these systems.  The district has intentionally blocked website authentication against its Microsoft and Google domains to prevent staff and students from inadvertently sharing their information with unauthorized third parties.  Microsoft and Google authentication is only enabled for specific websites and services once they have been reviewed via the process described above.