Categories of Security

The board of education (board) must provide appropriate protection for records and information it has in its possession and control. There are three general categories of security to consider:

• Physical SecurityThe type of storage required will depend on the type of record. For example, paper records must be stored in a clean, dry place and must not be stored in areas where they might be subject to water damage, mould or infestation. Locks and alarms should be in place to prevent unauthorized access to records.
• Technical SecurityRecords stored electronically should be protected by the appropriate use of passwords, encryption, backups, etc.
• Administrative SecurityBoard policy and administrative procedures at the central office and school level should provide for standards of security required for the storage for records. There should also be a system in place for the physical and technical monitoring and auditing of storage and access processes.

The board must also develop an efficient and accurate method of being able to retrieve information when information requests are made.