Canyons School District Logo

We're Hiring!

resources

Family Connections

Getting Involved

Tools

Resources

Leadership

About

USBE District Report Card

View District Performance Levels* Due to new ELA assessments, the release of the 2024-2025 report card from USBE will be significantly delayed  

Getting Involved

300 - General Policy

Table of Contents

Policy 300.13 – Data Privacy and Governance

POLICY NUMBER:
300.13

ADOPTED:
5.19.2026

Board Policy

  1. The Board of Education recognizes data governance is an indispensable component of an organization to assess, manage, monitor, maintain, and protect an organization’s information.
  2. The Board of Education is committed to data privacy and governance methods, required notices and processes in accordance with state and federal law to protect personally identifiable information and maximize educational opportunities for students.  All employees are responsible to protect student data.   
  3. The Board authorizes the Superintendent and District Administration to develop administrative regulations consistent with this policy, subject to review and approval by the Board.

ADMINISTRATIVE REGULATION:
300.13-1

APPROVED:
5.19.2026

Definitions - 300.13-1

  1. “Data Governance Plan”:  means an education entity’s comprehensive organizational approach to data and information management that is formalized in a set of policies and procedures to encompass the full life cycle of data; from acquisition, to use, to disposal.   A Data Governance Plan includes, but is not limited to:  protection measures for data, training components for employees and staff, and describes processes for sharing data between the District and outside entities.

ADMINISTRATIVE REGULATION:
300.13-2

APPROVED:
5.19.2026

Student Data Manager; Chief Administrative Officer (CAO) for Privacy; Private Training, Notices, and Program Reports - 300.13-2

  1. Student Data Manager:  The Director of Information Technology will be designated as the Student Data Manager in accordance with §53E-9-308.
  2. Chief Administrative Officer (CAO):  The District’s Business Administrator will serve as the Chief Administrative Officer (CAO) for Privacy in accordance with Utah Code.  The Chief Administrative Officer (CAO) for Privacy may delegate responsibilities for compliance with Division of Archives and Records and Management of Records, GRAMA, and Part 4 of the Government Data and Privacy Act to other records officers or personnel within the District as needed.
  3. Under the direction of the Chief Administrative Officer (CAO) or designee(s), the District will take steps to initiate a privacy program.
    1. The District will provide required data privacy training (s), complete privacy program report (s), issue required website and privacy notices, and retain and dispose of personal data with retention schedules, as outlined by the Government and Data Privacy Act.

ADMINISTRATIVE REGULATION:
300.13-3

APPROVED:
5.19.2026

Notification of Data Breach - 300.13-3

  1. Concerns about security breaches must be reported to the Director of Information Technology who will collaborate with appropriate members of the IT Response Team to determine appropriate action steps to whether a security breach has occurred.
    1. In the event of a security or data breach, the Director of Information Technology will involve the Business Administrator or Superintendent as outlined in the District’s Data Governance Plan.  
    2. Data Breach of 500 or more individuals:  In the event the data breach affects 500 or more individuals, the District will notify the Cyber Center and Office of the Attorney General as outlined in Utah Code 63A-19-405.
      1. The notification shall be made no later than five (5) days from the discovery of the data breach and include the following information:
        1. the date and time the data breach occurred;
        2. the date the data breach was discovered;
        3. a short description of the data breach that occurred;
        4. the means by which access was gained to the system, computer, or network;
        5. the person who perpetrated the data breach;
        6. steps the governmental entity is or has taken to mitigate the impact of the data breach; and
        7. any other details requested by the Cyber Center.
          1. If not all information is available within five (5) days of discovering the breach, the District will provide available information and supplement the information as soon as it becomes available.    
      2. The District will also provide to the Cyber Center and attorney general the total number of individuals affected by the data breach, including the total number of Utah residents affected, and type of personal data involved in the breach.
    3. Data Breach fewer than 500 Individuals: If the data breach affects fewer than 500 individuals, the District will create an internal incident report containing the information in 1.2.1. 
    4. The District will provide to the Cyber Center an internal incident report described in 1.3 upon request; and an annual report logging of all of the District’s data breach incidents affecting fewer than 500 individuals.  
  2. Notice to Individuals of Data Breach:
    1. The District will provide a data breach notice to an individual or legal guardian of an individual/student affected by the data breach:
      1. after determining the scope of the data breach;  
      2. after restoring the reasonable integrity of the affected system, if necessary; and 
      3. without reasonable delay, except as provided below.
        1. The District shall delay notification at the request of a law enforcement agency that determines that notification may impede a criminal investigation, until such time as the law enforcement agency informs the District that notice will no longer impede the criminal investigation.  
    2. The data breach notice to an affected individual will include:
      1. description of the data breach; 
      2. the individual’s personal data that was accessed or may have been accessed;  
      3. steps the District will take to mitigate the impact of breach; 
      4. recommendations to the individual on how to protect themselves from identity theft or other financial losses; and
      5. any other language required by the Cyber Center.  
    3. The District is not required to provide a data breach notice to an affected individual if the personal data would be classified as a public record; and the District posts notice of the data breach on the District’s website.  
    4. Notice may be provided by email, mail, or by text message.  

ADMINISTRATIVE REGULATION:
300.13-4

APPROVED:
5.19.2026

Data Governance Plan - 300.13-4

  1. The District’s Data Governance Plan will be available on the Information Technology’s section of the District’s website.
  2. The District’s Data Governance Plan will be reviewed annually.

Exhibits

References

Forms

None

This online presentation is an electronic representation of the Canyons School District’s currently adopted policy manual. It does not reflect updating activities in progress. The official, authoritative manual is available for inspection in the office of the Superintendent located at 9361 South 300 East Sandy, UT 84070.

Americans with Disabilities Act (ADA) Statement

Canyons School District is committed to making this website compliant with the ADA. At this time, we recognize that not all areas of this website may be ADA compliant. We are currently in the process of redesigning and creating new website content to be compliant with the W3C Level Two guidelines. If you are experiencing issues with this website, please contact us here communications@canyonsdistrict.org

Lucie Chamberlain

Alta View Elementary

If a movie about super teachers were ever made, Lucie Chamberlain would be a prime candidate for a leading role. Fortunately for her kindergarten students at Alta View Elementary, she already thrives in a supporting role for them. Parents thank her for being a “super teacher.” She is also described as an “amazing colleague.” Whether students need help in the classroom or from home while sick, Lucie goes above and beyond to help them learn, overcome fears, and feel important and cared for. Lucie is the reason a number of kids went from hating school to loving it, according to parents. The way she exudes patience, sweetness, positive energy, and love for her students with special needs melts is appreciated and admired. One parent noted: “Both my kids wish she could be their teacher forever.” Another added:  “She treats every student like their learning and their feelings are her priority.” Super teacher, indeed!

Specialty Schools

CTEC
Canyons Online
Jordan Valley

Entrada
South Park Academy
Student Services

High Schools

Alta High
Brighton High
Corner Canyon High

Diamond Ridge High
Hillcrest High
Jordan High

Elementary Schools

Altara
Alta View 
Bell View 
Bella Vista 
Brookwood 
Butler 
Canyon View 
Copperview 
Crescent 
Draper
East Midvale 
East Sandy 
Edgemont 
Glacier Hills
Granite

Lone Peak
Midvale
Oak Hollow
Midvalley
Oakdale
Park Lane
Peruvian Park
Quail Hollow
Ridgecrest
Sandy
Silver Mesa
Sprucewood
Sunrise
Willow Canyon
Willow Springs

Middle Schools

Albion 
Butler 
Eastmont 
Midvale 

Indian Hills 
Draper Park
Mount Jordan
Union