Storing Data in a Safe Manner
TEG recognizes that sensitive data is often needed to provide effective evaluation services. We are intentional in our practices of ensuring confidentiality and privacy of all information that we are privileged to maintain.
Data security is our top priority. We have a comprehensive internal data security policy that follows best practices as defined by the Data Management Association. We use 2-step verification for all cloud data storage. Our passwords are changed at regular intervals, and all mobile devices are password protected. We use encrypted drives and Dropbox to transmit confidential data. Downloaded copies of student data are stored on a password-protected Dropbox, which provides 256-bit AES encryption and uses SSL/TLS secure tunnel for file transfers. Only members of TEG have access to the data.
We take multiple steps to ensure that confidentiality is maintained throughout the evaluation and have protocols in place to protect data that has been collected. Personally identifiable information is stored separately from program data, and five years after the program ends, all data are permanently destroyed. We use password protection and encryption when appropriate.TEG ensures that the data we collect is protected as required by the Federal Educational Rights and Privacy Act (FERPA) and Human Subjects Protection protocols. Data is only used for purposes outlined in the evaluation plan and for completing the Annual Performance Report.
Our data crisis-response plan ensures that we stay on top of potential threats by maintaining intelligence on the local weather to our electrical grid and monitoring potential threats to theft and hacking. We keep our operating system and database software updated by installing updates regularly to reduce vulnerabilities to viruses. We also house our servers in secure rooms in our corporate building to protect against vandalism and destruction due to natural causes such as floods or fires. In addition, we have constructed our network in ways that are not reliant on the survival of any single server for its function. We maintain our files on a physically secured server and a cloud-based server.