Littera understands the importance of security and privacy, especially regarding PII (Personally Identifiable Information). The most likely data breach will result from employee error, not a hacker attack (though we take that threat seriously too). Given this and the new features of Insights 3.0, here's a refresher on PII and its handling.

PII stands for Personally Identifiable Information. Examples in K-12 settings include:

• Direct identifiers: Full name, student ID number
• Indirect identifiers: Date of birth, address, phone number
• Academic records: Grades, test scores, transcripts, course selections
• Disciplinary information: Detentions, suspensions
• Family information: Parent/guardian contact details

Anything that can identify or give details about a student is considered PII. We should never be storing this type of information locally on our computers. We should also never email this information to anyone, even our clients. Email is not secure and all information sent in an email is easily readable by any bad actor wanting to intercept it.

Also, specifically for insights: Littera staff should not create any Insights Email reports for customers, this needs to be done by the customer for security and privacy reasons. We should also not be creating any internal export (file attachments) reports for any reason. If we have a need to do these please bring this up to your manager so that we can understand the need and figure out a better way to fulfill it.

We take Privacy and Security very seriously at Littera and any breach of this policy can result in termination. It's our job to keep our students' data safe, and it will take all of us working together to do so. If you have any questions or concerns please feel free to reach out to your manager, the CTO (Brent Beck), or CEO (Justin Serrano).