Security Statement

High5.ID Security Statement

Last updated: 2020 10 13. Effective Date: 2020 10 13

1.    Definitions

  • ACCOUNT

o   Credentials and associated licenses enabling an ORGANIZATION to operate HIGH5

  • CONTRACT

o   A formal agreement between HIGH5.ID COMPANY and the ORGANIZATION

  • CONTRACT COMPLETION

o   The moment when a contract between HIGH5.ID COMPANY and an ORGANIZATION terminates

  • DEVICE

o   A computing device, including mobile phone and desktop systems.

  • DIY CAPTURE PAGE

o   A web page enabling an INDIVIDUAL to “Do It Yourself” capture a photograph and other information, for example to create an ID card or a yearbook mug shot

  • HIGH5.ID COMPANY

o   The publisher of HIGH5.ID

  • HIGH5 SERVER

o   The physical location of the code and database accessed by HIGH5

  • INDIVIDUAL

o   A person whose information is stored by HIGH5

  • INDIVIDUAL DATA

o   Information uniquely associated with a specific INDIVIDUAL

  • INDIVIDUAL-GENERATED CONTENT

o   Data created by INDIVIDUALS other than INDIVIDUAL RESPONSES

  • KIOSK

o   A physical HIGH5 installation at a POE

  • LICENSE

o   A token enabling use of a set of HIGH5 features. Licenses typically expire or count down to zero uses remaining.

  • LEA ORGANIZATION

o   A Local Educational Agency – a School or District – making use of HIGH5 as a client, as the case may be

  • ORGANIZATION

o   The client making use of HIGH5

  • ORGANIZATION REPORTS

o   Data exports of various types including Tardy and Visitor Logs, triggered by ORGANIZATION staff

  • POE

o   A physical Point Of Entry at an ORGANIZATION

  • PARENT

o   An INDIVIDUAL with custody over a STUDENT at an LEA ORGANIZATION, including legal guardians

  • PERSONAL LANDING PAGE

o   A web page personalized for a specific INDIVIDUAL, exposed by an ORGANIZATION.

  • RECORD

o   Data associated with a specific INDIVIDUAL by HIGH5

  • RESPONSES

o   Content created by INDIVIDUALS, including textual responses, photographs taken by HIGH5 or submitted to HIGH5 by INDIVIDUALS

  • SOLUTIONS / HIGH5

o   The High5.ID system, encompassing the online databases and code comprising the totality of experiences for end users and administrators

  • STUDENT

o   An INDIVIDUAL receiving instruction at an LEA ORGANIZATION, who may be a minor

  • STAKEHOLDERS

o   The totality of INDIVIDUALS, ORGANIZATION staff, PARENTS, and RESELLERS

  • TEAMMATE / RESELLER

o   A regional representative of High5.ID working directly with an ORGANIZATION

2. Statements

High5.ID hereby states:

  1. RECORDS will be used in the following manner:
    1. Identifying INDIVIDUALS at POE and other ORGANIZATION moments.
    2. Offering INDIVIDUAL-specific functionality on INDIVIDUAL devices.
    3. Generating ORGANIZATION REPORTS.
  1. RECORDS continue to be the property of and under the control of the ORGANIZATION.
  2. No INDIVIDUAL-GENERATED CONTENT is stored by HIGH5
  3. RECORDS shall not be retained or available to High5.ID upon completion of agreements with ORGANIZATION.
  4. Personally identifiable information in RECORDS will not be used in targeted advertising unless specifically authorized by the ORGANIZATION.
  5. HIGH5 will not condition a child’s participation in a game, the offering of a prize, or another activity on the child disclosing more personal information than is reasonably necessary to use the system.
  6. High5.ID Company does not intentionally gather any information which indicates the citizenship status of INDIVIDUALS. If in the normal course of operations High5.ID Company becomes aware of such status, it will not unilaterally report this information to any third party. High5.ID Company will fully comply with any lawful demand for information made of it by an appropriate authority.

 

3. Notifications

  1. In-application notifications

In compliance with COPPA and other regulations, the following notifications will be visible:

  1. on the HIGH5 KIOSK:

Link from the welcome page: privacy information

Linked content:

The HIGH5 system makes use of information provided by this school to identify students. This information was provided by the school under the terms of a contract which imposes strict confidentiality requirements.

 

HIGH5 additionally tracks entry and exit events, notes and conditions entered by school administration, and comments entered by the student themselves in response to questions.

 

This information is presented to the receptionist to aid in decisions to allow entry or exit to students, and to generate reports detailing visits logs.

 

Adults wishing to review or modify the information collected by this system should present themselves to the receptionist at this school, who may at their discretion comply with your request.

  1. on the HIGH5 DIY CAPTURE PAGE:

Before proceeding to capture photographs or providing contact details, the following message is shown:

You must be 13 years or older to proceed.

 

By submitting a photo, you grant your school the right to reproduce it in ID cards, the yearbook, and other customary school purposes. Please review your photo carefully. Your school, yearbook company, High5.ID and its teammates assume no responsibility for the content of submitted photos.

 

In order to proceed, the user must click “I am 13 or older”.

 

 

  1. Parent notifications

In compliance with COPPA and other regulations, the following notifications will be suggested to the ORGANIZATION for broadcast to parents:

Our school has adopted the High5.ID ID management system.

 

This system was installed to enhance safety for our students and staff: it tracks entries and exits from the school and ensures that our administration know who is in the school and can communicate efficiently with community officials in the event of emergency.

 

The system tracks the same basics as our school information system – your student’s name, a photograph, which class they belong to. It tracks when students have been early or late, with the reasons given. It also keeps a record of all adults (volunteers, replacement teachers, visiting parents) who enter the school.

 

The information collected by the system will not be shared with any third party with the exception of law enforcement, should the need arise.

 

Use of this system is mandatory for all students and visitors to the school. You are welcome to ask reception for permission to see the records for your student.

COPPA §312.4.c requires explicit parental approval for disclosure of a child’s personal information, the ability to opt out of collection, and rules for automatically deleting students whose parents have not provided permission within reasonable delay.

High5.ID suggests that the needs of a security system differ from normal student-oriented websites. It would be impractical and undesirable to have some students recorded in the database and others not. Requiring all students to be listed in the system supports the school’s goal of security.

 

4. RECORD contents

  1. HIGH5 Required Information for all INDIVIDUALS

○        Last Name

○        First Name

○        Role (student, staff, visitor…)

  1. HIGH5 Preferred Information for INDIVIDUALS

○        Photograph

○        Student ID Number (corresponding with Student’s permanent record)

○        Grade

○        Teacher

○        ASB membership

○        SMS-enabled mobile number

○        Email Address

○        Digital ID status

○        In-person Admissibility

  1. HIGH5 Optional Information

○        Status at organization

○        Date of birth

○        Guardian email address

○        Guardian SMS-enabled mobile number

○        Title

○        Company Name

○        Group

○        Section

○        Department

○        Personal Government ID Number (typically a drivers license)

○        RFID Code

○        PURL for individual in RESELLER website

○        Locker Number & combination

  1. HIGH5 History Baseline

○        Flags

○        Notes (custody, behavior, etc)

  • HIGH5 History Optional information (based on use of additional solutions)

○        Entrance and Exit history

○        Reasons supplied for ingress or egress

○        Results of Sex Offender Database lookups

○        Attendance at courses

○        Presence at school-related events

○        Bus usage history

5. Information & Data Security

  1. RECORDS are protected physically:
  • No information is stored on-site at the ORGANIZATION except transient browser caches; all information resides on the HIGH5 SERVER. There is no database present on ORGANIZATION hardware.
  • Physical locations for the HIGH5 SERVER are:

○        For our domain (hosting and serving of pages) and for maintenance scripts: We use GreenGeeks in California, USA. Physical security measures are in place to prevent unauthorized entry to the site.

○        For our database: we use Google Firebase Realtime Database, a cloud-based system which stores data in central U.S. locations.

  1. RECORDS are protected Electronically:
  • All communications between the HIGH5 KIOSK and the HIGH5 SERVER are encrypted end-to-end via SSL.
  • Hosting and database structures run on a secure host that restricts external access via High5word. Access tokens for the database are encrypted and persisted locally as cookies, a common and trusted approach to security.
  • In addition to the userID/password, we use Firebase’s support for pre-shared public/private keys to access any infrastructure. Even if someone gets the user ID / High5word pair, they will be unable to access our database from a custom application because the public key is bound to our specific application.
  1. Application design:
  • HIGH5 uses Firebase, a BaaS (backend-as-a-service) headless server providing secure and encrypted access to connected clients based on

○        a set of rules (e.g. Organization A has access to its own students/staff but does not have access to individuals from Organization B)

○        access tokens (e.g. encrypted local copies of the credentials saved as cookies).These tokens are recycled according to browser configuration. Clearing caches will also invalidate the cookies.

  • Firebase is offered by Google, which provides world class security to ensure that unauthorized access is prevented. Details can be found here:

○        https://firebase.google.com/docs/database/security/

  • The Firebase database supports automatic demand-based server scaling (both physical resources such as RAM and CPU power, and data such as the number of individuals tracked by the database); this enables HIGH5 to dynamically handle as many users as required.
  • A maintenance server using Apache and PHP runs clean up and maintenance scripts at regular intervals; these are hosted and run on our  servers. Example scripts include: closing visits for individuals that checked in but did not check out; flagging individuals who were late multiple times; and analytics to create daily reports to be sent to ORGANIZATION staff.
  • We make use of Firebase’s alert systems to monitor system logs and ensure system uptime and performance.
  • The database is backed up daily to ensure that logs and records are not lost in the event of catastrophic failure or application error.
  • The front end is written in HTML and Javascript.
  • Images are served to the client browser using obscured URLs to enhance image security. These URLs cannot be predicted or reverse engineered in order to gain access to other images.
  • As with all database access, intruders cannot access images via the database without a secret key which is held by High5.ID alone in a secure location.

6. Instructions and Procedures

  1. Actions taken to ensure the security and confidentiality of RECORDS
    1. HIGH5.ID COMPANY staff are designated able to view and modify all RECORDS as required in the accomplishment of their assigned tasks.
    2. RESELLER staff are designated able to view and modify RECORDS for the ORGANIZATIONS as required in the accomplishment of their assigned task for ORGANIZATIONS that they directly service.
    3.  HIGH5.ID COMPANY staff are trained to avoid
      1. Sharing credentials by any means other than password-protected online documentation
      2. Releasing private information on ORGANIZATION visitors, staff, students or policies to anyone not associated with the administration of the ORGANIZATION
  1. Procedures for notifying STAKEHOLDERS in the event of an unauthorized disclosure of RECORDS
    1. HIGH5.ID COMPANY maintains contact information for administrators at all ORGANIZATIONs and RESELLERS.
    2. HIGH5.ID COMPANY will notify these same by email in the event that unauthorized disclosure takes place. The email will include phone and email information to enable STAKEHOLDERS to contact HIGH5.ID COMPANY staff directly with their concerns.
  1. Removal of RECORDS
    1. At CONTRACT COMPLETION, unless otherwise instructed by one or more of the STAKEHOLDERS, HIGH5.ID COMPANY staff will remove RECORDS from
      1. ‘live’ database, within 72 hours
      2. backups of the database, within 60 days
  1. Demonstration that RECORDS have not been retained after contract completion
    1. At CONTRACT COMPLETION, staff from ORGANIZATION have the right to watch via screensharing technology as HIGH5.ID COMPANY staff clear RECORDS. ORGANIZATION staff will have the opportunity to test that their live database is empty prior to the termination of the ACCOUNT for the ORGANIZATION.
  1. Viewing of RECORDS (“right of access”)
    1. Regarding the viewing of RECORDS at a given ORGANIZATION:
      1. The following may view all INDIVIDUALS:
        1. ORGANIZATION staff
        2. RESELLER staff
        3. HIGH5.ID COMPANY staff
      2. The following may, at the ORGANIZATION’S discretion, view their own records:
        1. PARENTS and INDIVIDUALS
  1. Correction of RECORDS (“right of rectification”)
    1. Regarding the modification of RECORDS at a given ORGANIZATION:
      1. The following may modify all INDIVIDUALS:
        1. ORGANIZATION staff
        2. RESELLER staff
        3. HIGH5.ID COMPANY staff
      2. The following may, at the ORGANIZATION’S discretion, modify aspects of their own records:
        1. PARENTS and INDIVIDUALS
  1. Removal of RECORDS (“right to be forgotten”)
    1. Regarding the erasure of RECORDS at a given ORGANIZATION:
      1. The following may erase all INDIVIDUALS:
        1. ORGANIZATION staff
        2. RESELLER staff
        3. HIGH5.ID COMPANY staff
      2. The following have no means to remove RECORDS:
        1. PARENTS and INDIVIDUALS
  1. Business Events
    1. In the event of the sales of all or a portion of the assets of High5.ID, RECORDS may be transferred to the successor entity.
    2. In the event of bankruptcy of High5.ID, RECORDS will not be considered as an asset that can be acquired by a third party.

=========== ENDS ===========