The Lockport City School District is exploring some additions to its recently passed security policy that will deal with the Aegis facial recognition software installed on security cameras.
The school board passed the new policy in December.
LCSD spent $1.4 million — of its allocated $4.2 million SmartSchools Bond Act funds — on Aegis, a facial recognition software that will scan faces to see if any of them match a database of people, as well as it detects shapes.
Assistant Superintendent for Personnel Lisa Schrader said the additions to the policy titled "Operation and Use of Security Systems/Privacy Protections" were proposed to make sure the policy is as clear as possible.
One addition clarifies the assistant superintendent of personnel, director of technology and director of facilities have password-protected access to any database system. The addition says they are identified as having the highest security privileges and that all district officers and staff who are provided access to security hardware systems and databases will receive training.
Another addition says that if a security alert is generated as a misidentification of a student, no record of the alert will be maintained as part of the student's record. Although it will be maintained for purposes of continuing audit and review of the security system operation.
In the maintenance of databases section, the policy adds that the Board of Education will be notified in a weekly update when a suspended student or staff member is added to the database. The database list includes a portion saying that "anyone believed to pose a risk" to the district based on "credible information," and an addition defines credible information in more detail.
In the same section, an addition says if someone believes they have been improperly added to the database for Aegis they can write to the superintendent to review it.
Another addition says that after verifying an image in an alert, the alert is then sent to law enforcement.
The policy is broken down into six main areas: hardware and software, access to hardware systems, access to security system databases, security alerts and responses, maintenance of databases and privacy.
The policy says the system will be protected by a fob system that limits access and tracks entry and those with access will include the director of technology, the technology coordinator and the director of facilities and individuals.
A second level of security will limit access to the hardware rack. The access to security system databases says that the assistant superintendent for personnel, director of technology, director of facilities and staff members designated for that purpose by the superintendent will be the only ones who have access.
The security alerts and responses portion says that security alerts generated by Aegis will be verified by control room security officers before they are issued to identified staff, and then sent to certain staff members including the superintendent, assistant superintendent for personnel, director of technology, technology supervisor, director of facilities, district safety officer building administrators for alerts at building of responsibility and school monitors.
Those expected to be on the unwanted list may include: students who have been suspended, staff suspended or on administrative leave, level 2 or 3 sex offenders, any person that has been notified that they may not be on district property, anyone prohibited from entry to district property by court order or anyone believed to pose a threat.
Parents will be notified when their child's photo is placed in the system during periods of suspension and any other circumstances, and the photo will be removed once the suspension has ended or the circumstance has been considered resolved. Security databases will be audited from time to time to ensure all the images maintained fall within the categories set in the policy.
The policy's section for privacy says that the cameras only capture images and images collected are stored for no longer than 60 days, unless the information is part of an investigation or retained in conjunction with a log of security alerts.
If the information is retained longer than 60 days, it must be directed by a districtwide or building-level administrator and reported to the superintendent.
It also says that information may be used for disciplinary reasons and can be shared with law enforcement or other governmental authorities in response to an immediate threat.