Skip to content
English
  • There are no suggestions because the search field is empty.

Privacy Shield overview

See how Privacy Shield masks and excludes student PII before syncing with vendor applications

Privacy Shield protects sensitive student and staff data when your district syncs roster information with vendor applications. Instead of sharing raw PII, SchoolDay masks or removes sensitive attributes before they ever reach the vendor.

Important: Privacy Shield is turned on by default for new vendor applications, but it only protects attributes that you mark as sensitive. If you have not marked any attributes, no masking is applied even when the toggle is on.

How it works

Privacy Shield sits between your SIS and the vendor application. Masking is applied at import time and enforced on every subsequent sync.

  

  1. District Admin sets sensitive data in SchoolDay.
  2. District Admin initiates a data sharing request with a Vendor application with an enabled Privacy Shield feature.
  3. Privacy Shield checks sensitive data and dynamically masks or excludes it from the sync.
  4. The application vendor validates the request and confirms that they have access to the required data.
  5. District Admin runs data import from data source/SIS. This masks imported sensitive data according to the masking rules.
  6. SchoolDay shares masked imported data with the application.
  7. SchoolDay continues to enforce these rules each time district data is accessed by the vendor application.

What happens to sensitive data

When you share roster data with a vendor app, Privacy Shield intercepts sensitive attributes and applies one of two protections:

  • Masking — replaces the original value with a placeholder (for example, Smith becomes S-ggl'abcdefg). The record is still shared, but the vendor cannot read the real value.
  • Exclusion — removes the attribute from sync entirely. The vendor does not receive it at all.

Which protection applies depends on a combination of your district's settings and the vendor's data requirements.

District marks attribute as sensitive

Vendor configuration

Result

Yes

Masking enabled

Shared but masked

Yes

Masking disabled

Excluded from sync

Yes

Marked as required

Shared as-is (cannot be excluded)

No

Any

Shared as-is

Note: If a vendor marks a field as required, it cannot be excluded from sync, regardless of your sensitive data settings. To verify which fields a vendor requires, check the application's requirements or contact SchoolDay Support.

Example: how Privacy Shield applies during first activation

The following example shows a district administrator activating a vendor application for the first time. Privacy Shield is enabled by default (toggle on). The Attributes section shows how settings are applied to each field.

privacy-pii-shield_request_attributes

Based on the configuration shown:

  • Last Name (1) — sensitive, masking enabled by vendor. Shared but masked.
  • First Name (2) — sensitive, required by vendor, masking enabled by vendor. Shared but masked.
  • Birth Date (3) — not sensitive, masking enabled by vendor. Shared as-is.
  • Middle Name (4) — sensitive, not required by vendor. Not shared.
  • Username (5) — sensitive, required by vendor. Shared as-is.
  • Email Address (6) — sensitive, required by vendor. Shared as-is.
  • Primary School (7) — not sensitive, not required by vendor. Shared as-is.

 

Privacy Shield levels

Each vendor application is automatically assigned a Privacy Shield level based on which attributes your district masks and what the vendor supports. See Privacy Shield levels for the full breakdown.

Who can see the original data

Only District Admins can view original (unmasked) values. Vendor applications always receive masked or excluded data. Once data leaves SchoolDay in masked form, it cannot be unmasked by the vendor or any external party.

Next steps

  • Mark sensitive data attributes
  • Apply Privacy Shield to a data sync
  • Privacy Shield levels