Product: Roster Server
Audience: ClassLink Administrator
This article will help tenants use the Privacy Officer (PO) features.
These features help school organizations follow their state's laws and regulations regarding control of the data that vendors may access. School organizations have the ability to create workflows to approve or reject the sharing of user data with vendors. The Roster Server records the steps of workflow execution in its audit log.
Overview
- Privacy Officer Settings
- Creating Workflows
- Approving App Workflows
- Checking the Status of a Workflow
- Filter Fields Workflow
Privacy Officer Settings
1. First, set up and choose the privacy officers. Go to Settings -> General.
2. From there, navigate to the Privacy Officers tab.
3. You will need to first enable the feature by clicking on the toggle at the top right corner of this page.
Note: After enabling this feature you will need to add a workflow to any app you want to enable. You would also need to add workflows to filter fields to be able to change them. This feature can only be turned off by ClassLink support.
4. After clicking the toggle, you will see a confirmation pop-up window with a warning. After reading it you can proceed to enable it by clicking the Enable button on the right bottom side of the pop-up or cancel.
Note: Please read the warning carefully before enabling.
5. After enabling the Privacy Officers, you can add new Privacy Officers by clicking on the Add Privacy Officers button from the top right corner.
6. After finding the user you will be assigning as a Privacy Officer, simply click the blue "+" to add them to the list. This user can now be used in any workflow for Privacy Officers.
Creating Workflows
App Workflows are triggered when an app is enabled, which prevents users from making changes to the data being rostered to each vendor without the PO's approval. Filter Field Workflows are triggered whenever a filter field is changed for an app which will also prevent users from making changes to the data being rostered to the vendors. Using both workflows together will guarantee that any change to the data will have to be approved or denied by a PO first.
After adding a Privacy Officer by following the steps above, you can create workflows for app approvals and filter fields using the steps below.
1. To start, head to the Apps tab.
2. Click on the three dots menu corresponding to the app you want to add a workflow for and then choose Privacy Officer.
3. To add or edit a workflow you must first unlock the setting by clicking the toggle from the top right corner.
4. Here you can enable any combination of the three choices in the workflow. Each one of the choices is configured and used differently. Setting these up is discussed in detail in the following sections.
5. If you have already set up a workflow for a different app, you can also choose to copy that same workflow by clicking the blue Copy Workflow From a Different App button.
6. If copying from a different app, click on the check mark under Enabled and/or Filter Fields depending on which workflow(s) you are copying for the app and click Copy. Finally click the Save button at the bottom right corner.
Approval Emails
The first configurable choice in the workflow is the Approval Emails, which are sent to Privacy Officers to approve or reject requests to share data.
1. Click on the Send Approval Email row.
2. Here you can add a custom message (if desired) and then choose the Privacy Officer who will receive the email.
3. It is also possible to add multiple Privacy Officers. Clicking the first "+" icon will add a new Privacy Officer with an OR option, meaning that if either added Privacy Officers approves the email, it will be sufficient for approval. Clicking the second "+" icon located directly above the first Privacy Officer will add a new Privacy Officer with an AND option, meaning that both Privacy Officers must approve the emails for the workflow to be approved.
4. Once finished you can either save by clicking the Save button at the bottom right corner, or continue to add more to the workflow by clicking on Send approval Email with Vendor Signed Document, or Use Custom Checklist.
Signed Approval Emails
The next choice in the workflow is vendor signed approval emails.
1. To set these up, click on the Send Approval Email With Vendor Signed Document, and fill out the form with a Custom Message, Signed Document (URL), and Privacy Officer Email.
Note: Adding multiple Privacy Officer emails will work the same way as explained in previous section for AND and OR logic.
2. After doing so, optionally add a Custom Checklist to your workflow or simply save by clicking the Save button at the bottom right corner.
Custom Checklist
1. After clicking on the Use Custom Checklist row, a new section will appear where you can add as many items as necessary.
2. In the below image, this set up means that Item One AND Item Two will both have to be checked off for the workflow to be approved, OR Item Three.
Note: You can add an AND or an OR, to the checklist by clicking the related "+" icon as shown in the screenshot above.
3. When finished click the Save button at the bottom right corner of the page.
4. After saving the workflow, it will be locked again and users will need to wait for the workflow to be approved after clicking to enable that application.
App Workflow Controls
1. After Creating an App Workflow, you will have the option to Start Workflow, Edit Workflow, or to Revoke App Approval (If workflow was already approved). 
Start Workflow - will start the workflow and put the workflow in Pending state, until it is Approved, or Rejected by the Privacy Officer.
Revoke App Approval - will change the App Status to Not Approved, and will also disable the app functionality.
2. If a workflow is started and is pending, you will also see the option to Cancel Workflow as well as a box indicating what part of the workflow is still pending.
Cancelling the workflow will put the workflow back in its previous state (Step 1).
Approving App Workflows
After adding a workflow to an application, you will see a warning triangle which tells them that the app is pending approval. Hovering over the triangle will reveal more detailed information.
1. Depending on the workflow that has been set up, Privacy Officers will receive emails that will be similar to the following, where they can easily Approve or Deny the workflow by clicking on the relevant button.
Regular App Approvals
Vendor Signed Approval Emails
Here the Privacy Officer will be able to see the Custom Message and the Signed Document which is a clickable link. They can then choose to Approve or Deny the workflow by clicking on one of the buttons.
2. Finally, if there was a checklist added to the workflow, then the user must open the Privacy Officer workflow.
3. Then, click on the checkbox which has been completed.
Direct Approval through Roster Server
Another way of approving or rejecting the workflow sections is possible if the Privacy Officer is a Tenant Admin, by following these steps:
1. Log into the Roster Server account.
2. Open the workflow for the app.
3. Finally, click on the check mark to approve or the red "X" to deny to the right of the email address.
Checking the Status of a Workflow
To confirm if the workflow has been Approved or Rejected, follow the below steps:
1. Head to your app's workflow.
2. On this slide over, the status of the entire workflow is provided. Additionally the status of each approval email is provided by hovering over the Green (approved)/Red (rejected) icon to the right of each email address.
3. Finally, if no response is received within 24 hours, the workflow emails will become expired. If you wish to resend the emails, you can do so by clicking the mail icon.
Filter Fields Workflows
The same steps and features as in the previous sections apply for filter fields.
1. From the apps page, click on the three dots icon and select Privacy Officer.
2. Click on the Filter Fields Changed tab.
3. Now you can follow the same steps from the Creating Workflows section to finish your set up.
Updated: Feb 2021