AI Governance Workshop

Policy Development Worksheet (Grades 9-12)

Name: _______________________________ Date: _______________

Stakeholder Role: ___________________________ Committee Members: _____________________

The Governance Challenge

Westbrook USD (15,000 students, 25 schools) is deploying “SecureNet AI” district-wide. As the Student Technology Governance Committee, you must develop policy recommendations for the Board of Education.

Constraints:

  • Must comply with FERPA and COPPA
  • Cannot exceed current IT staffing
  • Must be explainable to community
  • System goes live in 60 days

Stakeholder Position Statement

My assigned role: _________________________

My primary concerns:

Key questions I’ll raise:

Policy Area 1: Automated Response Authority

The Question

What actions should SecureNet AI take automatically vs. requiring human approval?

Individual Analysis

Threat Level My Recommended Automated Action My Recommended Human Approval Threshold
Critical (active attack)
High (probable threat)
Medium (suspicious activity)
Low (anomaly detected)

AI Consultation Notes

AI’s stated false positive rate:

AI’s acknowledged limitation:

Trade-off AI identified:

Committee Decision

Final recommendation:

Rationale addressing all stakeholders:

Policy Area 2: Behavioral Monitoring Scope

The Question

What student behaviors should SecureNet AI monitor, and how should alerts be handled?

Individual Analysis

Activity Type Monitor? (Y/N) Alert Threshold Alert Recipient My Reasoning
Web browsing (educational)
Web browsing (non-educational)
Search queries
Communications
Behavioral patterns

AI Consultation Notes

Examples AI gave of helpful monitoring:

False positive scenarios AI acknowledged:

Committee Decision

Monitoring scope recommendation:

False positive handling procedure:

Student notification policy:

Policy Area 3: Data Retention and Learning

The Question

How long should SecureNet AI retain data, and should it learn from student behavior patterns?

Individual Analysis

Data Type My Recommended Retention My Reasoning
Routine activity logs
Security alerts
Behavioral models
Incident investigation data

AI Consultation Notes

AI’s claimed accuracy improvement with learning:

Data requirements for learning:

AI’s perspective on student profiles:

Committee Decision

Data retention policy:

Machine learning policy:

Student data access rights:

  • Can students see what data exists about them? _______
  • Can students request data deletion? _______
  • How are students notified of monitoring? _______

Consensus Documentation

Areas of Agreement

Areas of Disagreement

Policy Area Positions in Tension Resolution Approach

Trade-offs Explicitly Accepted

Policy Brief Summary

For Board of Education presentation

Recommendation 1: Automated Response Authority

Recommendation 2: Behavioral Monitoring Scope

Recommendation 3: Data Retention and Learning

Implementation Considerations

Reflection

What was the hardest trade-off your committee faced?

How did SecureNet AI’s input influence your recommendations?

What NICE Framework Work Roles engage in this type of governance work?

How would you apply this experience to a future career in cybersecurity policy?

From “True Teamwork: Building Human-AI Partnerships” — NICE K12 2025 Dr. Ryan Straight, University of Arizona • ryanstraight@arizona.edu