PSBA 2022 January/February Bulletin PSBA 2022 January/February Bulletin - Page 51

it ’ s the law b . Have a policy for notification of any misuse or breach of information and available remedies .

it ’ s the law b . Have a policy for notification of any misuse or breach of information and available remedies .

c . Maintain a security process that follows widely accepted industry best practices .
d . Provide a designated place or contact where students and families can go to learn of their rights and have their questions about student data collection , use and security answered .
See https :// studentdataprinciples . org / the-principles
The aforementioned advice from the U . S . Department of Education , as well as the pledge commitments and the industry principles expressed above , not only reflect industry best practices related to these matters but also provide exemplars of appropriate contract provisions for a school district to incorporate into its third-party agreements .
Finally , in addition to including such recommended FERPA / PPRA / COPPA-related language in third-party agreements , it is also recommended that agents or individuals employed by the third party who will have responsibilities to the school district involving interacting with student information also sign individual agreements related to the FERPA / PPRA / COPPA-related terms . Those terms should mirror the terms found in the third-party agreement .
Conclusion
School districts must remain ever vigilant in maintaining and securing student information . School districts are tasked not only with maintaining and managing such information in accordance with the law , but also enforcing such provisions with their thirdparty contractors .
School districts must evaluate each third-party provider they engage to determine if protected student information is or will be implicated . Where it is implicated , school districts must ensure that the legal obligations discussed above are met . To that end , school districts must rigorously research and review all online educational products and services being used or being considered for use and evaluate such service agreements in light of the law and best practices . Finally , school entities should ensure that their third-party vendors and contractors are compliant with these requirements by direct control through contractual agreements outlining such obligations as conditions of the agreement .
Although the provisions discussed above outline the issues to address and reflect best practices in reviewing and creating contractual provisions , it is recommended that school districts consult with their solicitors and the resources available through PSBA as well as the resources and guidance offered by the federal and state authorities .
* See U . S . Department of Education ( ED ) Family Policy Compliance Office ( FPCO ) letter dated November 2 , 2017 , re Agora Cyber Charter School - Findings of Complaint : In finding a violation , the ED stated : “ The Department has long held that a parent or eligible student cannot be required to waive the rights and protections accorded under FERPA as a condition of acceptance into an educational institution or receipt of educational training or services .
*** The issue that remains , therefore , is whether by requiring the Parent to accept the specific terms and conditions set forth in the K12 Terms of Use Agora forced the Parent to waive her statutory rights and protections under FERPA . Based on our investigation , we determine that such requirement did , in fact , constitute a forced waiver of the Parent ’ s rights .” Id .
January / February 2022 PSBA Bulletin 49