Welcome to the REF forum!
Review of this document is recommended in an effort for Rebuilding Educational Foundations to practice the recommendations below in an effort that will best protect student privacy. Schools and districts should exercise diligence and assure this agreement meets established school and district policies for evaluating and approving online educational services and mobile applications. This will ensure that the service supports the school’s broader mission and goals, and that the Terms of Service (TOS) is legally appropriate and compatible with the school’s policies and procedures. This agreement exists to explicitly describe how Rebuilding Educational Foundations may use and share student data.
All Personally Identifiable Information (PII) and other non-public information. Data include, but are not limited to, student data, metadata, and user content.
De-identified data will be utilized for product development, research, or other purposes. De-identified data will have all direct and indirect personal identifiers removed. This includes, but is not limited to, name, ID numbers, demographic information, and location information. Furthermore, Rebuilding Educational Foundations agrees not to attempt to re-identify de-identified data and not to transfer de-identified data to any party.
Rebuilding Educational Foundations will not use any data to advertise or market to students or their parents. Advertising or marketing may be directed to the school/district only if student information is properly de-identified.
Rebuilding Educational Foundations will not change how data are collected, used, or shared under the terms of this agreement in any way without advance notice to and consent from the school/district.
Rebuilding Educational Foundations will only collect data necessary to fulfill its duties as outlined in this agreement.
Rebuilding Educational Foundations will use data only for the purpose of fulfilling its duties and providing services under this agreement, and for improving services under this agreement.
Rebuilding Educational Foundations is prohibited from mining data for any purposes other than those agreed to by the parties. Data mining or scanning of user content for the purpose of advertising or marketing to students or their parents is prohibited.
Data may not be shared with any additional parties without prior written consent of the user except as required by law.
Rebuilding Educational Foundations will ensure that all data in its possession and in the possession of any subcontractors, or agents to which the provider may have transferred data, are destroyed or transferred to the school/district when the data are no longer needed for their specified purpose, at the request of the school/district.
All parties agree that Rebuilding Educational Foundations has limited, nonexclusive license solely for the purpose of performing its obligations as outlined in this agreement. The agreement does not give Rebuilding Educational Foundations any rights, implied or otherwise, the right to sell or trade data.
Any data held by Rebuilding Educational Foundations will be made available to the school/district upon request by the school/district in order to satisfy FERPA’s parental access requirement.
Rebuilding Educational Foundations will store and process data in accordance with industry best practices. This includes appropriate administrative, physical, and technical safeguards to secure data from unauthorized access, disclosure, and use. Rebuilding Educational Foundations will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner. Rebuilding Educational Foundations will also have a written incident response plan, to include prompt notification of the school/district in the event of a security or privacy incident, as well as best practices for responding to a breach of PII. This incident response plan will be available upon request.
Rebuilding Educational Foundations contractors will assure student personal identifying
information (PII) is:
Rebuilding Educational Foundations will follow and comply with applicable IDEA Part B
and Part C confidentiality provisions that are specifically related to children with disabilities receiving services under IDEA and provide protections beyond the FERPA
requirements. This includes:
Family Policy Compliance Office, U.S. Department of Education: https://studentprivacy.ed.gov
FTC: Bureau of Consumer Protection Business Center, Complying with COPPA: Frequently Asked Questions: https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions
National Center for Education Statistics, Data Stewardship: Managing Personally Identifiable Information in Student Education Records (NCES 2011- 602): http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2011602
National Institute of Standards and Technology, Guidelines on Security and Privacy in Public Cloud Computing (2011): http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf
Privacy Technical Assistance Center, U.S. Department of Education: https://studentprivacy.ed.gov