iSchool Initiative - Privacy and appropriate use of user data statement
The Family Educational Rights and Privacy Act (FERPA) was enacted in 1974 and generally prohibits schools from disclosing personally identifiable information in students’ education records without consent.
iSchool Initiative, in its role as a vendor to educational agencies and institutions (EAs), receives disclosures from the EAs of personally identifiable information (PII) contained in student and teacher records. Only information that is needed for iSchool Initiative to perform services contracted to it by the EA is disclosed to iSchool Initiative.
These disclosures are authorized under the Family Educational Rights and Privacy Act (FERPA), a federal statute that regulates the privacy of user records by EAs that receive financial assistance from the U.S. Department of Education.
iSchool Initiative, as a contractor to the EA, receives the disclosures on the same basis as school officials employed by the EA, consistent with FERPA regulations, 34 CFR §99.31(a)(1)(i)(B). Consistent with those regulations, iSchool Initiative has a legitimate educational interest in the information to which it is given access because the information is needed to perform the outsourced service, and iSchool Initiative is under the direct control of the EA in using and maintaining the disclosed education records, consistent with the terms of its contract.
User data is collected for the registration of approved students or teachers within an iSchool Initiative purchased solution, i.e. Students Leading Education Program (SLED).
The user information collected may include the following:
parent’s email address
When working with students: In addition to this data, we collect students’ perception of solution competencies within the following online surveys:
student application survey - responses are collected and rated against program rubric to determine acceptance within program
program pre-assessment - responses are rated to see initial perception of the core competencies of the program: self-efficacy, growth mindset, and technical literacy - occurs prior to Day 1 of SLED Program
program post-assessment - responses are collected at the end of the SLED Program - Day 3
school - year-end assessment (responses are collected at the end of the implementation year of the SLED Program
User information is collected and stored in our system on average of four years (max is 10 years to follow student from G3-12)
Survey responses are stored in our system for four years. - This data is anonymized and used to show collective trends/perceptions of users within a geographic/demographic area.
SLED Program’s sustainability model includes a year-long club model or chapters were school-based advisors submit incremental accomplishments through the life of the club at the established school. No student-specific information is a reference within submissions. Students may access the club page to reference coursework to support the portfolio or body of work as a student. (See redisclosure statement below)
iSchool Initiative is subject to the same conditions on use and redisclosure of education records that govern all school officials, as provided in 34 CFR §99.33. In particular, iSchool Initiative ensures that only individuals that it employs or that are employed by its contractor, with legitimate educational interests – consistent with the purposes for which iSchool Initiative obtained the information -- obtain access to PII from education records it maintains on behalf of the district or institution. Further, in accordance with 34 CFR §99.33(a) and (b), iSchool Initiative does not redisclose PII without consent of a parent or an eligible student (meaning a student who is 18 years old or above or is enrolled in postsecondary education) unless the agency or institution has authorized the redisclosure under a FERPA exception and the agency or institution records the subsequent disclosure. An example of such a disclosure is when iSchool Initiative is requested by a school district to assist the district in the transfer of the user records from iSchool Initiative’s system to another system.
iSchool Initiative does not sell or otherwise use or redisclose education records for targeted advertising or marketing purposes. iSchool Initiative does not allow third-party advertising within its products, and therefore there is no behavioral or targeted advertising. iSchool Initiative uses data within its products only to deliver the services contracted by the educational institution. iSchool Initiative may use anonymized, non-PII data internally to improve the products and services it delivers to EAs.
iSchool Initiative employs extensive technological and operational measures to ensure data security and privacy, including advanced security systems technology, physical access controls, and annual privacy training for employees and partners, and criminal background checks of all employees.
All employees of iSchool Initiative are required to sign an Acknowledgement and Agreement of Policies that commits the employees to comply with iSchool Initiative data privacy and security policies and receive required annual security and privacy training, including commitments and training regarding the prohibition on disclosure of user data.
iSchool Initiative cannot delete, change, or disclose any information from our software applications controlled by the EA.
Users who wish to retain possession and control of their own pupil-generated content should contact the EA. If the EA is unable to fulfil the request of the user, iSchool Initiative can assist at the direction and expense of the EA.
If the EA is unable to fulfill a request of an eligible student or parent/guardian to review the student’s records, iSchool Initiative can assist at the direction and expense of the EA. In such an event where a parent, legal guardian, or eligible student seeks to make changes to the data within our products parents, legal guardians, or eligible students shall follow the procedures established by the EA in accordance with FERPA. Generally these procedures establish the right to request an amendment of the student’s education records that the parent or eligible student believes is inaccurate, misleading, or otherwise in violation of the student’s privacy rights under FERPA. Parents or eligible students who wish to ask the EA to amend their child’s or their education record should write an EA official (often a Principal or Superintendent), clearly identify the part of the record they want changed, and specify why it should be changed. If the EA decides not to amend the record as requested by the parent or eligible student, the EA will notify the parent or eligible student of the decision and of their right to a hearing regarding the request for amendment. Additional information regarding the hearing procedures would be provided to the parent or eligible student when notified of the right to a hearing.
In the event iSchool Initiative becomes aware of a data breach or inadvertent disclosure of PII, iSchool Initiative shall take immediate steps to limit and mitigate such security breach to the extent possible. A senior executive of iSchool Initiative will notify a senior member of the affected EAs leadership team, ideally the Superintendent or similar chief executive. This typically will occur within 24 hours of confirmation of the event and would include the known relevant details. The EA and iSchool Initiative will work cooperatively in determining an action plan, including any required notification of affected persons. In the event that iSchool Initiative is at fault for the breach or disclosure, iSchool Initiative carries a $1,000,000 cyber-liability insurance policy that provides for a number of potential remedies, such as credit monitoring for affected parties, fraud coverage, crisis management communications coverage, business interruption coverage, and data restoration coverage, among others.
In the event of termination of a license to use our products, iSchool Initiative works with the EA, in accordance of the terms of the EAs contract, to destroy all user records contained in our systems and then will permanently delete all archival or backup copies of the agency’s or institution’s data. iSchool Initiative shall not knowingly retain copies of any data or information received from EA once EA has directed iSchool Initiative as to how such information shall be returned and/or destroyed. Furthermore, iSchool Initiative --- shall ensure that it disposes of any and all data or information received from EA in a commercially reasonable manner that maintains the confidentiality of the contents of such records (e.g. shredding paper records, erasing and reformatting hard drives, erasing and/or physically destroying any portable electronic devices). At the request of the EA, iSchool Initiative will provide a written certification of destruction.
To the extent parents, guardians or students have questions regarding the content of, or privacy associated with, any applications used by the educational institution, please contact that agency or institution.
iSchool Initiative may, from time to time, update this policy to be in compliance with evolving state and federal laws and regulations. We will not materially change our policies and practices to make them less protective of your privacy without the written consent of the EA and the EA may rely upon any and enforce any current or prior version of this policy unless otherwise agreed to in writing.
Children under the applicable age of digital consent are not permitted to use our websites and services, and must request a team adult, parent or guardian provide any personal data in connection with the site and/or services.