Student Data Privacy
Santee School District places the highest priority on keeping student information private and safe. Our district falls under the umbrella of recent legislation that mandates ALL companies doing business with California schools to observe strict guidelines and safeguards concerning student data privacy. This includes Google Services that are provided to K-12 schools and means that the accounts and services provided to schools and districts in particular are different and separate from the retail/consumer services provided by the online providers and these school focused services can only be provided under strict data privacy rules.
SOPIPA and FERPA
California's Student Online Personal Information Protection Act (SOPIPA) requires Google and other online vendors doing business with K-12 institutions to comply with strict student information privacy safeguards. This legislation prohibits third party vendors from collecting, creating dossiers about, and selling such information about students when doing business with K-12 schools in the state of California. Furthermore, such on-line vendors may not advertise to students while using their on-line systems nor provide information about those students to third parties. The Student Online Personal Information Protection Act (SOPIPA) consists of AB1548 and SB1177. These laws began to take effect January 1, 2015 with additional provisions taking effect January 1, 2016. Additional information about these laws can be found here:
Three California Bills Protecting Student Data Online (links to external website)
The federal law known as FERPA, the Family Educational Rights and Privacy Act, also protects student data privacy by prohibiting the improper disclosure of personally identifiable information derived from education records.
FERPA Regulations (links to external website)
FERPA Guidance for Parents (links to external website)
Managed Apple ID, Microsoft Office 365 for Education and Google Apps For Education (G Suite)
Apple “Managed” ID is specifically created for schools. Managed Apple IDs are unique to Santee School District and separate from Apple IDs that is available for consumer. The Managed Apple ID is associated with the District’s email and services are managed by the District. Managed Apple IDs have access to school specific services like Upgraded iCloud, iCloud services, iWork and Schoolwork. They are prohibited from App Store, iTunes and Books Store Purchasing, Apple Pay, iCloud Mail, iCloud Keychain, FaceTime and iMessage.
Microsoft Office 365 for Education is Microsoft suite of productivity applications and services that provide both teachers and students with the tools for classroom communication and collaboration. Examples of Microsoft applications and services include Outlook Mail, Word, Excel, PowerPoint, OneDrive and OneNote.
Google Apps for Education, also known as G Suite, is a suite of free Google cloud-based services that allow teachers and students to collaborate on school projects in a secure environment that is completely separate from public Google offerings and is free from advertising and third-party data mining. Examples of Google services that Santee School District has enabled via GAFE include Google Docs, Google Drive, and Google Classroom.
To enable the online services, the district will be creating district managed Apple ID, Microsoft Office 365 and Google Apps for Education accounts for each student. Students will be learning digital citizenship skills and cyber safety and information security/privacy through the use of these accounts and services.
Student Data Privacy
Student data privacy and information security are of great importance to Santee School District and we share your concern that student data is handled appropriately and not shared with outside sources without our permission and that all student data remains under strict control. We have designed our implementation of cloud-based accounts and data storage to be as similar as possible to the data access and security we have with district files/data hosted on our own district servers.
Because student data privacy is of such great importance and online providers of cloud hosted services for schools and districts may house student data, the California Educational Technology Professionals Association, CETPA, (representing all public school districts in the state) hired the law firm of Fagen, Friedman, and Fulfrost (F3) to conduct an audit of the three main online service providers of online accounts (Google, Apple, and Microsoft) for their adherence to state (AB1584/SOPIPA) and federal (FERPA) student data privacy laws.
F3 has rendered their opinion that each vendor has been found to be in compliance with the relevant laws: (click below for F3's findings for each vendor)
F3 report finding Microsoft in compliance with California and Federal student data privacy regulations (links to external website)
F3 report finding Apple in compliance with California and Federal student data privacy regulations (links to external website)
F3 report finding Google in Compliance with California and Federal student data privacy regulations (links to external website)
Because of the demonstrated adherence to California and Federal student data privacy laws, Santee School district believes that students using these services provided by Apple, Microsoft and Google are protected against the normal data harvesting practices that may apply to the free services that certain vendors provide to the public. According to AB1584, vendors providing services to schools and districts in California are not permitted to create a dossier based on student information and usage except to provide access to their own services, may not share any student information with other third parties, and may not advertise to students.
California Student Data Privacy Agreement
Our district partners with other online vendors who handle student data including name, email address, grade level information, teacher name, course information, and may integrate with students' district issued Google account. To ensure our students’ data is protected and kept private according to state and federal regulations, Santee School District utilizes the California Student Data Privacy Agreement (CSDPA) with vendors who handle or have access to our student data online. The CSDPA is a legally vetted contract through which vendors agree to protect student data from the collection, selling, and theft of information in compliance with State and Federal regulations such as:
- Family Educational Rights and Privacy Act (FERPA): Privacy for students’ data records
- Children’s Online Privacy Protection Act (COPPA): Privacy for children under 13
- Protection of Pupil Rights Amendment (PPRA): Student protection for survey information
- Student Online Protection Information Protection Act (SOPIPA): Protection from selling student data
- AB1584,Pupil records: privacy
The entire CSDPA Agreement that covers all the student data privacy laws may be viewed here: CSDPA
The district constantly works to ensure that all new third party companies handling our student's data meets the standards of the CSDPA. Currently, the following Vendors have signed the CSDPA