EDUPOINT products comply at all times with the requirements of the Family Educational Records Privacy Act (“FERPA”) regarding the confidentiality and handling of student records and information, including but not limited to student names, parent names, addresses, grades, disciplinary actions, attendance, health, and other personal matters particular to the respective students as supplied by the school district. EDUPOINT products only access student information pursuant to prior written parental consent, legitimate educational interests in performing duties on behalf of the District or other provisions of federal and state law permitting access to confidential student information.
EDUPOINT understands and agrees to the following responsibilities regarding maintaining the security and confidentiality of District’s student data:
EDUPOINT acknowledges that the data that will be entered into the Licensed Software Products includes personally identifiable student information that is confidential and proprietary to the respective school districts, and subject to State and Federal confidentiality laws and regulations including but not limited to FERPA.
EDUPOINT takes all reasonable measures to ensure that the Licensed Software Products are equipped with current industry-standard security safeguards, including but not limited to encryption, with the intent to prevent unauthorized access to, use, or disclosure of, the confidential data and information that will be entered into the Licensed Software Products.
EDUPOINT instructs all of EDUPOINT’s staff who require access to confidential information in order to carry out their professional responsibilities about the requirements for handling confidential information, and requires each person who will have access to confidential information to sign an agreement to comply with EDUPOINT confidentiality provisions.
EDUPOINT uses all available and commercially reasonable methods to design and code the Licensed Software Products to function in such a manner that does not permit access to personally identifiable student information by individuals other than authorized representatives of an appropriate school district and/or EDUPOINT who have legitimate educational interests in the information, specifically, those who require access to the data stored and analyzed on the Licensed Software Products in order to be able to carry out their professional responsibilities. Access to personally identifiable student information by parents and students for purposes of review and correction is determined by the rules of client school districts.
EDUPOINT will not contact any individuals included in the data sets without obtaining advance written authorization from the applicable school district, or as authorized, permitted and/or required under applicable law, rule or regulation.
EDUPOINT shall not disclose any school district confidential student data, with or without personally identifying information, to any other individuals, agencies, or organizations (except disclosures to local, State or Federal agencies as may be required under applicable law), without first obtaining, in cooperation with the applicable school district, prior written consent of the parent or eligible student.
EDUPOINT shall not use a school district’s confidential student data, with or without personally identifying information, in any form, or in any way, for any purpose other than the respective school district’s purposes (except disclosures to local, State or Federal agencies as may be required under applicable law).
To the extent applicable, EDUPOINT shall keep all confidential student data furnished by a school district in a space as may be commercially reasonable to physically and electronically keep such information secure from unauthorized access. Confidential student data shall be stored and processed in a way commercially reasonably calculated so that unauthorized persons cannot retrieve nor alter the information by means of a computer, remote terminal, or other means. No confidential student data will be stored, except on a temporary basis, on laptop computers or other portable computing devices or media, e.g., flash drives, etc. Confidential student data will be promptly deleted from any such device as soon as it is no longer needed for immediate operational purposes. Such devices will be reasonably secured during such time as confidential student data is stored on them. Other than as maintained and used on a particular school district’s devices and equipment, confidential student data will only be used on EDUPOINT devices and equipment.
EDUPOINT agrees that a school district’s confidential data shall be returned and/or destroyed when no longer needed for district authorized purposes upon written authorization from the applicable school district. All destruction of a school district’s confidential data shall be accomplished by utilizing an approved method of confidential destruction, including shredding, burning or certified/witnessed destruction for physical materials and verified erasure of magnetic media using approved methods of electronic file destruction.
Notwithstanding anything contained herein to the contrary, EDUPOINT and its officers, managers, employees, agents and contractors shall have the right to disclose any confidential data or information in the event EDUPOINT or any such officers, managers, employees, agents and contractors, are compelled to do so by order of any State or federal court. If EDUPOINT receives a request for a school district’s confidential student data, or if such records are compelled by order of any state or federal court or other governmental authority, EDUPOINT will provide the particular school district with written notice of the request or order.
Further, notwithstanding anything to the contrary in this policy statement, Edupoint does not, and will not, sell any confidential student data at any time, for any reason. Any company with whom Edupoint may merge or to which it may sell its student data software business in the future, shall be encouraged to abide by the terms of the above policy. In addition, clients would reserve the right to refuse to send future data, and can have existing data returned to them, if above policy is not honored.
Material changes to this policy will be accompanied by email notification to clients and a request that clients respond with questions or concerns.