Publicly released reports shall not include PII and shall use Aggregate Data in such a manner that re-identification of individual students is not possible.
District contracts with outside vendors involving student data, which govern databases, online services, assessments, special education or instructional supports, shall include the following provisions which are intended to safeguard student privacy and the security of the data:
- Requirement that the vendor agrees to comply with all applicable State and federal law;
- Requirement that the vendor has in place Administrative Security, Physical Security, and Logical Security controls to protect from a Data Breach or Unauthorized Data Disclosure;
- Requirement that the vendor restricts access to PII to the authorized staff or the vendor who requires such access to perform their assigned duties;
- Prohibition against the vendor’s secondary use of PII including sales, marketing, or advertising;
- Requirement for data destruction and an associated timeframe; and
- Penalties for non-compliance with the above provisions.
The District shall clearly define what data is determined to be directory information. If the District choose to publish directory information, which includes PII, it will do so in accordance with Board Policy 5520.30