Contractor Duties. 5.1 The Contractor will perform the following duties in regard to any student data it obtains: 5.1.1 Not disclose the information to any other party without the consent of the parent or eligible student; 5.1.2 Use the data for no purpose other than the work stated in this Agreement; 5.1.3 Allow the District access to any relevant records for purposes of completing authorized audits; 5.1.4 Require all employees, contractors and agents of any kind to comply with all applicable provisions of FERPA and other federal and California laws with respect to the data shared under this Agreement; 5.1.5 Designate in writing a single authorized representative able to request data under this Agreement. The authorized representative shall be responsible for transmitting all data requests and maintaining a log or other record of all data requested and received pursuant to this Agreement, including confirmation of the completion of any projects and the return or destruction of data as required by this Agreement. District or its agents may, upon request, review the records required to be kept under this section; 5.1.6 Maintain all data obtained pursuant to this Agreement in a secure computer environment and not copy, reproduce or transmit data obtained pursuant to this Agreement except as necessary to fulfill the purpose of this Agreement. All copies of data of any type, including any modifications or additions to data from any source that contains information regarding students, are subject to the provisions of this Agreement in the same manner as the original data. The ability to access or maintain data under this Agreement shall not under any circumstances transfer from Contractor to any other institution or entity; 5.1.7 Destroy or return all personally identifiable information obtained under this Agreement when it is no longer needed for the purpose for which it was obtained no later than 60 days after it is no longer needed. In the event Contractor destroys the PII, Contractor shall provide the District with certification of such destruction. Failure to return or destroy the PII will preclude Contractor from accessing personally identifiable student information for at least five years as provided for in 34 C.F.R. section 99.31(a)(6)(iv). 5.2 If Contractor is an operator of an Internet website, online service, online application, or mobile application, Contractor shall comply with the requirements of California Business and Professions Code section 22584 and District policy as follows: 5.2.1 Contractor shall not (i) knowingly engage in targeted advertising on the Contractor’s site, service or application to District students or their parents or legal guardians; (ii) use PII to amass a profile about a District student; (iii) sell information, including PII; or (iv) disclose PII without the District’s written permission. 5.2.2 Contractor will store and process District Data in accordance with commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved. Without limiting the foregoing, Contractor warrants that all electronic District Data will be encrypted in transmission using SSL [(Secure Sockets Layer)] [or insert other encrypting mechanism] (including via web interface) [and stored at no less than 128-bit level encryption]. “Encryption” means a technology or methodology that utilizes an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key, and such confidential process or key that might enable decryption has not been breached, and shall have the meaning given to such term under HIPAA and HIPAA Regulations, including 45 CFR §164.304.
Appears in 11 contracts
Samples: Master Agreement for Professional Services, Master Agreement for Professional Services, Master Agreement for Professional Services
Contractor Duties. 5.1 The Contractor will perform the following duties in regard to any student data it obtains:
5.1.1 Not disclose the information to any other party without the consent of the parent or eligible student;
5.1.2 Use the data for no purpose other than the work stated in this Agreement;
5.1.3 Allow the District access to any relevant records for purposes of completing authorized audits;
5.1.4 Require all employees, contractors and agents of any kind to comply with all applicable provisions of FERPA and other federal and California laws with respect to the data shared under this Agreement;
5.1.5 Designate in writing a single authorized representative able to request data under this Agreement. The authorized representative shall be responsible for transmitting all data requests and maintaining a log or other record of all data requested and received pursuant to this Agreement, including confirmation of the completion of any projects and the return or destruction of data as required by this Agreement. District or its agents may, upon request, review the records required to be kept under this section;
5.1.6 Maintain all data obtained pursuant to this Agreement in a secure computer environment and not copy, reproduce or transmit data obtained pursuant to this Agreement except as necessary to fulfill the purpose of this Agreement. All copies of data of any type, including any modifications or additions to data from any source that contains information regarding students, are subject to the provisions of this Agreement in the same manner as the original data. The ability to access or maintain data under this Agreement shall not under any circumstances transfer from Contractor to any other institution or entity;
5.1.7 Destroy or return all personally identifiable information obtained under this Agreement when it is no longer needed for the purpose for which it was obtained no later than 60 30 days after it is no longer needed. In the event Contractor destroys the PII, Contractor shall provide the District with certification of such destruction. Failure to return or destroy the PII will preclude Contractor from accessing personally identifiable student information for at least five years as provided for in 34 C.F.R. section 99.31(a)(6)(iv); and,
5.1.8 Comply with the District Information Protection Policy, BUL-1077.1, available at: xxxx://xxxxxxxx.xxxxx.xxx/pls/ptl/docs/PAGE/CA_LAUSD/FLDR_ORGANIZATI ONS/FLDR_GENERAL_COUNSEL/BULL- 1077.1%20REVISED%20120506.PDF.
5.2 If Contractor is an operator of an Internet website, online service, online application, or mobile application, Contractor shall comply with the requirements of California Business and Professions Code section 22584 and District policy as follows:
5.2.1 Contractor shall not (i) knowingly engage in targeted advertising on the Contractor’s site, service or application to District students or their parents or legal guardians; (ii) use PII to amass a profile about a District student; (iii) sell information, including PII; or (iv) disclose PII without the District’s written permission.
5.2.2 Contractor will store and process District Data in accordance with commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved. Without limiting the foregoing, Contractor warrants that all electronic District Data will be encrypted in transmission using SSL [(Secure Sockets Layer)] [or insert other encrypting mechanism] (including via web interface) [and stored at no less than 128-bit level encryption].
5.2.3 Contractor shall delete a student’s covered information upon request of the District.
5.2.4 District Data will not be stored outside the United States without prior written consent from the District.
5.3 Contractor shall comply with the District’s information security specifications prior to receiving any electronic transfers of pupil record information from Clever. “Encryption” means a technology or methodology that utilizes an algorithmic process District may require Contractor to transform data into a form in which there is a low probability provide documentation of assigning meaning without use of a confidential process or keycompliance prior to any transmittal.
5.4 If the Contractor will provide cloud-based services for the digital storage, management, and such confidential process retrieval of pupil records or key will provide digital educational software that might enable decryption has not been breachedwill access, store, and use pupil records, the following requirements in compliance with California Education Code section 49073.1 pertain:
5.4.1 The pupil records continue to be the property of and under the control of the District;
5.4.2 Contractor will not use any information in the pupil record for any purpose other than those required or specifically permitted by this Agreement.
5.4.3 In order for a parent, legal guardian or eligible pupil to review personally identifiable information in the pupil’s records and correct erroneous information, Contractor shall:
5.4.4 Contractor shall have take the meaning given to such term under HIPAA and HIPAA Regulationsfollowing actions, including 45 CFR §164.304the designation and training of responsible individuals, to ensure the security and confidentiality of pupil records:
5.4.5 Contractor shall use the following procedure for notifying the affected parent, legal guardian, or eligible pupil in the event of an unauthorized disclosure of the pupil’s records:
5.4.6 Contractor certifies that it will not retain the pupil records upon completion of the services. Contractor will take the following actions to enforce this certification:
5.4.7 Contractor shall not use personally identifiable information in pupil records to engage in targeted advertising.
Appears in 10 contracts
Samples: Master Information Technology Services and Support Agreement, Master Information Technology Services and Support Agreement, Master Information Technology Services and Support Agreement
Contractor Duties. 5.1 The Contractor will perform the following duties in regard to any student data it obtains:
5.1.1 Not disclose the information to any other party without the consent of the parent or eligible student;
5.1.2 Use the data for no purpose other than the work stated in this Agreement;
5.1.3 Allow the District access to any relevant records for purposes of completing authorized audits;
5.1.4 Require all employees, contractors and agents of any kind to comply with all applicable provisions of FERPA and other federal and California laws with respect to the data shared under this Agreement, as evidenced by each employee, contractor, or agent of any kind who will receive pupil record information completing Attachment A, Student Record Confidentiality and Re-Disclosure Agreement, attached hereto and incorporated by reference herein;
5.1.5 Designate in writing a single authorized representative able to request data under this Agreement. The authorized representative shall be responsible for transmitting all data requests and maintaining a log or other record of all data requested and received pursuant to this Agreement, including confirmation of the completion of any projects and the return or destruction of data as required by this Agreement. District or its agents may, upon request, review the records required to be kept under this section;
5.1.6 Maintain all data obtained pursuant to this Agreement in a secure computer environment and not copy, reproduce or transmit data obtained pursuant to this Agreement except as necessary to fulfill the purpose of this Agreement. All copies of data of any type, including any modifications or additions to data from any source that contains information regarding students, are subject to the provisions of this Agreement in the same manner as the original data. The ability to access or maintain data under this Agreement shall not under any circumstances transfer from Contractor to any other institution or entity;
5.1.7 Destroy or return all personally identifiable information obtained under this Agreement when it is no longer needed for the purpose for which it was obtained no later than 60 days after it is no longer needed. In the event Contractor destroys the PII, Contractor shall provide the District with certification of such destruction. Failure to return or destroy the PII will preclude Contractor from accessing personally identifiable student information for at least five years as provided for in 34 C.F.R. section 99.31(a)(6)(iv).
5.2 If Contractor is an operator of an Internet website, online service, online application, or mobile application, Contractor shall comply with the requirements of California Business and Professions Code section 22584 and District policy as follows:
5.2.1 Contractor shall not (i) knowingly engage in targeted advertising on the Contractor’s site, service or application to District students or their parents or legal guardians; (ii) use PII to amass a profile about a District student; (iii) sell information, including PII; or (iv) disclose PII without the District’s written permission.
5.2.2 Contractor will store and process District Data in accordance with commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved. Without limiting the foregoing, Contractor warrants that all electronic District Data will be encrypted in transmission using SSL [(Secure Sockets Layer)] [or insert other encrypting mechanism] (including via web interface) [and stored at no less than 128-bit level encryption]. “Encryption” means a technology or methodology that utilizes an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key, and such confidential process or key that might enable decryption has not been breached, and shall have the meaning given to such term under HIPAA and HIPAA Regulations, including 45 CFR §164.304.
Appears in 2 contracts
Samples: Data Use Agreement, Data Use Agreement
Contractor Duties. 5.1 The Contractor will perform the following duties in regard to any student data it obtains:
5.1.1 Not disclose the information to any other party without the consent of the parent or eligible oreligible student;
5.1.2 Use the data for no purpose other than the work stated in this Agreement;
5.1.3 Allow the District access to any relevant records for purposes of completing authorized completingauthorized audits;
5.1.4 Require all employees, contractors and agents of any kind to comply with all applicable provisions of FERPA and other federal and California laws with respect to the data shared under this Agreement;
5.1.5 Designate in writing a single authorized representative able to request data under this AgreementthisAgreement. The authorized representative shall be responsible for transmitting all data requests and maintaining a log or other record of all data requested and received pursuant receivedpursuant to this Agreement, including confirmation of the completion of any projects and projectsand the return or destruction of data as required by this Agreement. District or its agents may, upon request, review the records required to be kept under this section;
5.1.6 Maintain all data obtained pursuant to this Agreement in a secure computer environment and not copy, reproduce or transmit data obtained pursuant to this Agreement except as necessary to fulfill the purpose of this Agreement. All copies of data of any type, including any modifications or additions to data from any source that sourcethat contains information regarding students, are subject to the provisions of this Agreement in the same manner as the original data. The ability to access or maintain data maintaindata under this Agreement shall not under any circumstances transfer from Contractor to any other institution or entity;
5.1.7 Destroy or return all personally identifiable information obtained under this Agreement when it is no longer needed for the purpose for which it was obtained no later than 60 days after it is no longer needed. In the event Contractor destroys the PII, Contractor shall provide the District with certification of such destruction. Failure to return or destroy the PII will preclude Contractor from accessing personally identifiable student information for at least five years as provided for in 34 C.F.R. section 99.31(a)(6)(iv).
5.2 If Contractor is an operator of an Internet website, online service, online application, or mobile application, Contractor shall comply with the requirements of California Business and Professions Code section 22584 and District policy as follows:
5.2.1 Contractor shall not (i) knowingly engage in targeted advertising on the Contractor’s siteContractor’ssite, service or application to District students or their parents or legal guardians; (ii) use ii)use PII to amass a profile about a District student; (iii) sell information, including PII; or (iv) disclose PII without the District’s written permission.
5.2.2 Contractor will store and process District Data in accordance with commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of natureof the data involved. Without limiting the foregoing, Contractor warrants that all electronic District Data will be encrypted in transmission using SSL [(Secure Sockets LayerSocketsLayer)] [or insert other encrypting mechanism] (including via web interface) [and stored at no less than 128-bit level encryption]. “Encryption” means a technology or methodology that utilizes an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key, and such confidential process or key that might enable decryption has not been breached, and shall have the meaning given to such term under HIPAA and HIPAA andHIPAA Regulations, including 45 CFR §164.304.
Appears in 1 contract
Contractor Duties. 5.1 The Contractor will perform the following duties in regard to any student data it obtains:
5.1.1 Not disclose the information to any other party without the consent of the parent or eligible student;
5.1.2 Use the data for no purpose other than the work stated in this Agreement;
5.1.3 Allow the District access to any relevant records for purposes of completing authorized audits;
5.1.4 Require all employees, contractors and agents of any kind to comply with all applicable provisions of FERPA and other federal and California laws with respect to the data shared under this Agreement;
5.1.5 Designate in writing a single authorized representative able to request data under this Agreement. The authorized representative shall be responsible for transmitting all data requests and maintaining a log or other record of all data requested and received pursuant to this Agreement, including confirmation of the completion of any projects and the return or destruction of data as required by this Agreement. District or its agents may, upon request, review the records required to be kept under this section;
5.1.6 Maintain all data obtained pursuant to this Agreement in a secure computer environment and not copy, reproduce or transmit data obtained pursuant to this Agreement except as necessary to fulfill the purpose of this Agreement. All copies of data of any type, including any modifications or additions to data from any source that contains information regarding students, are subject to the provisions of this Agreement in the same manner as the original data. The ability to access or maintain data under this Agreement shall not under any circumstances transfer from Contractor to any other institution or entity;
5.1.7 Destroy or return all personally identifiable information obtained under this Agreement when it is no longer needed for the purpose for which it was obtained no later than 60 days after it is no longer needed. In the event Contractor destroys the PII, Contractor shall provide the District with certification of such destruction. Failure to return or destroy the PII will preclude Contractor from accessing personally identifiable student information for at least five years as provided for in 34 C.F.R. section 99.31(a)(6)(iv).
5.2 If Contractor is an operator of an Internet website, online service, online application, or mobile application, Contractor shall comply with the requirements of California Business and Professions Code section 22584 and District policy as follows:
5.2.1 Contractor shall not (i) knowingly engage in targeted advertising on the Contractor’s site, service or application to District students or their parents or legal guardians; (ii) use PII to amass a profile about a District student; (iii) sell information, including PII; or (iv) disclose PII without the District’s written permission.
5.2.2 Contractor will store and process District Data in accordance with commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved. Without limiting the foregoing, Contractor warrants that all electronic District Data will be encrypted in transmission using SSL [(Secure Sockets Layer)] [or insert other encrypting mechanism] (including via web interface) [and stored at no less than 128-bit level encryption]. “Encryption” means a technology or methodology that utilizes an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key, and such confidential process or key that might enable decryption has not been breached, and shall have the meaning given to such term under HIPAA and HIPAA Regulations, including 45 CFR §164.304.,
Appears in 1 contract
Samples: Data Use Agreement
Contractor Duties. 5.1 The Contractor will perform the following duties in regard to any student data it obtains:
5.1.1 Not disclose the information to any other party without the consent of the parent or eligible student;
5.1.2 Use the data for no purpose other than the work stated in this Agreement;
5.1.3 Allow the District access to any relevant records for purposes of completing authorized audits;
5.1.4 Require all employees, contractors and agents of any kind to comply with all applicable provisions of FERPA and other federal and California laws with respect to the data shared under this Agreement;
5.1.5 Designate in writing a single authorized representative able to request data under this Agreement. The authorized representative shall be responsible for transmitting all data requests and maintaining a log or other record of all data requested and received pursuant to this Agreement, including confirmation of the completion of any projects and the return or destruction of data as required by this Agreement. District or its agents may, upon request, review the records required to be kept under this section;
5.1.6 Maintain all data obtained pursuant to this Agreement in a secure computer environment and not copy, reproduce or transmit data obtained pursuant to this Agreement except as necessary to fulfill the purpose of this Agreement. All copies of data of any type, including any modifications or additions to data from any source that contains information regarding students, are subject to the provisions of this Agreement in the same manner as the original data. The ability to access or maintain data under this Agreement shall not under any circumstances transfer from Contractor to any other institution or entity;
5.1.7 Destroy or return all personally identifiable information obtained under this Agreement when it is no longer needed for the purpose for which it was obtained no later than 60 30 days after it is no longer needed. In the event Contractor destroys the PII, Contractor shall provide the District with certification of such destruction. Failure to return or destroy the PII will preclude Contractor from accessing personally identifiable student information for at least five years as provided for in 34 C.F.R. section 99.31(a)(6)(iv); and,
5.1.8 Comply with the District Information Protection Policy, BUL-1077.1, available at: xxxx://xxxxxxxx.xxxxx.xxx/pls/ptl/docs/PAGE/CA_LAUSD/FLDR_ORGANIZATIONS/F LDR_GENERAL_COUNSEL/BULL-1077.1%20REVISED%20120506.PDF.
5.2 If Contractor is an operator of an Internet website, online service, online application, or mobile application, Contractor shall comply with the requirements of California Business and Professions Code section 22584 and District policy as follows:
5.2.1 Contractor shall not (i) knowingly engage in targeted advertising on the Contractor’s site, service or application to District students or their parents or legal guardians; (ii) use PII to amass a profile about a District student; (iii) sell information, including PII; or (iv) disclose PII without the District’s written permission.
5.2.2 Contractor will store and process District Data in accordance with commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved. Without limiting the foregoing, Contractor warrants that all electronic District Data will be encrypted in transmission using SSL [(Secure Sockets Layer)] [or insert other encrypting mechanism] (including via web interface) [and stored at no less than 128-bit level encryption].
5.2.3 Contractor shall delete a student’s covered information upon request of the District.
5.2.4 District Data will not be stored outside the United States without prior written consent from the District.
5.3 Contractor shall comply with the District’s information security specifications prior to receiving any electronic transfers of pupil record information from Clever. “Encryption” means District may require Contractor to provide documentation of compliance prior to any transmittal.
5.4 If the Contractor will provide cloud-based services for the digital storage, management, and retrieval of pupil records or will provide digital educational software that will access, store, and use pupil records, the following requirements in compliance with California Education Code section 49073.1 pertain:
5.4.1 The pupil records continue to be the property of and under the control of the District;
5.4.2 Contractor will not use any information in the pupil record for any purpose other than those required or specifically permitted by this Agreement.
5.4.3 In order for a technology parent, legal guardian or methodology eligible pupil to review personally identifiable information in the pupil’s records and correct erroneous information, Contractor shall: This access does not apply to yearbook services provided by Pictures with Class by Xxxxxxxxx.
5.4.4 Contractor shall take the following actions, including the designation and training of responsible individuals, to ensure the security and confidentiality of pupil records: Data security awareness procedures are reviewed with company employees at our annual company-wide meeting and updated by email and weekly/monthly staff meetings as new procedures are implemented.
5.4.5 Contractor shall use the following procedure for notifying the affected parent, legal guardian, or eligible pupil in the event of an unauthorized disclosure of the pupil’s records: In the event that utilizes an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use an unauthorized disclosure of a confidential process or keypupil’s records, and such confidential process or key Pictures with Class will inform the appropriate school administrators of what records were disclosed. We will comply with any notifications to the parents of affected students requested by the school.
5.4.6 Contractor certifies that might enable decryption has it will not retain the pupil records upon completion of the services. Contractor will take the following actions to enforce this certification: Pictures with Class archives yearbooks on an external server that is located in a secure room with access limited to specific yearbook staff. Upon request, Pictures with Class by Xxxxxxxxx will provide written notification to the District when yearbooks have been breached, and deleted.
5.4.7 Contractor shall have the meaning given not use personally identifiable information in pupil records to such term under HIPAA and HIPAA Regulations, including 45 CFR §164.304engage in targeted advertising.
Appears in 1 contract
Samples: Professional Services
Contractor Duties. 5.1 The Contractor will perform the following duties in regard to any student data it obtains:
5.1.1 Not disclose the information to any other party without the consent of the parent or eligible student;
5.1.2 Use the data for no purpose other than the work stated in this Agreement;
5.1.3 Allow the District access to any relevant records for purposes of completing authorized audits;
5.1.4 Require all employees, contractors and agents of any kind to comply with all applicable provisions of FERPA and other federal and California laws with respect to the data shared under this Agreement;
5.1.5 Designate in writing a single authorized representative able to request data under this Agreement. The authorized representative shall be responsible for transmitting all data requests and maintaining a log or other record of all data requested and received pursuant to this Agreement, including confirmation of the completion of any projects and the return or destruction of data as required by this Agreement. District or its agents may, upon request, review the records required to be kept under this section;
5.1.6 Maintain all data obtained pursuant to this Agreement in a secure computer environment and not copy, reproduce or transmit data obtained pursuant to this Agreement except as necessary to fulfill the purpose of this Agreement. All copies of data of any type, including any modifications or additions to data from any source that contains information regarding students, are subject to the provisions of this Agreement in the same manner as the original data. The ability to access or maintain data under this Agreement shall not under any circumstances transfer from Contractor to any other institution or entity;
5.1.7 Destroy or return all personally identifiable information obtained under this Agreement when it is no longer needed for the purpose for which it was obtained no later than 60 30 days after it is no longer needed. In the event Contractor destroys the PII, Contractor shall provide the District with certification of such destruction. Failure to return or destroy the PII will preclude Contractor from accessing personally identifiable student information for at least five years as provided for in 34 C.F.R. section 99.31(a)(6)(iv); and,
5.1.8 Comply with the District Information Protection Policy, BUL-1077.1, available at: xxxx://xxxxxxxx.xxxxx.xxx/pls/ptl/docs/PAGE/CA_LAUSD/FLDR_ORGANIZATIONS/F LDR_GENERAL_COUNSEL/BULL-1077.1%20REVISED%20120506.PDF.
5.2 If Contractor is an operator of an Internet website, online service, online application, or mobile application, Contractor shall comply with the requirements of California Business and Professions Code section 22584 and District policy as follows:
5.2.1 Contractor shall not (i) knowingly engage in targeted advertising on the Contractor’s site, service or application to District students or their parents or legal guardians; (ii) use PII to amass a profile about a District student; (iii) sell information, including PII; or (iv) disclose PII without the District’s written permission.
5.2.2 Contractor will store and process District Data in accordance with commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved. Without limiting the foregoing, Contractor warrants that all electronic District Data will be encrypted in transmission using SSL [(Secure Sockets Layer)] [or insert other encrypting mechanism] (including via web interface) [and stored at no less than 128-bit level encryption].
5.2.3 Contractor shall delete a student’s covered information upon request of the District.
5.2.4 District Data will not be stored outside the United States without prior written consent from the District.
5.3 Contractor shall comply with the District’s information security specifications prior to receiving any electronic transfers of pupil record information from Clever. “Encryption” means District may require Contractor to provide documentation of compliance prior to any transmittal.
5.4 If the Contractor will provide cloud-based services for the digital storage, management, and retrieval of pupil records or will provide digital educational software that will access, store, and use pupil records, the following requirements in compliance with California Education Code section 49073.1 pertain:
5.4.1 The pupil records continue to be the property of and under the control of the District;
5.4.2 Contractor will not use any information in the pupil record for any purpose other than those required or specifically permitted by this Agreement.
5.4.3 In order for a technology parent, legal guardian or methodology eligible pupil to review personally identifiable information in the pupil’s records and correct erroneous information, Contractor shall: This access does not apply to photography services provided by Pictures with Class by Xxxxxxxxx.
5.4.4 Contractor shall take the following actions, including the designation and training of responsible individuals, to ensure the security and confidentiality of pupil records: Data security awareness procedures are reviewed with company employees at our annual company-wide meeting and updated as new procedures are implemented.
5.4.5 Contractor shall use the following procedure for notifying the affected parent, legal guardian, or eligible pupil in the event of an unauthorized disclosure of the pupil’s records: In the event that utilizes an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use an unauthorized disclosure of a confidential process or keypupil’s records, Pictures with Class will inform the appropriate school administrators of what records were disclosed. We will comply with any notifications to the parents of affected students requested by the school.
5.4.6 Contractor certifies that it will not retain the pupil records upon completion of the services. Contractor will take the following actions to enforce this certification: Pictures with Class retains images for two years. Images and such confidential process or key data to identify students are then deleted from all servers. Upon request, Pictures with Class by Xxxxxxxxx will provide written notification to the District that might enable decryption has images and data have been deleted.
5.4.7 Contractor shall not been breached, and shall have the meaning given use personally identifiable information in pupil records to such term under HIPAA and HIPAA Regulations, including 45 CFR §164.304engage in targeted advertising.
Appears in 1 contract
Samples: Professional Services
Contractor Duties. 5.1 The Contractor will perform the following duties in regard to any student data it obtains:
5.1.1 Not disclose the information to any other party without the consent of the parent or eligible student;
5.1.2 Use the data for no purpose other than the work stated in this Agreement;
5.1.3 Allow the District access to any relevant records for purposes of completing authorized audits;
5.1.4 Require all employees, contractors and agents of any kind to comply with all applicable provisions of FERPA and other federal and California laws with respect to the data shared under this Agreement;
5.1.5 Designate in writing a single authorized representative able to request data under this Agreement. The authorized representative shall be responsible for transmitting all data requests and maintaining a log or other record of all data requested and received pursuant to this Agreement, including confirmation of the completion of any projects and the return or destruction of data as required by this Agreement. District or its agents may, upon request, review the records required to be kept under this section;
5.1.6 Maintain all data obtained pursuant to this Agreement in a secure computer environment and not copy, reproduce or transmit data obtained pursuant to this Agreement except as necessary to fulfill the purpose of this Agreement. All copies of data of any type, including any modifications or additions to data from any source that contains information regarding students, are subject to the provisions of this Agreement in the same manner as the original data. The ability to access or maintain data under this Agreement shall not under any circumstances transfer from Contractor to any other institution or entity;
5.1.7 Destroy or return all personally identifiable information obtained under this Agreement when it is no longer needed for the purpose for which it was obtained no later than 60 30 days after it is no longer needed. In the event Contractor destroys the PII, Contractor shall provide the District with certification of such destruction. Failure to return or destroy the PII will preclude Contractor from accessing personally identifiable student information for at least five years as provided for in 34 C.F.R. section 99.31(a)(6)(iv); and,
5.1.8 Comply with the District Information Protection Policy, BUL-1077.1, available at: xxxx://xxxxxxxx.xxxxx.xxx/pls/ptl/docs/PAGE/CA_LAUSD/FLDR_ORGANIZATIONS/F LDR_GENERAL_COUNSEL/BULL-1077.1%20REVISED%20120506.PDF.
5.2 If Contractor is an operator of an Internet website, online service, online application, or mobile application, Contractor shall comply with the requirements of California Business and Professions Code section 22584 and District policy as follows:
5.2.1 Contractor shall not (i) knowingly engage in targeted advertising on the Contractor’s site, service or application to District students or their parents or legal guardians; (ii) use PII to amass a profile about a District student; (iii) sell information, including PII; or (iv) disclose PII without the District’s written permission.
5.2.2 Contractor will store and process District Data in accordance with commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved. Without limiting the foregoing, Contractor warrants that all electronic District Data will be encrypted in transmission using SSL [(Secure Sockets Layer)] [or insert other encrypting mechanism] (including via web interface) [and stored at no less than 128-bit level encryption].
5.2.3 Contractor shall delete a student’s covered information upon request of the District.
5.2.4 District Data will not be stored outside the United States without prior written consent from the District.
5.3 Contractor shall comply with the District’s information security specifications prior to receiving any electronic transfers of pupil record information from Clever. “Encryption” means a technology or methodology that utilizes an algorithmic process District may require Contractor to transform data into a form in which there is a low probability provide documentation of assigning meaning without use of a confidential process or keycompliance prior to any transmittal.
5.4 If the Contractor will provide cloud-based services for the digital storage, management, and such confidential process retrieval of pupil records or key will provide digital educational software that might enable decryption has not been breachedwill access, store, and use pupil records, the following requirements in compliance with California Education Code section 49073.1 pertain:
5.4.1 The pupil records continue to be the property of and under the control of the District;
5.4.2 Contractor will not use any information in the pupil record for any purpose other than those required or specifically permitted by this Agreement.
5.4.3 In order for a parent, legal guardian or eligible pupil to review personally identifiable information in the pupil’s records and correct erroneous information, Contractor shall: Xxxxxxxx does not provide cloud-based services for the digital storage, management, and retrieval of pupil records and does not provide digital educational software that will access, store, and use pupil records. Friesens does provide digital storage of completed yearbook pages by the school.
5.4.4 Contractor shall have take the meaning given to such term under HIPAA and HIPAA Regulationsfollowing actions, including 45 CFR §164.304the designation and training of responsible individuals, to ensure the security and confidentiality of pupil records: Xxxxxxxx does not provide cloud-based services for the digital storage, management, and retrieval of pupil records and does not provide digital educational software that will access, store, and use pupil records. Friesens does provide digital storage of completed yearbook pages by the school. Those pages are stored on Friesens servers and made available only to school personnel via username and password.
5.4.5 Contractor shall use the following procedure for notifying the affected parent, legal guardian, or eligible pupil in the event of an unauthorized disclosure of the pupil’s records: Not applicable as the school is the only one who has the usernames and passwords to yearbook pages. The school can allow individuals to view yearbook pages at there discretion.
5.4.6 Contractor certifies that it will not retain the pupil records upon completion of the services. Contractor will take the following actions to enforce this certification: After yearbooks are printed and delivered Xxxxxxxx automatically deletes pages and information from storage files one year after delivery. If the school chooses to have those removed earlier they can notify Friesens at any time.
5.4.7 Contractor shall not use personally identifiable information in pupil records to engage in targeted advertising.
Appears in 1 contract
Samples: Professional Services
Contractor Duties. 5.1 The Contractor will perform the following duties in regard to any student data it obtains:
5.1.1 Not disclose the information to any other party without the consent of the parent or eligible student;
5.1.2 Use the data for no purpose other than the work stated in this Agreement;
5.1.3 Allow the District access to any relevant records for purposes of completing authorized audits;
5.1.4 Require all employees, contractors and agents of any kind to comply with all applicable provisions of FERPA and other federal and California laws with respect to the data shared under this Agreement;
5.1.5 Designate in writing a single authorized representative able to request data under this Agreement. The authorized representative shall be responsible for transmitting all data requests and maintaining a log or other record of all data requested and received pursuant to this Agreement, including confirmation of the completion of any projects and the return or destruction of data as required by this Agreement. District or its agents may, upon request, review the records required to be kept under this section;
5.1.6 Maintain all data obtained pursuant to this Agreement in a secure computer environment and not copy, reproduce or transmit data obtained pursuant to this Agreement except as necessary to fulfill the purpose of this Agreement. All copies of data of any type, including any modifications or additions to data from any source that contains information regarding students, are subject to the provisions of this Agreement in the same manner as the original data. The ability to access or maintain data under this Agreement shall not under any circumstances transfer from Contractor to any other institution or entity;
5.1.7 Destroy or return all personally identifiable information obtained under this Agreement when it is no longer needed for the purpose for which it was obtained no later than 60 30 days after it is no longer needed. In the event Contractor destroys the PII, Contractor shall provide the District with certification of such destruction. Failure to return or destroy the PII will preclude Contractor from accessing personally identifiable student information for at least five years as provided for in 34 C.F.R. section 99.31(a)(6)(iv); and,
5.1.8 Comply with the District Information Protection Policy, BUL-1077.1, available at: xxxx://xxxxxxxx.xxxxx.xxx/pls/ptl/docs/PAGE/CA_LAUSD/FLDR_ORGANIZATIONS/F LDR_GENERAL_COUNSEL/BULL-1077.1%20REVISED%20120506.PDF.
5.2 If Contractor is an operator of an Internet website, online service, online application, or mobile application, Contractor shall comply with the requirements of California Business and Professions Code section 22584 and District policy as follows:
5.2.1 Contractor shall not (i) knowingly engage in targeted advertising on the Contractor’s site, service or application to District students or their parents or legal guardians; (ii) use PII to amass a profile about a District student; (iii) sell information, including PII; or (iv) disclose PII without the District’s written permission.
5.2.2 Contractor will store and process District Data in accordance with commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved. Without limiting the foregoing, Contractor warrants that all electronic District Data will be encrypted in transmission using SSL [(Secure Sockets Layer)] [or insert other encrypting mechanism] (including via web interface) [and stored at no less than 128-bit level encryption].
5.2.3 Contractor shall delete a student’s covered information upon request of the District.
5.2.4 District Data will not be stored outside the United States without prior written consent from the District.
5.3 Contractor shall comply with the District’s information security specifications prior to receiving any electronic transfers of pupil record information from Clever. “Encryption” means a technology or methodology that utilizes an algorithmic process District may require Contractor to transform data into a form in which there is a low probability provide documentation of assigning meaning without use of a confidential process or keycompliance prior to any transmittal.
5.4 If the Contractor will provide cloud-based services for the digital storage, management, and such confidential process retrieval of pupil records or key will provide digital educational software that might enable decryption has not been breachedwill access, store, and use pupil records, the following requirements in compliance with California Education Code section 49073.1 pertain:
5.4.1 The pupil records continue to be the property of and under the control of the District;
5.4.2 Contractor will not use any information in the pupil record for any purpose other than those required or specifically permitted by this Agreement.
5.4.3 In order for a parent, legal guardian or eligible pupil to review personally identifiable information in the pupil’s records and correct erroneous information, Contractor shall: Provide the designated school representative (typically the yearbook adviser) a request form to be completed and submitted to the designated Xxxxxxxxx representative with the information request. The information will then be obtained and returned to the designated school representative within five business days. Any changes to the information can then be returned to the designated Xxxxxxxxx representative for updates that would be performed within five business days of receipt.
5.4.4 Contractor shall have take the meaning given to such term under HIPAA and HIPAA Regulationsfollowing actions, including 45 CFR §164.304the designation and training of responsible individuals, to ensure the security and confidentiality of pupil records: Xxxxxxxxx has designated our Operations Administrator as responsible for data security and confidentiality. This individual works in a coordinated manner with our Network Administrator to ensure a secure environment that includes limited internal access to student data. All individuals with a security clearance that allows access to this data has passed a background check and received training in the proper handling of potential PII student data.
5.4.5 Contractor shall use the following procedure for notifying the affected parent, legal guardian, or eligible pupil in the event of an unauthorized disclosure of the pupil’s records: A formal communication will be sent to the primary school contacts in the form of both an email (for immediate communication) and a written letter with the detail of the unauthorized disclosure. The contractor will then work in coordination with the school to provide direct notification for the affected parent, legal guardian or eligible pupil.
5.4.6 Contractor certifies that it will not retain the pupil records upon completion of the services. Contractor will take the following actions to enforce this certification: Upon completion and delivery of our product, student data is retained for 90 days for reprint purposes. After 90 days, all database records containing PII are removed from our systems.
5.4.7 Contractor shall not use personally identifiable information in pupil records to engage in targeted advertising.
Appears in 1 contract
Samples: Professional Services
Contractor Duties. 5.1 The Contractor will perform the following duties in regard to any student data it obtains:
5.1.1 Not disclose the information to any other party without the consent of the parent or eligible student;
5.1.2 Use the data for no purpose other than the work stated in this Agreement;
5.1.3 Allow the District access to any relevant records for purposes of completing authorized audits;
5.1.4 Require all employees, contractors and agents of any kind to comply with all applicable provisions of FERPA and other federal and California laws with respect to the data shared under this Agreement;, as evidenced by each employee, contractor, or agent of any kind who will receive pupil record information completing Attachment A, Student Record Confidentiality and Re-Disclosure Agreement, attached hereto and incorporated by reference herein; DocuSign Envelope ID: 57FE9282-E46A-43D1-831B-4F549CBE8B96
5.1.5 Designate in writing a single authorized representative able to request data under this Agreement. The authorized representative shall be responsible for transmitting all data requests and maintaining a log or other record of all data requested and received pursuant to this Agreement, including confirmation of the completion of any projects and the return or destruction of data as required by this Agreement. District or its agents may, upon request, review the records required to be kept under this section;
5.1.6 Maintain all data obtained pursuant to this Agreement in a secure computer environment and not copy, reproduce or transmit data obtained pursuant to this Agreement except as necessary to fulfill the purpose of this Agreement. All copies of data of any type, including any modifications or additions to data from any source that contains information regarding students, are subject to the provisions of this Agreement in the same manner as the original data. The ability to access or maintain data under this Agreement shall not under any circumstances transfer from Contractor to any other institution or entity;
5.1.7 Destroy or return all personally identifiable information obtained under this Agreement when it is no longer needed for the purpose for which it was obtained no later than 60 days after it is no longer needed. In the event Contractor destroys the PII, Contractor shall provide the District with certification of such destruction. Failure to return or destroy the PII will preclude Contractor from accessing personally identifiable student information for at least five years as provided for in 34 C.F.R. section 99.31(a)(6)(iv).
5.2 If Contractor is an operator of an Internet website, online service, online application, or mobile application, Contractor shall comply with the requirements of California Business and Professions Code section 22584 and District policy as follows:
5.2.1 Contractor shall not (i) knowingly engage in targeted advertising on the Contractor’s site, service or application to District students or their parents or legal guardians; (ii) use PII to amass a profile about a District student; (iii) sell information, including PII; or (iv) disclose PII without the District’s written permission.
5.2.2 Contractor will store and process District Data in accordance with commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved. Without limiting the foregoing, Contractor warrants that all electronic District Data will be encrypted in transmission using SSL [(Secure Sockets Layer)] [or insert other encrypting mechanism] (including via web interface) [and stored at no less than 128-bit level encryption]. “Encryption” means a technology or methodology that utilizes an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key, and such confidential process or key that might enable decryption has not been breached, and shall have the meaning given to such term under HIPAA and HIPAA Regulations, including 45 CFR §164.304.. DocuSign Envelope ID: 57FE9282-E46A-43D1-831B-4F549CBE8B96
Appears in 1 contract
Samples: Information Technology Service and Support Agreement
