Common use of DISTRICT DUTIES Clause in Contracts

DISTRICT DUTIES. 4.1 The District will provide student data in compliance with the Family Educational Rights and Privacy Act (“FERPA”), 20 U.S.C. section 1232g and 34 C.F.R. 99, and California Education Code sections 49060-49085. 4.2 The District will provide the following student data to the Contractor: 5.1 The Contractor will perform the following duties in regard to any student data it obtains: 5.1.1 Not disclose the information to any other party without the consent of the parent or eligible student; 5.1.2 Use the data for no purpose other than the work stated in this Agreement; 5.1.3 Allow the District access to any relevant records for purposes of completing authorized audits; 5.1.4 Require all employees, contractors and agents of any kind to comply with all applicable provisions of FERPA and other federal and California laws with respect to the data shared under this Agreement, as evidenced by each employee, contractor, or agent of any kind who will receive pupil record information completing Attachment A, Student Record Confidentiality and Re-Disclosure Agreement, attached hereto and incorporated by reference herein; 5.1.5 Designate in writing a single authorized representative able to request data under this Agreement. The authorized representative shall be responsible for transmitting all data requests and maintaining a log or other record of all data requested and received pursuant to this Agreement, including confirmation of the completion of any projects and the return or destruction of data as required by this Agreement. District or its agents may, upon request, review the records required to be kept under this section; 5.1.6 Maintain all data obtained pursuant to this Agreement in a secure computer environment and not copy, reproduce or transmit data obtained pursuant to this Agreement except as necessary to fulfill the purpose of this Agreement. All copies of data of any type, including any modifications or additions to data from any source that contains information regarding students, are subject to the provisions of this Agreement in the same manner as the original data. The ability to access or maintain data under this Agreement shall not under any circumstances transfer from Contractor to any other institution or entity; 5.1.7 Destroy or return all personally identifiable information obtained under this Agreement when it is no longer needed for the purpose for which it was obtained no later than 60 days after it is no longer needed. In the event Contractor destroys the PII, Contractor shall provide the District with certification of such destruction. Failure to return or destroy the PII will preclude Contractor from accessing personally identifiable student information for at least five years as provided for in 34 C.F.R. section 99.31(a)(6)(iv). 5.2 Contractor shall comply with the requirements of District policy as follows: 5.2.1 Contractor shall not (i) knowingly engage in targeted advertising on the Contractor’s site, service or application to District students or their parents or legal guardians; (ii) use PII to amass a profile about a District student; (iii) sell information, including PII; or (iv) disclose PII without the District’s written permission. 5.2.2 Contractor will store and process District Data in accordance with commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved. Without limiting the foregoing, Contractor warrants that all electronic District Data will be encrypted in transmission using SSL [(Secure Sockets Layer)] [or insert other encrypting mechanism] (including via web interface) [and stored at no less than 128-bit level encryption]. “Encryption” means a technology or methodology that utilizes an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key, and such confidential process or key that might enable decryption has not been breached, and shall have the meaning given to such term under HIPAA and HIPAA Regulations, including 45 CFR §164.304.

DISTRICT DUTIES. 4.1 The District will provide student data in compliance with the Family Educational Rights and Privacy Act (“FERPA”), 20 U.S.C. section 1232g and 34 C.F.R. Part 99, and California Education Code sections 49060-49085. 4.2 The District will provide the following student data to the Contractor: 5.1 The Contractor will perform the following duties in regard to any student data it obtains: 5.1.1 Not disclose the information to any other party without the consent of the parent or eligible student; 5.1.2 Use the data for no purpose other than the work stated in this Agreement; 5.1.3 Allow the District access to any relevant records for purposes of completing authorized audits; 5.1.4 Require all employees, contractors and agents of any kind to comply with all applicable provisions of FERPA and other federal and California laws with respect to the data shared under this Agreement, as evidenced by each employee, contractor, or agent of any kind who will receive pupil record information completing Attachment A, Student Record Confidentiality and Re-Disclosure Agreement, attached hereto and incorporated by reference herein; 5.1.5 Designate in writing a single authorized representative able to request data under this Agreement. The authorized representative shall be responsible for transmitting all data requests and maintaining a log or other record of all data requested and received pursuant to this Agreement, including confirmation of the completion of any projects and the return or destruction of data as required by this Agreement. District or its agents may, upon request, review the records required to be kept under this section; 5.1.6 Maintain all data obtained pursuant to this Agreement in a secure computer environment and not copy, reproduce or transmit data obtained pursuant to this Agreement except as necessary to fulfill the purpose of this Agreement. All copies of data of any type, including any modifications or additions to data from any source that contains information regarding students, are subject to the provisions of this Agreement in the same manner as the original data. The ability to access or maintain data under this Agreement shall not under any circumstances transfer from Contractor to any other institution or entity; 5.1.7 Destroy or return all personally identifiable information obtained under this Agreement when it is no longer needed for the purpose for which it was obtained no later than 60 days after it is no longer needed. In the event Contractor destroys the PII, Contractor shall provide the District with certification of such destruction. Failure to return or destroy the PII will preclude Contractor from accessing personally identifiable student information for at least five years as provided for in 34 C.F.R. section 99.31(a)(6)(iv). 5.2 Contractor shall comply with the requirements of District policy as follows: 5.2.1 Contractor shall not (i) knowingly engage in targeted advertising on the Contractor’s site, service or application to District students or their parents or legal guardians; (ii) use PII to amass a profile about a District student; (iii) sell information, including PII; or (iv) disclose PII without the District’s written permission. 5.2.2 Contractor will store and process District Data in accordance with commercial best practices, including appropriate administrative, physical, and technical safeguards, to secure such data from unauthorized access, disclosure, alteration, and use. Such measures will be no less protective than those used to secure Contractor’s own data of a similar type, and in no event less than reasonable in view of the type and nature of the data involved. Without limiting the foregoing, Contractor warrants that all electronic District Data will be encrypted in transmission using SSL [(Secure Sockets Layer)] [or insert other encrypting mechanism] (including via web interface) [and stored at no less than 128-bit level encryption]. “Encryption” means a technology or methodology that utilizes an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key, and such confidential process or key that might enable decryption has not been breached, and shall have the meaning given to such term under HIPAA and HIPAA Regulations, including 45 CFR §164.304.