Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release. (b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell). (c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions. (d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees. (e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following: (1) A student's personally identifiable information cannot be sold or released for any commercial purposes. (2) Parents have the right to inspect and review the complete contents of their child's education record. (3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred. (4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. (5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations. b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations. c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs. d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 2 contracts
Samples: Master License and Service Agreement, Data Sharing and Confidentiality Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxxx Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 CTO 5/8/2023 ERIE 1 BOCES AND EDPUZZLE, INC. [ AMERICAN READING COMPANY] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. [ American Reading Company] which governs the availability to Participating Educational Agencies of the following Product(s): [ SchoolPace®/eLibraries/SchoolPace Connect®/eBundles] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 2 contracts
Samples: Master License and Services Agreement, Data Sharing and Confidentiality Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.xxxxx.xxx/data-privacy-security/ student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzleHapara, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 2 contracts
Samples: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor LINCOLN LIBRARY PRESS shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor LINCOLN LIBRARY PRESS has discovered or been informed of the breach or unauthorized release.
(b) Vendor LINCOLN LIBRARY PRESS will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxxxx Xxxxx directly by email at xxxxx@x0x.xxx, Xxxxxxx.xxxxx@xxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor LINCOLN LIBRARY PRESS will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the General Counsel or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor LINCOLN LIBRARY PRESS discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor LINCOLN LIBRARY PRESS has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor LINCOLN LIBRARY PRESS representatives who can assist affected individuals that may have additional questions.
(d) Vendor LINCOLN LIBRARY PRESS acknowledges that upon initial notification from VendorLINCOLN LIBRARY PRESS, Erie 1 BOCES, as the educational agency with which Vendor LINCOLN LIBRARY PRESS contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor LINCOLN LIBRARY PRESS shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor LINCOLN LIBRARY PRESS directly or requests more information from Vendor LINCOLN LIBRARY PRESS regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor LINCOLN LIBRARY PRESS will promptly inform Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees.
(e) Vendor LINCOLN LIBRARY PRESS will consult directly with Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 Vice President BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleLINCOLN LIBRARY PRESS (“LINCOLN LIBRARY PRESS”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.):
Appears in 2 contracts
Samples: Master License and Service Agreement, Data Sharing and Confidentiality Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor Xxxxxxx shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor Xxxxxxx has discovered or been informed of the breach or unauthorized release.
(b) Vendor Xxxxxxx will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email the BOCES Data Privacy Officer, at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)xxxxxxx.xxxxx@xxxxx.xxx.
(c) Vendor Xxxxxxx will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer (DPO) or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor Xxxxxxx discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor Xxxxxxx has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor Xxxxxxx representatives who can assist affected individuals that may have additional questions.
(d) Vendor Xxxxxxx acknowledges that upon initial notification from VendorXxxxxxx, Erie 1 BOCES, as the educational agency with which Vendor Xxxxxxx contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor Xxxxxxx shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor Xxxxxxx directly or requests more information from Vendor Xxxxxxx regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor Xxxxxxx will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees.
(e) Vendor Xxxxxxx will consult directly with Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 E-SIGNED by Xxxxxx Xxxxxx SVP Technology Platforms T0i6t-l2e6-2020 18:13:45 GMT Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's ’s education record, including any student data maintained by the Capital Region BOCES. This right of inspection of records is consistent with the federal Family Educational Rights and Privacy Act (FERPA). Under the more recently adopted regulations (Education Law §2-d), the rights of inspection are extended to include data, meaning parents have the right to inspect or receive copies of any data in their child’s educational record. The New York State Education Department (SED) will develop further policies and procedures related to these rights in the future. Requests to inspect and review a child’s education record should be directed to: Data Privacy Officer, xxxxxxx.xxxxx@xxxxx.xxx, 000 Xxxxxxxxxx-Xxxxxx Xxxx, Xxxxxx, XX 00000.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 _E_-_S__IG__N_E__D__b_y__G_e_o__rg_e__G__a_t_s_is___ Signature SVP Technology Platforms _0__6_-_2_6_-_2__0_2_0__1_8__:1__3_:_4_9__G__M__T__ BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleXxxxxxx (“Xxxxxxx”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to VendorXxxxxxx, and Vendor Xxxxxxx will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to . Xxxxxxx agrees that it will not use the Protected Data for any such disclosure, other purposes not explicitly authorized in the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for AGREEMENT. Protected Data received by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational AgencyXxxxxxx, or upon termination any of the MLSA prior to expiration and written request by any Participating Educational AgencyXxxxxxx’X subcontractors, or at any point upon written request by a Participating Educational Agencyassignees, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 2 contracts
Samples: Data Privacy Agreement, Data Privacy Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any confirmed breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's ’s personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's ’s education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Xxx Xxxx VP Global Controller 7/5/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzleRenaissance Learning, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Star Reading, Star Math, Star Early Literacy, Star 360, Star Custom, Star Elementary Suite, Star CBM Math, Star CBM Reading, Star CBM Lectura, myIGDIs, Accelerated Reader, myON, myON News, myON Publisher, Freckle ELA, Freckle Math, Freckle Science, Freckle Social Studies, Lalilo, FastBridge, SAEBRs, Renaissance Web Platform Services, Renaissance Data Integration Services, Custom Report Services, Renaissance professional development, and any products acquired by Vendor during the Term Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 2 contracts
Samples: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall will promptly notify Erie 1 BOCES the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES the District by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).contacting: Xx. Xxxxxxx Xxxxxxxxxx
(c) Vendor will cooperate with Erie 1 BOCES the District and provide as much information as reasonably possible directly to Xxxxxxxx Xxxx-Xxxxx Xxxxxxx Xxxxxxxxxx or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, the Participating Educational Agencies schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx Xxxxxxx Xxxxxxxxxx or his/her designeesdesignee.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 2 contracts
Samples: Vendor Data Sharing and Confidentiality Agreement, Vendor Data Sharing and Confidentiality Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email the BOCES Data Protection Officer, at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)xxx@xxxxx.xxx.
(c) Vendor will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer (DPO) or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 _A_s__s_o_c_i_a_te__G__e_n__e_r_a_l _C__o_u_n_s_e__l,_C_ IPP/US TEintclyeclopaedia Britannica, Inc. _F_e__b_r_u_a_r_y__3_,_2_0__2_1___&__a_f_fir_m__ed__o_n March 9, 2021 Parents’ Bill of Rights for Data Security and Privacy Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's ’s education record, including any student data maintained by the Capital Region BOCES. This right of inspection of records is consistent with the federal Family Educational Rights and Privacy Act (FERPA). Under the more recently adopted regulations (Education Law §2-d), the rights of inspection are extended to include data, meaning parents have the right to inspect or receive copies of any data in their child’s educational record. The New York State Education Department (SED) will develop further policies and procedures related to these rights in the future. Requests to inspect and review a child’s education record should be directed to: Data Protection Officer, xxx@xxxxx.xxx, 000 Xxxxxxxxxx-Xxxxxx Xxxx, Xxxxxx, XX 00000.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE_A_s__s_o_c_i_a_te__G__e_n__e_r_a_l _C__o_u_n_s_e__l,_C_ IPP/US TEintclyeclopaedia Britannica, INC. Erie 1 Inc. _F_e__b_r_u_a_r_y__3_,_2_0__2_1___&__M_a_r_c_h_9_,_2_021 Date BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleVendor (“Vendor”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. . To enable Encyclopaedia Britannica, Inc. to provide the online, institutional subscription-based products and services subscribed-to by BOCES in the manner described and as intended for use by BOCES and its users. Vendor shall ensure thatagrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by Vendor, prior to or any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1subcontractors, 2023 and expires on June 30assignees, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 2 contracts
Samples: Data Privacy Agreement, Data Privacy Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 Xxxx Xxxxxxxx Senior Director, Legal 6/7/2023 ERIE 1 BOCES AND EDPUZZLE, INC. BRAINPOP LLC Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. BrainPOP LLC which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Samples: Master License and Service Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 Room863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education StateEducation Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosurexxxx://xxx.xxxxx.xxx/data- privacy-security/report-improper-disclosure. Xxxx Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Xxxxx 9/6/2024 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. GENIALLY LLC which governs the availability to Participating Educational Agencies of the following Product(s): Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Genially LLC which governs the availability to Participating Educational Agencies of the following Product(s): Software services Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but . will not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agencybe sold, or upon termination of the MLSA prior to expiration and written request by released or used for any Participating Educational Agency, commercial or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES RIC or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.following
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).. DocuSign Envelope ID: 1BF793A8-A306-4827-A50B-EB4AFCC1DD9E
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosurexxxx://xxx.xxxxx.xxx/data-privacy-security/report- improper-disclosure. Xxxxx Xxxxxxx Signature Xxxxxx Xxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. CEO 2/28/2024 DocuSign Envelope ID: 1BF793A8-A306-4827-A50B-EB4AFCC1DD9E Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzleTools for Schools, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES RIC or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Signature Printed Name Security & Infrastructure Title 8/31/2023 Xxxxxx Xxxxx ERIE 1 BOCES AND EDPUZZLE, INC. [ LINKIT!] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. [LinkIt!] which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. . Oversight of Subcontractors: In the event that Vendor shall ensure thatengages subcontractors, prior assignees, or other authorized agents to perform one or more of its obligations under the MLSA (including any such disclosurehosting service provider), it will require those to whom it discloses Protected Data to execute legally binding agreements acknowledging the assignee, agent or subcontractor receiving data has agreed in writing obligation under Section 2-d of the New York State Education Law to comply with the same data protection obligations consistent with those security and privacy standards required of Vendor under the MLSA and applicable to Edpuzzle under applicable laws state and regulations.
b. federal law. Vendor shall assess will ensure that such subcontractors, assignees, or other authorized agents abide by the provisions of these agreements by: Vendors that receive PII will address statutory and regulatory data privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable requirements. Additional information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration subscontractors can be found in “Supply Chain Risk Management” section of the MLSA without renewal Data Security and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for VendorPrivacy Plan on page 23.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES and Participating Educational Agencies in writing of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the determined athe breach or unauthorized releaserelease has occured.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and the impacted Participating Educational Agencies, and will also provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxx- Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.following
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall will promptly notify Erie 1 BOCES the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES the District by contacting Xxxxxxxx contacting: Name of Contact: Xxxx Bay Title: _DPO School/District Name: _Prattsburgh CSD Address: _0 Xxxxxxx Xxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx/Xxxxx/Xxx: _Xxxxxxxxxxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).XX 00000 Email: _xxx@xxxxxxxxxxxxxx.xxx
(c) Vendor will cooperate with Erie 1 BOCES the District and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx District Contact, as specified in section (b), above, or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, the Participating Educational Agencies schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designeesthe District, so long as legally permitted to do so.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Samples: Terms and Conditions Supplement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall will promptly notify Erie 1 BOCES the District of any confirmed breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed confirmation of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES the District by contacting Xxxxxxxx Xxxx-the Data Privacy Officer, Xxxxx Xxxxxxx directly by email at xxxxx@x0x.xxx, xxxxxxxx@xxxxxxxxxxxxxxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)0000.
(c) Vendor will cooperate with Erie 1 BOCES the District and provide as much information as possible directly to Xxxxxxxx Xxxx-the Data Privacy Officer, Xxxxx Xxxxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, the Participating Educational Agencies schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-the Data Privacy Officer, Xxxxx Xxxxxxx or her designeesdesignee.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx Except as otherwise required by law or her designees prior to providing any further notice of agreed in writing between the incident (written parties and excluding Student Data or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing that belongs to the Office of Information & Reporting ServicesDistrict, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have all information provided by Vendor to the right District pursuant to have complaints about possible breaches of student data addressedthis Agreement shall be treated as Vendor’s confidential information. Complaints should be directed The District agrees that it will disclose such information only to such parties that the District determines are necessary to assist it in its review and require such parties to enter into non-disclosure agreements or otherwise agree in writing to maintain its confidentiality. To the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected extent permitted by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosurelaw, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulationsDistrict will withhold such information from public disclosure.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA000 XXX, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosurexxxx://xxx.xxxxx.xxx/data-privacy-security/report- improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Xxxxxxxxxx CFO 6/28/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. Imagine Learning LLC which governs the availability to Participating Educational Agencies of the following Product(s): [Imagine Español, Imagine Language & Literacy, Imagine Math, Imagine Math Facts, MyPath, Pathblazer, and Social Emotional Learning (SEL) by Purpose Prep] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-2- d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 5/25/2023 ERIE 1 BOCES AND EDPUZZLE, [ACCELERATE LEARNING INC. .] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. [Accelerate Learning Inc.] which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2xxxx://xxx.xxxxx.xxx/data-privacy-security/report- improper-d of the New York State Education Law (“Protected Data”)disclosure.
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 XXXX BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 XXXX BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 XXXX BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 XXXX BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 XXXX BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 XXXX BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 XXXX BOCES AND EDPUZZLE, INC. Erie 1 [NAME OF VENDOR] XXXX BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. [Name of Vendor] which governs the availability to Participating Educational Agencies of the following Product(s): [list Product(s) from Vendor] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure _VP, School Sales Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. 5/10/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle[Xxxx, Inc. part of Cengage Learning, Inc.] which governs the availability to Participating Educational Agencies of the following Product(s): Miss Humblebees Academy Xxxx Interactive Science IMAGO Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES and Participating Educational Agencies in writing of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of determined a the breach or unauthorized releaserelease has occurred.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and the impacted Participating Educational Agencies, and will also provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxx- Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLEXxx Xxxx VP, INC. Bids and Proposals Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. Learning A-Z which governs the availability to Participating Educational Agencies of the following Product(s): Raz-Plus Reading A-Z Raz-Kids ELL Edition Connected Classroom Science A-Z Vocabulary A-Z Raz-Plus + ELL Edition Foundations A-Z Writing A-Z Espanol Add-on Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email the BOCES Data Protection Officer, at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)xxx@xxxxx.xxx.
(c) Vendor will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer (DPO) or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's ’s education record, including any student data maintained by the Capital Region BOCES. This right of inspection of records is consistent with the federal Family Educational Rights and Privacy Act (FERPA). Under the more recently adopted regulations (Education Law §2-d), the rights of inspection are extended to include data, meaning parents have the right to inspect or receive copies of any data in their child’s educational record. The New York State Education Department (SED) will develop further policies and procedures related to these rights in the future. Requests to inspect and review a child’s education record should be directed to: Data Protection Officer, xxx@xxxxx.xxx, 000 Xxxxxxxxxx-Xxxxxx Xxxx, Xxxxxx, XX 00000.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleVendor (“Vendor”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. . Vendor shall ensure thatagrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by Vendor, prior to or any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1subcontractors, 2023 and expires on June 30assignees, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 1 contract
Samples: Data Privacy Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES the District of any breach of security resulting in a Breach or unauthorized release Unauthorized Release of Protected Data by Vendor or its assignees (an “Incident”) in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed the discovery of such Incident. Such required notifications shall be clear, concise, use language that is plain and easy to understand, and to the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxxextent available, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited toinclude: a brief description of the incident, Incident; the dates of the Incident and the date of the incidentdiscovery, the date Vendor discovered or was informed of the incident, if known; a description of the types of personally identifiable information involved, Protected Data affected; an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done ; a brief description of Vendor’s investigation or plans plan to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, investigate; and contact information for Vendor representatives who can assist affected individuals Parents or Eligible Students that may have additional questions. Vendor will provide such notification to the District by contacting Xxxxx Xxxxx, Data Protection Officer directly by email at xxxxxx@xxxxxxxxxxxxxx.xxx or by calling (000)000-0000 x 000.
(b) Vendor will cooperate with the District and law enforcement to protect the integrity of investigations into the Incident.
(c) Where an Incident is attributable to Vendor, Vendor shall pay or promptly reimburse the District for the full cost of any notifications required to be given by the District under NY 2-d to affected Parents, Eligible Students, teachers, and/or principals.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency Educational Agency with which Vendor contracts, has an obligation under Section NY 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident Incident after having been initially informed of the incident Incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer listed in subsection (a) above or his/her designeesdesignee.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA000 XXX, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.Education
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. 5/22/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzleCurriculum Associates, Inc. LLC which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● . • The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● • Upon expiration of the MLSA without renewal and written request by any Participating Educational AgencyErie 1 BOCES, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational AgencyErie 1 BOCES, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In Data with the absence exception of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collectedbackups, which will be deemed to occur upon eighteen (18) months of end-user account inactivityare automatically deleted over time in accordance with Vendor’s data retention and destruction policies. If requested in writing by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected DataAgency, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency, with the exception of backups as noted above. Regarding exportable or retrievable data• In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), teachers/staff of a Participating Educational Agency the Vendor will have cooperate with Erie 1 BOCES as necessary to transition Protected Data to the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point successor Vendor prior to deletion deletion. • Neither Vendor nor any of accountsits subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. It is not possible Upon request, Vendor and/or its subcontractors or other authorized persons or entities to export or retrieve data whom it has disclosed Protected Data, as applicable, will provide Erie 1 BOCES with a certification from an appropriate officer that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendorthese requirements have been satisfied in full.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Xxxxxx Xxxxxx National Head of Sales and Customer Engagement 6/7/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. Connections Education LLC dba Xxxxxxx Virtual Schools USA which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx BY THE VENDOR: Signature Xxxxxx Xxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. _Head of Sales 6/7/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzlexXxxxx.xxx, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Tutoring Special Education Homework Help Advanced, Advanced Placement, College Level, IB Direct Instruction-Homebound Interpreters (In Session Interpreter) Direct Instruction-Credit Recovery Co Teaching Direct Instruction-School Collaborator Educator Prep Fee (1 hour of prep for 4 hours of purchased instruction) Virtual Suspension Classroom - AP or SWD (SPED) Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.xxxxx.xxx/data-privacy-security/student-data- inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. CHARMTECH LABS LLC Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. Charmtech Labs LLC which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES RIC or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosurexxxx://xxx.xxxxx.xxx/data-privacy- security/report-improper-disclosure. Xxxxx _Molly X. Xxxxxxx/ Xxxxxxx Xxxxxxx III Printed Name Security & Infrastructure Title 8/31/2023 5/15/2023 ERIE 1 BOCES AND EDPUZZLELINSTAR, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. McGraw Hill LLC which governs the availability to Participating Educational Agencies of the following Product(s): [list Product(s) from Vendor] StudySync, IMPACT Social Studies, Networks, Redbird Mathematics, ALEKS, Wonders, Open Court Reading, Achieve3000 Math, Achieve3000 Literacy with Boost (formerly Boost, Access and Espanol), Achieve3000 Literacy Intensive, Smarty Ants, and Actively Learn Prime and Unlimited Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that. McGraw Hill engages with subcontractors, prior such as cloud storage vendors, to any assist with providing certain aspects of our platforms to customers. Any such disclosuresubcontractors are limited to receipt and use of only the personal information required to assist with providing, maintaining, or improving the assigneeservice, agent or subcontractor receiving data has agreed in writing and limited to comply with data protection obligations consistent with using the personal information solely for those applicable specific purposes. Our subcontractors are contractually bound to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the uphold our standards of privacy and data security policies including the commitments of this MLSA and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO applicable state and NIST regulationsfederal law.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor LINCOLN LIBRARY PRESS shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor LINCOLN LIBRARY PRESS has discovered or been informed of the breach or unauthorized release.
(b) Vendor LINCOLN LIBRARY PRESS will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxxxx Xxxxx directly by email at xxxxx@x0x.xxx, Xxxxxxx.xxxxx@xxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor LINCOLN LIBRARY PRESS will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the General Counsel or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor LINCOLN LIBRARY PRESS discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor LINCOLN LIBRARY PRESS has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor LINCOLN LIBRARY PRESS representatives who can assist affected individuals that may have additional questions.
(d) Vendor LINCOLN LIBRARY PRESS acknowledges that upon initial notification from VendorLINCOLN LIBRARY PRESS, Erie 1 BOCES, as the educational agency with which Vendor LINCOLN LIBRARY PRESS contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor LINCOLN LIBRARY PRESS shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor LINCOLN LIBRARY PRESS directly or requests more information from Vendor LINCOLN LIBRARY PRESS regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor LINCOLN LIBRARY PRESS will promptly inform Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees.
(e) Vendor LINCOLN LIBRARY PRESS will consult directly with Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 Vice President BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleLINCOLN LIBRARY PRESS (“LINCOLN LIBRARY PRESS”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.):
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall will promptly notify Erie 1 BOCES the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES the District by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxxcontacting: Name of Contact: Xxxxxxxxxxx Xxxxxxx Title: Director of Technology School/District Name: Valley Stream District 30 Address: 000 Xxxxxxxxxx Xxx. City/State/Zip: Valley Stream, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).NY 11580 Email: xxxxxxxx@xx00.xxx
(c) Vendor will cooperate with Erie 1 BOCES the District and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx District Contact, as specified in section (b), above, or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, the Participating Educational Agencies schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designeesthe District, so long as legally permitted to do so.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Samples: Terms and Conditions Supplement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. EXHIBIT D (CONTINUED) Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLEXxxxxx Senior VP, INC. Finance April 15, 2024 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzleAmplify Education, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Amplify Science, mCLASS with DIBELS 8th Edition, Boost Reading, Boost Lectura Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that. hosting service provider), prior it will require those to any such disclosure, whom it discloses Protected Data to execute legallybindingagreementsacknowledgingtheobligation under Section 2-d of the assignee, agent or subcontractor receiving data has agreed in writing New York State Education Law to comply with the same data protection obligations consistent with those security and privacy standards required of Vendor under the MLSA and applicable to Edpuzzle under applicable laws state and regulations.
b. federal law. Vendor shall assess the privacy and security policies and practices of third-party service providers to will ensure that such third-party service providers comply with best industry standardssubcontractors, includingassignees, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for or other authorized agents abide by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration provisions of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, these agreements by: Vendor will securely delete or otherwise destroy any and requires all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons with access to student, teacher, or entities principal data to whom it has disclosed Protected Dataagree in writing to abide by all applicable state and federal laws and regulations. In Additionally, as between Vendor and the absence of a written requesteducational agency, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed takes full responsibility for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months actions of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendorparties.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 9/15/2023 ERIE 1 BOCES AND EDPUZZLEWORLD BOOK, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzleWorld Book, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.seven
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email the BOCES Data Protection Officer, at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)xxx@xxxxx.xxx.
(c) Vendor will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer (DPO) or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d 2d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Head of Legal, _D_a__ta__P__ro__te__c_ti_o_n__O__ff_ic__e_r_______ _0_4__/_2__9__/ _2_0_2__1 Date AlbanySchoharieSchenectadySaratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § 2-dSection 2d. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's ’s education record, including any student data maintained by the Capital Region BOCES. This right of inspection of records is consistent with the federal Family Educational Rights and Privacy Act (FERPA). Under the more recently adopted regulations (Education Law §2d), the rights of inspection are extended to include data, meaning parents have the right to inspect or receive copies of any data in their child’s educational record. The New York State Education Department (SED) will develop further policies and procedures related to these rights in the future. Requests to inspect and review a child’s education record should be directed to: Data Protection Officer, xxx@xxxxx.xxx, 000 XxxxxxxxxxXxxxxx Xxxx, Xxxxxx, XX 00000.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 Head of Legal, _D__a_ta__P__r_o_te__c_ti_o_n__O__ff_i_c_e_r_______ _0_4__/_2_9__/__2_0_2_1_________________ Date AlbanySchoharieSchenectadySaratoga BOCES AND EDPUZZLE, INC. Erie 1 Vendor BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleVendor (“Vendor”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Edpuzzle Instructional Service, accessible through Contractor's website (xxx.xxxxxxxx.xxx), student mobile applications (iOS and Android) and, eventually, through the compatible learning Management System(s) (LMS) with which Edpuzzle may be integrated with, such as, but not limited to, Canvas, Blackbaud or Moodle. Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d 2d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Samples: Data Privacy Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Signature Xxxxx Xxxxxxx Daily Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. President 6/1/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. Educere LLC which governs the availability to Participating Educational Agencies of the following Product(s): Distance Education Courses Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall will promptly notify Erie 1 BOCES the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES the District by contacting Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer directly by email at xxxxx@x0x.xxx, xxxxxxxx.xxxxxxx@xxxxxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)000-0000.
(c) Vendor will cooperate with Erie 1 BOCES the District and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, the Participating Educational Agencies schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx the Technology Coordinator or his/her designeesdesignee.
(e) Vendor will consult directly cooperate with Xxxxxxxx Xxxx-Xxxxx the District and law enforced to protect the integrity of investigations into the breach or her designees prior to providing any further notice unauthorized release of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal protected data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2f) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receivepay for or promptly reimburse the District for the full cost of notification, personally identifiable information about students, or teachers and principals, that in the event the District is protected by required under Section 2-d to notify affected parents, student, teachers or principals of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure thata breach or unauthorized release of protected data attributed to Vendor, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendorassignees.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall will promptly notify Erie 1 BOCES the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES the District by contacting Xxxxxxxx Xxxx-Xxxxx Western, Lowville Academy and Central School’s Data Protection Officer, directly by email at xxxxx@x0x.xxx, xxxxxxxx@xxxxxxxxxxxxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)000-0000.
(c) Vendor will cooperate with Erie 1 BOCES the District and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx Western, Lowville Academy and Central School’s Data Protection Officer, or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, the Participating Educational Agencies schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information CenterWestern, Lowville Academy and Central School’s Data Protection Officer, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposeshis/her designee.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor PROQUEST shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor PROQUEST has discovered or been informed of the breach or unauthorized release.
(b) Vendor PROQUEST will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxxxx Xxxxx directly by email at xxxxx@x0x.xxx, Xxxxxxx.xxxxx@xxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor PROQUEST will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the General Counsel or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor PROQUEST discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor PROQUEST has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor PROQUEST representatives who can assist affected individuals that may have additional questions.
(d) Vendor PROQUEST acknowledges that upon initial notification from VendorPROQUEST, Erie 1 BOCES, as the educational agency with which Vendor PROQUEST contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor PROQUEST shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor PROQUEST directly or requests more information from Vendor PROQUEST regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor PROQUEST will promptly inform Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees.
(e) Vendor PROQUEST will consult directly with Xxxxxxxx Xxxx-Xxxxx BOCES’ General Counsel or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Signature: Name: Title: Date: Signature: Xxxx Xxxxxxx Name: Dir, Cust Service and Govt Contracts Title: Date: 30 June 2020 Exhibit __1___ (continued) Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLEDir, INC. Erie 1 Cust Service and Govt Contracts _______3_0___J_u_n_e___2_0_2_0__________ Exhibit __1___ (continued) BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzlePROQUEST (“PROQUEST”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Statistical Abstract of the United States Online Education ProQuest Research Companion eLibrary Curriculum Edition* Culturegrams Online* PQ Learning Literature SIRS Researcher* SIRS Discoverer* HNP New York Times HNP Hartford Courant * Product may be accessed through PROQUEST’s student interface. No personal information is collected from individual users when the products is accessed through the student interface. Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to VendorPROQUEST, and Vendor will PROQUEST may receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior . The exclusive purpose for which PROQUEST is being provided access to any such disclosure, Protected Data is to provide Participating Educational Agencies with the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration functionality of the MLSA without renewal and written request Product(s) listed above. PROQUEST agrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by any Participating Educational AgencyPROQUEST, or upon termination any of the MLSA prior to expiration and written request by any Participating Educational AgencyPROQUEST’s subcontractors, or at any point upon written request by a Participating Educational Agencyassignees, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. _Xxxxx Xxxxxxx Xxxxxxxxx Printed Name Security & Infrastructure _Chief of Staff Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.7/13/2023
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor ARCADEMICS shall promptly notify Erie 1 BOCES of any breach or unauthorized release ARCADEMICS of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor ARCADEMICS has discovered or been informed of the breach or unauthorized releaserelease ARCADEMICS.
(b) Vendor ARCADEMICS will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email the BOCES Data Protection Officer, at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)xxx@xxxxx.xxx.
(c) Vendor ARCADEMICS will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer (DPO) or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor ARCADEMICS discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor ARCADEMICS has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release ARCADEMICS of Protected Data, and contact information for Vendor ARCADEMICS representatives who can assist affected individuals that may have additional questions.
(d) Vendor ARCADEMICS acknowledges that upon initial notification from VendorARCADEMICS , Erie 1 BOCES, as the educational agency with which Vendor ARCADEMICS contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor ARCADEMICS shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor ARCADEMICS directly or requests more information from Vendor ARCADEMICS regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor ARCADEMICS will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees.
(e) Vendor ARCADEMICS will consult directly with Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 PARENTS’ BILL OF RIGHTS FOR DATA SECURITY AND PRIVACY Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released ARCADEMICS for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's ’s education record, including any student data maintained by the Capital Region BOCES. This right of inspection of records is consistent with the federal Family Educational Rights and Privacy Act (FERPA). Under the more recently adopted regulations (Education Law §2-d), the rights of inspection are extended to include data, meaning parents have the right to inspect or receive copies of any data in their child’s educational record. The New York State Education Department (SED) will develop further policies and procedures related to these rights in the future. Requests to inspect and review a child’s education record should be directed to: Data Protection Officer, xxx@xxxxx.xxx, 000 Xxxxxxxxxx-Xxxxxx Xxxx, Xxxxxx, XX 00000.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleARCADEMICS (“ARCADEMICS”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to VendorARCADEMICS, and Vendor ARCADEMICS will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to . ARCADEMICS agrees that it will not use the Protected Data for any such disclosure, other purposes not explicitly authorized in the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for AGREEMENT. Protected Data received by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational AgencyARCADEMICS , or upon termination any of the MLSA prior to expiration and written request by any Participating Educational AgencyARCADEMICS ’s subcontractors, or at any point upon written request by a Participating Educational Agencyassignees, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released ARCADEMICS or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 1 contract
Samples: Data Privacy Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosurexxxx://xxx.xxxxx.xxx/data- privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security Xxxxxx Founder & Infrastructure Title 8/31/2023 CEO 5/31/2024 ERIE 1 BOCES AND EDPUZZLE, [WAKELET INC. .] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. [Wakelet Inc.] which governs the availability to Participating Educational Agencies of the following Product(s): [Wakelet (Individual Plan)] Bulb (free plan) Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with [Wakelet Inc.] which governs the availability to Participating Educational Agencies of the following Product(s): [Wakelet (Individual Plan) bulb (free plan)] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that. received by Vendor, prior to or any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1subcontractors, 2023 and expires on June 30assignees, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. DocuSign Envelope ID: FAA531A2-A6CC-435C-809E-A4ECFBCEEF44 ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosurexxxx://xxx.xxxxx.xxx/data-privacy-security/report- improper-disclosure. Xxx Xxxxx Xxxxxxx Printed Name Security & Infrastructure Vice President Title 8/31/2023 4/18/2024 DocuSign Envelope ID: FAA531A2-A6CC-435C-809E-A4ECFBCEEF44 ERIE 1 BOCES AND EDPUZZLE, [DELTAMATH SOLUTIONS INC. .] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. [DeltaMath Solutions Inc.] which governs the availability to Participating Educational Agencies of the following Product(s): [DeltaMath PLUS or INTEGRAL site licenses] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with [DeltaMath Solutions Inc. ] which governs the availability to Participating Educational Agencies of the following Product(s): [DeltaMath PLUS or INTEGRAL site licenses ] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. . Please see the following excerpt(s) from our Vendor Management Policy: Third party relationships must be managed by contracts (supplier agreements). These contracts that include the exchange of confidential data must require confidentiality and non-disclosure agreements (NDA) to be executed by the vendor, and shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those identify applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices procedures to which the vendor is subjected, where applicable. Contracts should have standard wording, where there is not a standard MSA or license agreement, and must clearly identify security reporting requirements that stipulate that the vendor is responsible for maintaining the security of third-party service providers to ensure such third-party service providers comply with best industry standardsconfidential data, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Dataunder their control. In the absence event of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for breach of the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months security of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable DeltaMath ’s confidential data, teachersthe vendor is responsible for notifying DeltaMath regarding incident details, recovery and remediation. This may also be executed via a Data Processing Agreement (DPA). Third party access to DeltaMath information shall be granted only after authorization and signing the applicable agreements/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendorcontracts.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES the District of any breach of security resulting in a n Breach or unauthorized release Unauthorized Release of Protected Data by Vendor or its assignees (an “Incident”) in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed the discovery of such Incident. Such required notifications shall be clear, concise, use language that is plain and easy to understand, and to the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxxextent available, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited toinclude: a brief description of the incident, Incident; the dates of the Incident and the date of the incidentdiscovery, the date Vendor discovered or was informed of the incident, if known; a description of the types of personally identifiable information involved, Protected Data affected; an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done ; a brief description of Vendor’s investigation or plans plan to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, investigate; and contact information for Vendor representatives who can assist affected individuals Parents or Eligible Students that may have additional questions. Vendor will provide such notification to the District by contacting Xxxxx Xxxxx, Data Protection Officer directly by email at xxxxxx@xxxxxxxxxxxxxx.xxx or by calling (000)000-0000 x 000.
(b) Vendor will cooperate with the District and law enforcement to protect the integrity of investigations into the Incident.
(c) Where an Incident is attributable to Vendor, Vendor shall pay or promptly reimburse the District for the full cost of any notifications required to be given by the District under NY 2-d to affected Parents, Eligible Students, teachers, and/or principals.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency Educational Agency with which Vendor contracts, has an obligation under Section NY 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident Incident after having been initially informed of the incident Incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer listed in subsection (a) above or his/her designeesdesignee.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email the BOCES Data Protection Officer, at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)xxx@xxxxx.xxx.
(c) Vendor will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer (DPO) or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 _P_r_e_s__id_e__n_t____________________ _1_0_/_2_0__/2_0__2_0___________________ Date Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's ’s education record, including any student data maintained by the Capital Region BOCES. This right of inspection of records is consistent with the federal Family Educational Rights and Privacy Act (FERPA). Under the more recently adopted regulations (Education Law §2-d), the rights of inspection are extended to include data, meaning parents have the right to inspect or receive copies of any data in their child’s educational record. The New York State Education Department (SED) will develop further policies and procedures related to these rights in the future. Requests to inspect and review a child’s education record should be directed to: Data Protection Officer, xxx@xxxxx.xxx, 000 Xxxxxxxxxx-Xxxxxx Xxxx, Xxxxxx, XX 00000.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 _P_r_e_s__id_e__n_t____________________ _1_0_/_2_0__/2_0__2_0___________________ Date BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleVendor (“Vendor”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. . Vendor shall ensure thatagrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by Vendor, prior to or any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1subcontractors, 2023 and expires on June 30assignees, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 1 contract
Samples: Data Privacy & Security
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description and and Microsoft will promptly and without undue delay (1) notify Customer of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to Security Incident; (2) investigate the incident, stop Security Incident and provide Customer with detailed information about the breach Security Incident; (3) take reasonable steps to mitigate the effects and mitigate to minimize any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questionsdamage resulting from the Security Incident.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxx- Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend Erie 1 BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the Erie 1 BOCES wishes wished to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA000 XXX, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosurexxxx://xxx.xxxxx.xxx/data-privacy- security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. MICROSOFT Erie 1 BOCES has entered into a Master License Campus and Service School Agreement (“MLSAAgreement”) with Ed puzzle, Inc. [MICROSOFT] which governs the availability to Participating Educational Agencies of the following Product(s): ):
(3) except as expressly defined in the licensing terms for the corresponding service, any other separately-branded service made available with or connected to Dynamics 365 Core Services. Office 365 Services The following services, each as a standalone service or as included in an Office 365-branded plan or suite: Compliance Manager, Customer Lockbox, Exchange Online Archiving, Exchange Online Protection, Exchange Online, Microsoft Bookings, Microsoft Forms, Microsoft MyAnalytics, Microsoft Planner, Microsoft StaffHub, Microsoft Stream, Microsoft Teams (including Bookings, Lists, and Shifts), Microsoft To-Do, Office 365 Advanced Threat Protection, Office 365 Video, Office for the web, OneDrive for Business, Project (except Roadmap and Project for the web), SharePoint Online, Skype for Business Online, Sway, Whiteboard, Yammer Enterprise and, for Kaizala Pro, Customer’s organizational groups managed through the admin portal and chats between two members of Customer’s organization. Office 365 Services do not include Office 365 ProPlus, any portion of PSTN Services that operate outside of Microsoft’s control, any client software, or any separately branded service made available with an Office 365-branded plan or suite, such as a Bing or a service branded “for Office 365.” Microsoft Azure Core Services API Management, App Service (API Apps, Logic Apps, Mobile Apps, Web Apps), Application Gateway, Application Insights, Automation, Azure Active Directory, Azure Cache for Redis, Azure Container Registry (ACR), Azure Container Service, Azure Cosmos DB (formerly DocumentDB), Azure Database for MySQL, Azure Database for PostgreSQL, Azure Databricks, Azure DevOps Services, Azure DevTest Labs, Azure DNS, Azure Information Protection (including Azure Rights Management), Azure Kubernetes Service, Azure NetApp Files, Azure Resource Manager, Azure Search, Backup, Batch, BizTalk Services, Cloud Services, Computer Vision, Content Moderator, Data Catalog, Data Factory, Data Lake Analytics, Data Lake Store, Event Hubs, Express Route, Face, Functions, HDInsight, Import/Export, IoT Hub, Key Vault, Load Balancer, Log Analytics (formerly Operational Insights), Azure Machine Learning Studio, Media Services, Microsoft Azure Portal, Multi-Factor Authentication, Notification Hubs, Power BI Embedded, QnA Maker, Scheduler, Security Center, Service Bus, Service Fabric, Site Recovery, SQL Data Warehouse, SQL Database, SQL Server Stretch Database, Storage, StorSimple, Stream Analytics, Text Analytics, Traffic Manager, Virtual Machines, Virtual Machine Scale Sets, Virtual Network, and VPN Gateway Microsoft Cloud App Security The cloud service portion of Microsoft Cloud App Security. Microsoft Intune Online Services The cloud service portion of Microsoft Intune such as the Microsoft Intune Add-on Product or a management service provided by Microsoft Intune such as Mobile Device Management for Office 365. Microsoft Power Platform Core Services The following services, each as a standalone service or as included in an Office 365 or Microsoft Dynamics 365 branded plan or suite: Microsoft Power BI, Microsoft Power Apps, and Microsoft Power Automate. Microsoft Power Platform Core Services do not include any client software, including but not limited to Power BI Report Server, the Power BI, PowerApps or Microsoft Power Automate mobile applications, Power BI Desktop, or Power Apps Studio. Microsoft Defender Advanced Threat Protection Services The following cloud service portions of Microsoft Defender Advanced Threat Protection: Attack Surface Reduction, Next Generation Protection, Endpoint Detection & Response, Auto Investigation & Remediation, Threat & Vulnerability Management, SmartScreen. Pursuant to the MLSAAgreement, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for . abide by the MLSA ● The MLSA commences on July 1, 2023 provisions of these agreements and expires on June 30, 2026. ● Upon expiration of is responsible for their performance under the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendoragreement.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 6/8/2023 ERIE 1 BOCES AND EDPUZZLE, [BLOCKSI INC. .] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle[Blocksi, Inc. Inc.] which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx Xxxxxxx Xxxxxxx, Director, Erie 1 BOCES/WNYRIC directly by email at xxxxx@x0x.xxxxxxxxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx Xxxxxxx Xxxxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may Erie 1 BOCES or its Participating Districts if they have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx Xxxxxxx Xxxxxxx or her designeesdesignee.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx Xxxxxxx Xxxxxxx or her designees designee prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the DocuSign Envelope ID: E1A65C28-CCD7-4409-A10A-EADA91528E55 incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. DocuSign Envelope ID: E1A65C28-CCD7-4409-A10A-EADA91528E55 Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. DocuSign Envelope ID: E1A65C28-CCD7-4409-A10A-EADA91528E55 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle[Frontline Technologies Group, Inc. LLC which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 7/20/2023 ERIE 1 BOCES AND EDPUZZLE[Cordance Operations, INC. LLC dba Hapara] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle[Cordance Operations, Inc. LLC dba Hapara] which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.):
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall will promptly notify Erie 1 BOCES the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) . Vendor will provide such notification to Erie 1 BOCES the District by contacting the Xxxxxxxx Xxxx-Xxxxx Central School District’s Data Protection Officer directly by email at xxxxx@x0x.xxx, xxx@xxxxxxxxxxxxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) 0000. Vendor will cooperate with Erie 1 BOCES the District and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx Central School District’s Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, the Participating Educational Agencies schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) . Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx Central School District’s Data Protection Officer or his/her designees.
(e) designee. Additional Statutory and Regulatory Obligations 1 Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at acknowledges that it has the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by additional obligations under Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior with respect to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in received from the possession District, and that any failure to fulfill one or more of Vendor these statutory or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which regulatory obligations will be deemed a breach of the Master Agreement and the terms of this Data Sharing and Confidentiality Agreement: To limit internal access to occur upon eighteen Protected Data to only those employees or subcontractors that are determined to have legitimate educational interests within the meaning of Section 2-d and the Family Educational Rights and Privacy Act (18) months FERPA); i.e., they need access in order to assist Vendor in fulfilling one or more of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior its obligations to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to District under the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for VendorMaster Agreement.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxxxx Xxxxx directly by email at xxxxx@x0x.xxx, Xxxxxxx.xxxxx@xxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the General Counsel or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 _S_a__l_e_s___D_i_r_e__c_t_o_r_____________ _5_/_5_/_2__0_2_0_____________________ Date BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzleAgile Sports Technologies, Inc. (“Vendor”), which governs the availability to Participating Educational Agencies of the following Product(s): [list Product(s) from Vendor] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. . The exclusive purpose for which Vendor shall ensure thatis being provided access to Protected Data is to provide Participating Educational Agencies with the functionality of the Product(s) listed above. Vendor agrees that it will not use the Protected Data for any other purposes not explicitly authorized in the MLSA. Protected Data received by Vendor, prior to or any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1subcontractors, 2023 and expires on June 30assignees, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall will promptly notify Erie 1 BOCES the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven ten (710) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES the District by contacting the Data Privacy Officer, Xxxxxxxx XxxxXxxxxxxx-Xxxxx Xxxxxx directly by email at xxxxx@x0x.xxx, xxxxxxxx@xxxxxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)000-0000.
(c) Vendor will cooperate with Erie 1 BOCES the District and provide as much information as possible directly to the Data Privacy Officer, Xxxxxxxx XxxxXxxxxxxx-Xxxxx Xxxxxx or his/her designee about the incident, to the extent the information is available, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the ofthe incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, ,the Participating Educational Agencies schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the stopthe breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Data Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, Xxxxxxxx Xxxxxxxx-Xxxxxx or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”)his/her designee.
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor DESMOS shall promptly notify Erie 1 BOCES the Green Island Union Free School District of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor DESMOS has discovered or been informed of the breach or unauthorized release.
(b) Vendor DESMOS will provide such notification to Erie 1 BOCES the Green Island Union Free School District by contacting Xxxxxxxx Xxxxthe District Data Privacy Officer, 000-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)by emailing the Data Protection Officer, Xxxxxx Xxxxxxxxxx at xxxxxxxxxxx@xxxxxxxxxxx.xxx .
(c) Vendor DESMOS will cooperate with Erie 1 BOCES the Green Island Union Free School District and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor DESMOS discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor DESMOS has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor DESMOS’s representatives who can assist affected individuals that may have additional questions.
(d) Vendor DESMOS acknowledges that upon initial notification from VendorDESMOS, Erie 1 BOCESGreen Island Union Free School District, as the educational agency with which Vendor DESMOS contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor DESMOS shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor DESMOS directly or requests more information from Vendor DESMOS regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe Green Island Union Free School District, Vendor DESMOS will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees.
(e) Vendor DESMOS will consult directly with Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. BY DESMOS STUDIO PBC: _C__o_n__t_r_a_c_t__A__d_m__i_n__is_t_r_a__to__r___ Title _1_0__/4__/_2_0__2_3___________________ In accordance with New York State Education Law § Section 2-d, the BOCES wishes Green Island Union Free School District hereby sets forth the following Parents’ Bill of Rights for Data Privacy and Security, which is applicable to inform the community of the following:all students and their parents and legal guardians.
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
New York State Education Law Section 2-d and the Family Educational Rights and Privacy Act (2“FERPA”) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards . Safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred
(2) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(3) Personally identifiable information includes, but is not limited to:
i. The student's name;
ii. The name of the student's parent or other family members;
iii. The address of the student or student's family;
iv. A personal identifier, such as the student's social security number, student number, or biometric record;
v. Other indirect identifiers, such as the student's date of birth, place of birth, and mother's maiden name;
vi. Other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty; or
vii. Information requested by a person who the District reasonably believes knows the identity of the student to whom the education record relates.
(4) In accordance with FERPA, Section 2-d and the District’s Policies regarding Student Records, parents have the right to inspect and review the complete contents of their child's education record;
i. Parents may request to inspect records by submitting a written request to District Privacy Officer. Such request may be made by email.
ii. Upon receipt of the request, the District shall schedule a time for the parent to review the student’s records at the appropriate location within a reasonable amount of time, but in no case longer than 45 calendar days from the date of receipt of the request.
iii. Parents may request a copy of their children’s complete educational record. The District may charge a reasonable fee to reproduce such records of $0.25 per page or the cost of any electronic medium required to provide the records.
iv. Parents may request correction of their children’s educational record by submitting a written request to the District Privacy Officer, which includes: the name of the student; the student ID number; a description of the disputed record; and the requested revision. The District shall respond to the parent within 7 days of the request and advise whether the request has been granted and, if not, the reason(s) for the denial of the request.
(5) The Green Island Union Free School District has in place numerous safeguards that meet or exceed industry standards and best practices to protect the personally identifiable information of students. These safeguards, include but are not limited to, encryption, firewalls, and password protection, which must be in place when data is stored or transferred.
(6) New York State, through the New York State Education Department, collects a number of student data elements for authorized uses. A complete list of all student data elements collected by the State is available for public review review, at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.xxxx://xxx.x00.xxxxx.xxx/irs/sirs/2013-14/2013-14SIRSManual9-18-20140725.pdf xxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx
(57) Parents have the right to have submit complaints about possible breaches of student data addressedor teacher or principal APPR data. Complaints should Any such complaint must be directed submitted, in writing to the writing, to: NYS Chief Privacy Officer, Officer New York State Education Department, Department 00 Xxxxxxxxxx XxxxxxXxxxxx Albany, XxxxxxNew York 12234. XXX@xxxx.xxxxx.xxx. For purposes of further ensuring confidentiality and security of student data, Xxx Xxxx 00000as an appendix to the Parents’ Bill of Rights each contract an educational agency enters into with a third-party contractor shall include supplemental information as required by law and shall be conspicuously posted on the District’s website. Complaints may also As used in this Superintendent’s regulation, the following terms shall have the following meanings:
(a) Breach means the unauthorized acquisition, access, use, or disclosure of student data and/or teacher or principal data by or to a person not authorized to acquire, access, use, or receive the student data and/or teacher or principal data.
(b) Chief privacy officer means the chief privacy officer appointed by the commissioner pursuant to Education Law section 2-d.
(c) Commercial or marketing purpose means the sale of student data; or its use or disclosure for purposes of receiving remuneration, whether directly or indirectly; the use of student data for advertising purposes, or to develop, improve or market products or services to students.
(d) Contact or other written agreement means a binding agreement between an educational agency and a third- party, which shall include but not be submitted limited to an agreement created in electronic form and signed with an electronic or digital signature or a click wrap agreement that is used with software licenses, downloaded and/or online applications and transactions for educational technologies and other technologies in which a user must agree to terms and conditions prior to using the form available at product or service.
(e) disclose or disclosure means to permit access to, or the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLErelease, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzletransfer, Inc. which governs the availability to Participating Educational Agencies or other communication of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about studentsby any means, including oral, written, or teachers and principalselectronic, that is protected by Section 2-d of the New York State Education Law (“Protected Data”)whether intended or unintended.
a. Vendor shall ensure that(f) Education records means an education record as defined in the Family Educational Rights and Privacy Act and its implementing regulations, prior to any such disclosure20 U.S.C. 1232g and 34 C.F.R. Part 99, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulationsrespectively.
b. Vendor shall assess (g) Educational agency means a school district, board of cooperative educational services (BOCES), school, or the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulationsdepartment.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs(h) Eligible student means a student who is 18 years or older.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall will promptly notify Erie 1 BOCES the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES the District by contacting Xxxxxxxx Xxxx-Xxxxx directly by contacting: Xx. Xxxxxxx Xxxxxxxxxx Data Privacy Officer Arlington Central School District 000 Xxxx Xxxx Road LaGrangeville,NY 12540 or via email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).xxxxxxxxxxx@xxxxxx.xxx
(c) To the extent legally permissible, Vendor will cooperate with Erie 1 BOCES the District and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx Arlington Central School District Contact or his/her designee about the incident, including but not limited to: , the following (to the extent known): a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, the Participating Educational Agencies schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx Arlington Central School District Contact or his/her designeesdesignee.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. DocuSign Envelope ID: B6BF5A16-E7DD-4DD6-928E-18527A230104 Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Signature Xxxx Xxxx Printed Name Security & Infrastructure Title 8/31/2023 CFO 5/21/2024 DocuSign Envelope ID: B6BF5A16-E7DD-4DD6-928E-18527A230104 ERIE 1 BOCES AND EDPUZZLE, INCD2L LTD. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. D2L Ltd. which governs the availability to Participating Educational Agencies of the following Product(s): ):
1. D2L Brightspace Core Includes: Learning Environment, Portfolio and Learning Object Repository hosted in the cloud. Licensee may also purchase addons to Brightspace Core such as Performance+ and/or Creator+.
a. Basic Support is Included with Brightspace Core, however Licensee can upgrade to Select Support, Plus Support or Platinum Support
2. K-12 Select Implementation - Cost will vary depending on the size of the District/Licensee, but implementation will include Project Plan and full D2L-led implementation including: SSO, SIS integration, 3 party Integrations, Private Training for Admin and Teachers and more Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● . • The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● • Upon expiration of the MLSA without renewal and written request by any Participating Educational Agencyrenewal, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agencyexpiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected DataAgency, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data• In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), teachers/staff of a Participating Educational Agency the Vendor will have cooperate with Erie 1 BOCES as necessary to transition Protected Data to the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point successor Vendor prior to deletion deletion. • Neither Vendor nor any of accountsits subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. It is not possible Upon request, Vendor and/or its subcontractors or other authorized persons or entities to export whom it has disclosed Protected Data, as applicable, will provide Erie 1 BOCES with a certification from an appropriate officer that these requirements have been satisfied in full. These terms and conditions, along with any document(s) signed or retrieve data electronically agreed to by D2L and Client that is accompany or reference these terms and conditions for D2L Services (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others"Order"), form the agreement (ii"Agreement") technically impossible; or between the D2L entity signing the Order (iii"D2L") involve a disproportionate effort for Vendorand the Client identified in the Order ("Client").
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosurexxxx://xxx.xxxxx.xxx/data-privacy- security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. 5/31/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. Passport For Good] which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● . • The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● • Upon expiration of the MLSA without renewal and written request by any Participating Educational Agencyrenewal, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agencyexpiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected DataAgency, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable • In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with Erie 1 BOCES as necessary to transition Protected Data to the successor Vendor prior to deletion. • Neither Vendor nor any of its subcontractors or retrievable dataother authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, teachers/staff copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide Erie 1 BOCES with a Participating Educational Agency certification from an appropriate officer that these requirements have been satisfied in full. Data Governance Policy K-12 Data Retention and Deletion Policy K-12 Data Breach Policy K-12 000 Xxxxxxxx - 0xx Xxxxx Xxxx, Xxx Xxxx 00000 (000) 000-0000 (T) Data governance is an organizational approach to management that is formalized as a set of policies and procedures that encompass the full life cycle of Data, including, PII; from acquisition, to use, to disposal. These rules and policies establish decision rights, as well as the controls that ensure security, accountability, and trustworthiness. Governance is not active day-to- day oversight, but rather a strong foundation for a viable management system. Any governance structure is in place to xxxxxx sound policy, clarity of controls, and consistent processes. PFG recognizes its responsibility to protect the privacy and ensure security for all users. PFG has adopted this Data Governance Policy to comply with all applicable laws, rules and regulations. DocuSign Envelope ID: 74A071CB-F62F-4EB8-80D2-72A7CF674110 This policy applies to all employees and consultants of PFG. In accordance with PFG’s policy and procedures, this policy will be reviewed and adjusted on an annual basis or more frequently, as needed. This policy is designed to ensure only authorized disclosure of Data, including, PII as well as establishing best practices around governance. Where PFG uses contractors such as third-party service providers they will be notified of this policy. See the Definitions section of the policies for certain definitional terms used in this policy.
1. PFG restricts access to Data, including, PII to only those who need to know the information in order to process the Data, including, PII for the intended service or provide customer assistance and any such access will be limited to the Data, including, PII necessary for the performance of the operation.
2. PFG will conduct background checks on all PFG employees and consultants who will have access to Data, including, PII as part of the ability hiring process.
3. Access to download namesData, responsesincluding, results PII may be revoked by PFG for any reason, including, termination.
4. PFG identifies access to Data, including, PII based on roles and grades obtained need for access.
5. PFG will protect its Data, including, through security measures. Product Development All For development and customer support Customer Support All For customer support and development Onboarding and Engagement All For onboarding and customer support Business Development All For business development, customer support and engagement Data Owner All For development and control
1. PFG has instituted policies to make sure Data, including, PII are not misused or abused and are used in accordance with all applicable regulations, rules and laws. Data Owners manage Data, including, PII according to this policy and all other applicable policies and practices implemented by students in PFG.
2. PFG employees and consultants are only allowed to access Data, including, PII for the required performance of their assignments (i.e., student gradebooks) at job function/role and not for any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendorinappropriate purposes.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor KIDS DISCOVER shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor KIDS DISCOVER has discovered or been informed of the breach or unauthorized release.
(b) Vendor KIDS DISCOVER will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxxxx Xxxxx directly by email at xxxxx@x0x.xxx, Xxxxxxx.xxxxx@xxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor KIDS DISCOVER will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the General Counsel or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor KIDS DISCOVER discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor KIDS DISCOVER has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor KIDS DISCOVER representatives who can assist affected individuals that may have additional questions.
(d) Vendor KIDS DISCOVER acknowledges that upon initial notification from VendorKIDS DISCOVER, Erie 1 BOCES, as the educational agency with which Vendor KIDS DISCOVER contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor KIDS DISCOVER shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor KIDS DISCOVER directly or requests more information from Vendor KIDS DISCOVER regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor KIDS DISCOVER will promptly inform Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees.
(e) Vendor KIDS DISCOVER will consult directly with Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleKIDS DISCOVER, Inc. LLC (“KIDS DISCOVER”), which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to VendorKIDS DISCOVER, and Vendor KIDS DISCOVER will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that. The exclusive purpose for which KIDS DISCOVER is being provided access to Protected Data is to provide Participating Educational Agencies with the functionality of the Product(s) listed above. KIDS DISCOVER agrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by KIDS DISCOVER, prior or any of KIDS DISCOVER’s subcontractors, assignees, or other authorized agents, will not be sold, or released or used for any commercial or marketing purposes. Please refer to any such disclosurethe Data Security and Privacy Plan provided as an attachment for more details on how Kids Discover personnel, the assigneeincluding contracted workers, agent or subcontractor receiving data has agreed in writing are trained and qualified to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● handle Protected Data. • The MLSA AGREEMENT commences on July 1, 2023 4/15/20 and expires on June 30, 20266/30/23. ● Upon expiration of the MLSA AGREEMENT without renewal and written request by any Participating Educational Agencyrenewal, or upon termination of the MLSA AGREEMENT prior to expiration and written request by any Participating Educational Agencyexpiration, or at any point upon written request by a Participating Educational Agency, Vendor KIDS DISCOVER will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor KIDS DISCOVER or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivitysubcontractors. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency Agency, KIDS DISCOVER will assist that entity in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion. • At BOCES request, KIDS DISCOVER will cooperate with BOCES as necessary in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability order to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebookstransition Protected Data to any successor KIDS DISCOVER(s) at any point prior to deletion deletion. • KIDS DISCOVER agrees that neither it nor its subcontractors, assignees, or other authorized agents will retain any copy, summary or extract of accountsthe Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. It is not possible to export Upon request, KIDS DISCOVER and/or its subcontractors, assignees, or retrieve data other authorized agents will provide a certification from an appropriate officer that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendorthese requirements have been satisfied in full.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLEXxxxxx Xxxxxxxx Chief Operating Officer May 25, INC. 2020 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Excelsoft Technologies Inc. which governs the availability to Participating Educational Agencies of the following Product(s): • Saras Computer Adaptive Assessment Platform Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES and Participating Educational Agencies in writing of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the determined a breach or unauthorized releaserelease has occured.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and the impacted Participating Educational Agencies, and will also provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxx- Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Signature Xxxxx Xxxxxxx Xxxxxx Printed Name Security & Infrastructure Title 8/31/2023 Director of Bid Operations 7/5/2023 ERIE 1 BOCES AND EDPUZZLEEXPLORELEARNING, INC. LLC Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzleExploreLearning, Inc. LLC which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. . Oversight of Subcontractors: In the event that Vendor shall ensure thatengages subcontractors, prior assignees, or other authorized agents to perform one or more of its obligations under the MLSA (including any such disclosurehosting service provider), the assignee, agent or subcontractor receiving data has agreed in writing it will require those to whom it discloses Protected Data to comply with data protection obligations consistent with those applicable to Edpuzzle security and privacy standards required of Vendor under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026applicable state and federal law. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors ensure that such subcontractors, assignees, or other authorized persons or entities to whom it has disclosed Protected Data. In agents abide by the absence provisions of a these agreements by: Entering into written requestcontracts protecting the confidentiality and security of data, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of including Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to at least as strict as Vendor’s obligations under the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for VendorMLSA.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall will promptly notify Erie 1 BOCES the District of any actual or suspected access to Vendor’s information systems or other compromise, breach or unauthorized release of Protected Data that is reasonably believed to have impacted the confidentiality, integrity or availability of Protected Data (“Security Incident”) it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized releaseSecurity Incident.
(b) Vendor will provide such notification to Erie 1 BOCES the District by contacting Xxxxxxxx Xxxx-Xxxxx DPO Xxx Xxx directly by email at xxxxx@x0x.xxx, xxxx@xxxxxxxxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)x0000.
(c) Vendor will cooperate with Erie 1 BOCES the District and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx Xxx Xxx or her his designee about the incidentSecurity Incident, including but not limited to: a description of the incident, the date of the incidentSecurity Incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, the Participating Educational Agencies schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach Security Incident and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency with which Vendor contracts, has may have an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx Xxx Xxx or her designeeshis designee.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach Breach or unauthorized release Unauthorized Release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered confirmed the Breach or been informed of the breach or unauthorized releaseUnauthorized Release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the General Counsel or her designee about the incidentBreach or Unauthorized Release, including but not limited to, to the extent known by Vendor: a description of the incident, the date of the incident, the incident (or an estimated date Vendor discovered or was informed of the incident, or the date range), a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(dc) Vendor acknowledges that upon initial notification from VendorVendor of a Breach or Unauthorized Release of Student Data, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees.
(ed) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees prior to providing any further notice of the incident Breach or Unauthorized Release (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting THE VENDOR: By: Title: Date: Sales Manager 7/2/2024 Exclusive Purpose for which Protected Data will be Used: Hudl will use Protected Data exclusively for the privacy Services and security of student, teacher, as specified in this MLSA and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needsTerms of Service.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) E x c l u d ing b r eac h e s attr ib u tab l e t o B OCE S , Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email the BOCES Data Protection Officer, at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)xxx@xxxxx.xxx.
(c) Vendor will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer (DPO) or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 _P_r_e_s_i_d_e_n__t____________________ _1_2_-_3_1__-2__0_2_0___________________ Date Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's ’s education record, including any student data maintained by the Capital Region BOCES. This right of inspection of records is consistent with the federal Family Educational Rights and Privacy Act (FERPA). Under the more recently adopted regulations (Education Law §2-d), the rights of inspection are extended to include data, meaning parents have the right to inspect or receive copies of any data in their child’s educational record. The New York State Education Department (SED) will develop further policies and procedures related to these rights in the future. Requests to inspect and review a child’s education record should be directed to: Data Protection Officer, xxx@xxxxx.xxx, 000 Xxxxxxxxxx-Xxxxxx Xxxx, Xxxxxx, XX 00000.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 _P_r_e_s_i_d_e_n__t____________________ _1_2_-_3_1__-2__0_2_0___________________ Date BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleVendor (“Vendor”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. . To buy, create, store, assign, and record student progress on (optional) Boom Cards cloud-resident instructional materials. Vendor shall ensure thatagrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by Vendor, prior to or any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1subcontractors, 2023 and expires on June 30assignees, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 1 contract
Samples: Data Privacy Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall will promptly notify Erie 1 PNW BOCES of any breach or unauthorized release of Protected Data it has received from PNW BOCES and/or its affiliates in the most expedient way possible and without unreasonable delay, but no more than seven ten (710) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 PNW BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxxthe Data Protection Officer, or by calling (000) xxxxxxxxxxx@xxxxxxxx.xxx, 000-0000 (office) or (716) 000- 0000 (cell)000-0000.
(c) Vendor will cooperate with Erie 1 PNW BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or his/her designee about the incident, to the extent the information is available, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, the Participating Educational Agencies schools within PNW BOCES affected and/or the affiliates of PNW BOCES whose data has been affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 PNW BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Protection Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by PNW BOCES or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 PNW BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or his/her designeesdesignee.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Signature Jordan Mask Printed Name Security Account & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Finance Manager 5/9/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzleHIGH SCHOOL E-SPORTS LEAGUE, Inc. INC. which governs the availability to Participating Educational Agencies of the following Product(s): High School Esports League and Middle School Esports League tournaments and tournament services and the Gaming Concepts educational resources Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 Xxxx Xxxxxxxx Senior VP, Inside Sales 5/30/2023 ERIE 1 BOCES AND EDPUZZLE[EBSCO INFORMATION SERVICES, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”)LLC.
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.]
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor CENGAGE LEARNING/XXXX shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor CENGAGE LEARNING/XXXX has discovered or been informed of the breach or unauthorized release.
(b) Vendor CENGAGE LEARNING/GALE will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor CENGAGE LEARNING/XXXX will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the General Counsel or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor CENGAGE LEARNING/XXXX discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor CENGAGE LEARNING/XXXX has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor CENGAGE LEARNING/XXXX representatives who can assist affected individuals that may have additional questions.
(d) Vendor CENGAGE LEARNING/XXXX acknowledges that upon initial notification from VendorCENGAGE LEARNING/XXXX, Erie 1 BOCES, as the educational agency with which Vendor CENGAGE LEARNING/XXXX contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor CENGAGE LEARNING/GALE shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor CENGAGE LEARNING/XXXX directly or requests more information from Vendor CENGAGE LEARNING/XXXX regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor CENGAGE LEARNING/XXXX will promptly inform Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees.
(e) Vendor CENGAGE LEARNING/XXXX will consult directly with Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 __V__P__G_a__le_,__K_1_2__S__a_l_e_s_________ _____5_/2__1_/_2_0_2_0_________________ Date BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleCENGAGE LEARNING/XXXX (“CENGAGE LEARNING/XXXX”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to VendorCENGAGE LEARNING/XXXX, and Vendor CENGAGE LEARNING/XXXX will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that. The exclusive purpose for which CENGAGE LEARNING/XXXX is being provided access to Protected Data is to provide Participating Educational Agencies with the functionality of the Product(s) listed above. The exclusive purpose for which CENGAGE LEARNING/XXXX is being provided access to Protected Data is to provide Participating Educational Agencies with the functionality of the Product(s) listed above. CENGAGE LEARNING/XXXX agrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by CENGAGE LEARNING/XXXX, prior or any of CENGAGE LEARNING/GALE’s subcontractors, assignees, or other authorized agents, will not be sold, or released or used for any commercial or marketing purposes. A summary of CENGAGE LEARNING/XXXX subcontractors are included in Exhibit 3: Cengage Learning Information Security Program Overview. Each subcontractor is subject to any such disclosure, a written contract containing terms materially the assignee, agent or subcontractor receiving data has agreed in writing same as those contained herein that requires it to protect all Protected Data to which it may be exposed and comply with data protection obligations consistent with those applicable privacy laws. CENGAGE LEARNING/XXXX may, from time to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices time, notify BOCES of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● new subcontractors. • The MLSA AGREEMENT commences on July 1, 2023 [date] and expires on June 30, 2026[date]. ● Upon expiration of the MLSA AGREEMENT without renewal and written request by any Participating Educational Agencyrenewal, or upon termination of the MLSA AGREEMENT prior to expiration and written request by any Participating Educational Agencyexpiration, or at any point upon written request by a Participating Educational Agency, Vendor CENGAGE LEARNING/XXXX will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor CENGAGE LEARNING/XXXX or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivitysubcontractors. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency Agency, CENGAGE LEARNING/GALE will assist that entity in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion. • At BOCES request, CENGAGE LEARNING/XXXX will cooperate with BOCES as necessary in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachersorder to transition Protected Data to any successor CENGAGE LEARNING/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooksXXXX(s) at any point prior to deletion deletion. • CENGAGE LEARNING/XXXX agrees that neither it nor its subcontractors, assignees, or other authorized agents will retain any copy, summary or extract of accountsthe Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. It Upon request, CENGAGE LEARNING/XXXX and/or its subcontractors, assignees, or other authorized agents will provide a certification from an appropriate officer that these requirements have been satisfied in full. Cengage Learning, Inc. maintains a formal, written information security program containing administrative, technical and physical safeguards to protect the security, confidentiality and integrity of personal information. This program is not possible reasonably designed to export or retrieve data that is protect (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others)security and confidentiality of personal information, (ii) technically impossible; protect against any anticipated threats or hazards to the security or integrity of the information, and (iii) involve a disproportionate effort for Vendorprotect against unauthorized access to or use of the information. This document provides an overview of Cengage ’s information security program.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx Xxxxxxx, Data Security, Protection & Compliance Officer, Erie 1 BOCES directly by email at xxxxx@x0x.xxxxxxxxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx Xxxxxxx or her his designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have Erie 1 BOCES if it has additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx Xxxxxxx or her designeeshis designee.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx Xxxxxxx or her designees his designee prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposesschool district.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor LEARNING A-Z shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor LEARNING A-Z has discovered or been informed of the breach or unauthorized release.
(b) Vendor LEARNING A-Z will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxxxx Xxxxx directly by email at xxxxx@x0x.xxx, Xxxxxxx.xxxxx@xxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor LEARNING A-Z will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the General Counsel or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor LEARNING A-Z discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor LEARNING A-Z has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor LEARNING A-Z representatives who can assist affected individuals that may have additional questions.
(d) Vendor LEARNING A-Z acknowledges that upon initial notification from VendorLEARNING A-Z, Erie 1 BOCES, as the educational agency with which Vendor LEARNING A-Z contracts, has an obligation under Section 2-2- d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor LEARNING A-Z shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor LEARNING A-Z directly or requests more information from Vendor LEARNING A-Z regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor LEARNING A-Z will promptly inform Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees.
(e) Vendor LEARNING A-Z will consult directly with Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleLEARNING A-Z (“LEARNING A-Z”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to VendorLEARNING A-Z, and Vendor LEARNING A- Z will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior . The exclusive purpose for which LEARNING A-Z is being provided access to any such disclosure, Protected Data is to provide Participating Educational Agencies with the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration functionality of the MLSA without renewal and written request Product(s) listed above. LEARNING A-Z agrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by any Participating Educational AgencyLEARNING A-Z, or upon termination any of the MLSA prior to expiration and written request by any Participating Educational AgencyLEARNING A-Z’s subcontractors, or at any point upon written request by a Participating Educational Agencyassignees, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall oh Technologies, Inc, DBA "Extempore" will promptly notify Erie 1 BOCES the School or District of any breach or unauthorized release of Protected Data it has received from the Copiague School District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor oh Technologies, Inc, DBA "Extempore" has discovered or been informed of the breach or unauthorized release.
(b) Vendor oh Technologies, Inc, DBA "Extempore" will provide such notification to Erie 1 BOCES the School or District by contacting Xxxxxxxx Xxxx-Contacting Xxxxx directly Xxxxxxxxxxx, Director of Technology by email at xxxxx@x0x.xxx, xxxxxxxxxxxx@xxxxxxxx.xxx or by calling (000) -000-0000 (office) or (716) 000- 0000 (cell)x 000.
(c) Vendor oh Technologies, Inc, DBA "Extempore" will cooperate with Erie 1 BOCES the Copiague School District and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee the Copiague School District about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor oh Technologies, Inc, DBA "Extempore" discovered or was informed of the incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, if a District, instead of one school, the Participating Educational Agencies schools within the District affected, what the Vendor oh Technologies, Inc, DBA "Extempore" has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor oh Technologies, Inc, DBA "Extempore" representatives who can assist affected individuals that may my have additional questions.
(d) Vendor oh Technologies, Inc, DBA "Extempore" oh Technologies, Inc, DBA "Extempore" acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe Copiague School District, as the educational agency with which Vendor oh Technologies, Inc, DBA "Extempore" contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall oh Technologies, Inc, DBA "Extempore" agrees not to provide this notification to the CPO directlydirectly unless requested by the School or District or otherwise required by law. In the event the CPO contacts Vendor contact oh Technologies, Inc, DBA "Extempore" directly or requests more information from Vendor oh Technologies, Inc, DBA "Extempore" regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees_oh_Technologies, Inc_, DBA "Extempore" the Copiague School District.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Xxxxxxxx Xxxxxxxx _Chief accounting officer 8/2/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzlePowerSchool Group, Inc. LLC which governs the availability to Participating Educational Agencies of the following Product(s): UT Professional Learning, UT Perform, Naviance, Unified Home, Unified Classroom Curriculum & Instruction Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third. Vendor-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Subprocessing 1 Erie 1 BOCES and/or any Participating Educational Agency prior authorizes Vendor to appoint Vendor-data subprocessors in accordance with this subsection and the deletion of Protected Data, MLSA. 2 Vendor will assist a Participating Educational Agency in exporting all enter into written agreements (“Vendor-Data Subprocessor Agreement”) whereby Vendor-Data Subprocessors agree to secure and protect Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible manner consistent with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendorterms of this DPA and the MLSA.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 BY THE VENDOR: 5/7/2023 ERIE 1 BOCES AND EDPUZZLE, INC. [CODEMONKEY STUDIOS] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. [CodeMonkey Studios] which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. . Oversight of Subcontractors: In the event that Vendor shall ensure thatengages subcontractors, prior assignees, or other authorized agents to perform one or more of its obligations under the MLSA (including any such disclosurehosting service provider), it will require those to whom it discloses Protected Data to execute legally binding agreements acknowledging the assignee, agent or subcontractor receiving data has agreed in writing obligation under Section 2-d of the New York State Education Law to comply with the same data protection obligations consistent with those applicable to Edpuzzle security and privacy standards required of Vendor under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026applicable state and federal law. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors ensure that such subcontractors, assignees, or other authorized persons or entities to whom it has disclosed Protected Dataagents abide by the provisions of these agreements by: The vendor will sign binding agreements with subcontractors. In the absence of a written requestaddition, Vendor subcontractors will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve join Vendor's periodical data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendorsecurity sessions.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor Swank Motion Pictures Inc. shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor Swank Motion Pictures Inc. has discovered or been informed of the breach or unauthorized release.
(b) Vendor Swank Motion Pictures Inc. will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email the BOCES Data Privacy Officer, at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)xxxxxxx.xxxxx@xxxxx.xxx.
(c) Vendor Swank Motion Pictures Inc. will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer (DPO) or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor Swank Motion Pictures Inc. discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor Swank Motion Pictures Inc. has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor Swank Motion Pictures Inc. representatives who can assist affected individuals that may have additional questions.
(d) Vendor Swank Motion Pictures Inc. acknowledges that upon initial notification from VendorSwank Motion Pictures Inc., Erie 1 BOCES, as the educational agency with which Vendor Swank Motion Pictures Inc. contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor Swank Motion Pictures Inc. shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor Swank Motion Pictures Inc. directly or requests more information from Vendor Swank Motion Pictures Inc. regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor Swank Motion Pictures Inc. will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees.
(e) Vendor Swank Motion Pictures Inc. will consult directly with Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 __K_1__2__S__t_r_e_a__m__in__g__M__a__n_a__g_e__r Title _1_1_/_1_1__/2_0__2_0___________________ Date Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's ’s education record, including any student data maintained by the Capital Region BOCES. This right of inspection of records is consistent with the federal Family Educational Rights and Privacy Act (FERPA). Under the more recently adopted regulations (Education Law §2-d), the rights of inspection are extended to include data, meaning parents have the right to inspect or receive copies of any data in their child’s educational record. The New York State Education Department (SED) will develop further policies and procedures related to these rights in the future. Requests to inspect and review a child’s education record should be directed to: Data Privacy Officer, xxxxxxx.xxxxx@xxxxx.xxx, 000 Xxxxxxxxxx-Xxxxxx Xxxx, Xxxxxx, XX 00000.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 _K_1__2__S_t_re__a_m__in__g__M_a__n_a_g_e__r_____ _1_1_/_1_1__/2_0__2_0___________________ Date BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleSwank Motion Pictures Inc. (“Swank Motion Pictures Inc.”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to VendorSwank Motion Pictures Inc., and Vendor Swank Motion Pictures Inc. will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to . Swank Motion Pictures Inc. agrees that it will not use the Protected Data for any such disclosure, other purposes not explicitly authorized in the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for AGREEMENT. Protected Data received by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational AgencySwank Motion Pictures Inc., or upon termination any of the MLSA prior to expiration and written request by any Participating Educational AgencySwank Motion Pictures Inc.’s subcontractors, or at any point upon written request by a Participating Educational Agencyassignees, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 1 contract
Samples: Data Privacy Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosurexxxx://xxx.xxxxx.xxx/data-privacy-security/report- improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Xxxxxx Executive Vice President - General Counsel 10/10/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzleNWEA, Inc. A Division of Houghton Mifflin Harcourt Publishing Company which governs the availability to Participating Educational Agencies of the following Product(s): See Exhibit A and Exhibit B • MAP® Growth • MAP® Reading Fluency • MAP® Accelerator • Implementation Training • Partner Services Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● . • The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● • Upon expiration of the MLSA without renewal and written request by any Participating Educational Agencyrenewal, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agencyexpiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If in accordance with Exhibit E as requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Agency. Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data• In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), teachers/staff of a Participating Educational Agency the Vendor will have cooperate with Erie 1 BOCES as necessary to transition Protected Data to the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point successor Vendor prior to deletion deletion. • Neither Vendor nor any of accountsits subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, on any storage medium whatsoever. It is not possible Upon request, Vendor and/or its subcontractors or other authorized persons or entities to export or retrieve data whom it has disclosed Protected Data, as applicable, will provide Erie 1 BOCES with a certification from an appropriate officer that is (i) not compatible with the Edpuzzle service (such these requirements have been satisfied in full. The parties agree as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.follows:
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly without undue delay notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.. DocuSign Envelope ID: CE92A43D-9253-440E-9F2E-63D3C5309765
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. DocuSign Envelope ID: CE92A43D-9253-440E-9F2E-63D3C5309765 Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 CRO Mads Rebsdorf 29/6/2023 | 09:27 CEST DocuSign Envelope ID: CE92A43D-9253-440E-9F2E-63D3C5309765 ERIE 1 BOCES AND EDPUZZLE, INC. KAHOOT! ASA Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. Kahoot! ASA which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Signature Xxxxxx X Xxxx Printed Name Security & Infrastructure Title 8/31/2023 Vice President of Sales 5/5/2023 ERIE 1 BOCES AND EDPUZZLE[LOGISOFT COMPUTER PRODUCTS, INC. LLC Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle[ Logisoft Computer Products, Inc. LLC] which governs the availability to Participating Educational Agencies of the following Product(s): [Adobe Systems] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.following
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email the BOCES Data Protection Officer, at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)xxx@xxxxx.xxx.
(c) Vendor will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer (DPO) or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Tumbleweed Press _P_r__e_s_i_d__e_n_t Title _1_0_/_2__2_/_2_0__2_0 Date PARENTS’ BILL OF RIGHTS FOR DATA SECURITY AND PRIVACY Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's ’s education record, including any student data maintained by the Capital Region BOCES. This right of inspection of records is consistent with the federal Family Educational Rights and Privacy Act (FERPA). Under the more recently adopted regulations (Education Law §2-d), the rights of inspection are extended to include data, meaning parents have the right to inspect or receive copies of any data in their child’s educational record. The New York State Education Department (SED) will develop further policies and procedures related to these rights in the future. Requests to inspect and review a child’s education record should be directed to: Data Protection Officer, xxx@xxxxx.xxx, 000 Xxxxxxxxxx-Xxxxxx Xxxx, Xxxxxx, XX 00000.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Tumbleweed Press _P_r__e_s_i_d__e_n_t Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 _1_0_/_2__2_/_2_0__2_0 Date ABOUT THE AGREEMENT BETWEEN BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleVendor (“Vendor”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. . Vendor shall ensure thatagrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by Vendor, prior to or any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1subcontractors, 2023 and expires on June 30assignees, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 1 contract
Samples: Data Privacy Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor KIDS DISCOVER shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor KIDS DISCOVER has discovered or been informed of the breach or unauthorized release.
(b) Vendor KIDS DISCOVER will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxxxx Xxxxx directly by email at xxxxx@x0x.xxx, Xxxxxxx.xxxxx@xxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor KIDS DISCOVER will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the General Counsel or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor KIDS DISCOVER discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor KIDS DISCOVER has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor KIDS DISCOVER representatives who can assist affected individuals that may have additional questions.
(d) Vendor KIDS DISCOVER acknowledges that upon initial notification from VendorKIDS DISCOVER, Erie 1 BOCES, as the educational agency with which Vendor KIDS DISCOVER contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor KIDS DISCOVER shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor KIDS DISCOVER directly or requests more information from Vendor KIDS DISCOVER regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor KIDS DISCOVER will promptly inform Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees.
(e) Vendor KIDS DISCOVER will consult directly with Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleKIDS DISCOVER, Inc. LLC (“KIDS DISCOVER”), which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to VendorKIDS DISCOVER, and Vendor KIDS DISCOVER will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that. The exclusive purpose for which KIDS DISCOVER is being provided access to Protected Data is to provide Participating Educational Agencies with the functionality of the Product(s) listed above. KIDS DISCOVER agrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by KIDS DISCOVER, prior or any of KIDS DISCOVER’s subcontractors, assignees, or other authorized agents, will not be sold, or released or used for any commercial or marketing purposes. Please refer to any such disclosurethe Data Security and Privacy Plan provided as an attachment for more details on how Kids Discover personnel, the assigneeincluding contracted workers, agent or subcontractor receiving data has agreed in writing are trained and qualified to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● handle Protected Data. • The MLSA AGREEMENT commences on July 1, 2023 4/15/20 and expires on June 30, 20266/30/23. ● Upon expiration of the MLSA AGREEMENT without renewal and written request by any Participating Educational Agencyrenewal, or upon termination of the MLSA AGREEMENT prior to expiration and written request by any Participating Educational Agencyexpiration, or at any point upon written request by a Participating Educational Agency, Vendor KIDS DISCOVER will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor KIDS DISCOVER or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivitysubcontractors. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency Agency, KIDS DISCOVER will assist that entity in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion. • At BOCES request, KIDS DISCOVER will cooperate with BOCES as necessary in order to transition Protected Data to any successor KIDS DISCOVER(s) prior to deletion. • KIDS DISCOVER agrees that neither it nor its subcontractors, assignees, or other authorized agents will retain any copy, summary or extract of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, KIDS DISCOVER and/or its subcontractors, assignees, or other authorized agents will provide a certification from an appropriate officer that these requirements have been satisfied in full. Kids Discover, LLC 000 Xxxxxxxxx Xxxxxx Xxx Xxxx, XX 00000 Phone: (000) 000-0000 April 15, 2020 The purpose of this document is to outline the various technologies, safeguards, and business practices that Kids Discover, LLC (Kids Discover, the Company) employs in order to appropriately handle and protect any and all student data or teacher or principal data the Company may receive in conjunction with the services it offers. When reading this document, it is important to note that Kids Discover Online, the digital platform the Company offers its services through, collects a minimal amount of Personally Identifiable Information (as defined below). In some instances, Kids Discover Online may not collect any Personally Identifiable Information in order to provide its full suite of services to School Districts and Educational Agencies, particularly when services are delivered to school library systems. Any questions, inquiries, or clarifications regarding this document should be directed to xxxxxxxxx@xxxxxxxxxxxx.xxx, and a Kids Discover Representative will reply in a timely manner.
1. As it pertains to this Data Security and Privacy Plan, in such formats as may be requested by accordance with New York State Education Law 2-d, the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will following terms shall have the ability following meanings:
a. Breach means the unauthorized acquisition, access, use, or disclosure of student data and/or teacher or principal data by or to download namesa person not authorized to acquire, responsesaccess, results and grades obtained by students in their assignments (i.e.use, or receive the student gradebooks) at any point prior to deletion data and/or teacher or principal data
b. Commercial or Marketing Purpose means the sale of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossiblestudent data; or (iii) involve a disproportionate effort its use or disclosure for Vendorpurposes of receiving remuneration, whether directly or indirectly; the use of student data for advertising purposes, or to develop, improve or market products or services to students.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall will promptly notify Erie 1 BOCES the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES the District by contacting the Xxxxxxxx Xxxx-Xxxxx Central School District’s Data Protection Officer directly by email at xxxxx@x0x.xxx, xxx@xxxxxxxxxxxxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)0000.
(c) Vendor will cooperate with Erie 1 BOCES the District and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx Central School District’s Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information Protected Data involved, an estimate of the number of records affected, the Participating Educational Agencies schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESthe District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall agrees not to provide this notification to the CPO directlydirectly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESthe District, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx Central School District’s Data Protection Officer or his/her designeesdesignee.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx Except as otherwise required by law or her designees prior to providing any further notice of agreed in writing between the incident (written parties and excluding Student Data or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing that belongs to the Office of Information & Reporting ServicesDistrict, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have all information provided by Vendor to the right District pursuant to have complaints about possible breaches of student data addressedthis Agreement shall be treated as Vendor’s confidential information. Complaints should be directed The District agrees that it will disclose such information only to such parties that the District determines are necessary to assist it in its review and require such parties to enter into non-disclosure agreements or otherwise agree in writing to maintain its confidentiality. To the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected extent permitted by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosurelaw, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulationsDistrict will withhold such information from public disclosure.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized releaserelease and the number and names of schools and students affected.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosurexxxx://xxx.xxxxx.xxx/data-privacy-security/report- improper-disclosure. Signature Xxxxx Xxxxxxx Xxxxx Printed Name Security & Infrastructure Title 8/31/2023 Interim General Counsel 3/27/2024 ERIE 1 BOCES AND EDPUZZLE, INC. [GREAT MINDS PBC] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. [GREAT MINDS PBC] which governs the availability to Participating Educational Agencies of the following Product(s): [list Product(s) from Vendor] Wit & Wisdom In Sync Wit & Wisdom Digital Teacher Edition My Geodes Digital Eureka Math² Premium Assessment Training PhD Science In Sync Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 Partner 8/30/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Right Reason Technologies Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. Right Reason Technologies which governs the availability to Participating Educational Agencies of the following Product(s): RightPath Student Success System Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● . • The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● • Upon expiration of the MLSA without renewal and written request by any Participating Educational Agencyrenewal, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agencyexpiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected DataAgency, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable • In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with Erie 1 BOCES as necessary to transition Protected Data to the successor Vendor prior to deletion. • Neither Vendor nor any of its subcontractors or retrievable other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide Erie 1 BOCES with a certification from an appropriate officer that these requirements have been satisfied in full. EXHIBIT E Right Reason Technologies, LLC (RRT) needs to gather and use certain information about school districts. These can include teachers, students, classes, class rosters, student assignments and grades. This policy describes how this personal data is secured, stored, and accessed to meet the company’s data protection standards and the requirements of its customers. This data protection policy ensures that RRT: • Complies with data protection law and follows good practice • Protects the rights of staff, customers and partners • Is open about how it stores and processes personally identifiable information • Protects itself from the risks of a data breach Everyone who works for or with RRT shares in the responsibility for ensuring data is collected, stored and handled appropriately. Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles. However, these people have key areas of responsibility: • The Board of Directors is ultimately responsible for ensuring that RRT meets its legal obligations. • The IT Manager is responsible for: o Keeping the Board of Directors updated about data protection responsibilities, risks and issues. o Reviewing all data protection procedures and related policies, in line with an agreed schedule. o Arranging data protection training and advice for the people covered by this policy. o Handling data protection questions from staff and anyone else covered by this policy. o Dealing with requests from individuals to see the data RRT holds. o Checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data. o Ensuring all systems, services and equipment used for storing data meet acceptable security standards. o Performing regular checks and scans to ensure security hardware and software is functioning properly. o Evaluating any third-party services, the company is considering using to store or process data. For instance, cloud computing services. • The general staff is responsible for: o Keeping all data secure, by taking sensible precautions and following the guideline below. o Using strong passwords never sharing passwords. o Securing personal data from unauthorized people, either within the company or externally. o Regularly reviewing and updating data, teachers/staff if it is found to be out of date. If no longer required, it will be deleted and disposed of. o Requesting access to data it from their line managers or requesting help from their line manager or the data protection officer if they are unsure about any aspect of data protection. These rules describe how and where data will be safely stored. Questions about storing data safely can be directed to the IT manager. • When not required, the paper or files will be kept in a Participating Educational Agency locked drawer or filing cabinet. • Employees will have make sure paper and printouts are not left where unauthorized people could see them, like on a printer. • Data printouts will be shredded and disposed of securely when no longer required. When data is stored electronically, it must be protected from unauthorized access, accidental deletion and malicious hacking attempts: • Data will be protected by strong passwords that are changed regularly and never shared between employees. • If data is stored on removable media (like a CD or DVD), these will be kept locked away securely when not being used. • Data will only be stored on designated drives and servers and will only be uploaded to an approved cloud computing service. • Data will be stored in a manner limiting access to those that specifically require the ability data to download namesperform specific tasks. • Servers containing personal data will be sited in a secure location, responsesaway from general office space. • Data will be backed up frequently. Those backups will be tested regularly, results in line with the company’s standard backup procedures. • Data will never be saved directly to laptops or other mobile devices like tablets or smart phones. • All servers and grades obtained computers containing data will be protected by students in approved security software and a firewall. The following policies help to ensure that all employees minimize the loss, corruption or theft of personal data. • When working with personal data, employees will ensure the screens of their assignments (i.e.computers are always locked when left unattended. • Personal data will not be shared informally. In particular, student gradebooks) at it will never be sent by email, as this form of communication is not secure. • Data must be encrypted before being transferred electronically. The IT manager can explain how to send data to authorized external contacts. • Personal data will never be transferred, except between RRT and the client district. RRT will never transfer personal data to any point prior to deletion of accountsother entity. It will be transferred to the client district who can then transfer the data to some other entity. The only exception to this rule is not possible to export or retrieve data that is (i) not compatible where RRT has an agreement with the Edpuzzle service (such as “downloading” Edpuzzle videos – client district to automate or integrate systems and sends or receives personal data to provide the integration service. • Personal Data will be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve destroyed when not needed for a disproportionate effort for Vendorspecific use.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES and Participating Educational Agencies in writing of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the determined a breach or unauthorized releaserelease has occured.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and the impacted Participating Educational Agencies, and will also provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxx- Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Samples: Master License and Service Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx _Xxxxxxxx Xxxxxxx Printed Name Security & Infrastructure _VP Xxxx K12 Sales Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle[Cengage Learning, Inc. (Xxxx a Cengage Company)]] which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Xxxxxx Xxxxxx VP of Finance 5/25/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. Play Versus Inc which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES CLIENT of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES CLIENT by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).CLIENT Data Privacy Officer, at
(c) Vendor will cooperate with Erie 1 BOCES the CLIENT and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the data privacy officer or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may CLIENT or its Participating Districts if they have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCESCLIENT, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCESCLIENT, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designeesdesignee.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees designee prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES CLIENT or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES RIC or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 Xxxxxx _Sales Manager 5/23/2023 ERIE 1 BOCES AND EDPUZZLE, INC. [XXXXXXXXXXXXX.XXX LLC.] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. [XxxxxxXxxxxxx.xxx LLC.] which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of confirmed the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting Purpose and Approach. This sets forth the privacy policies and security procedures of studentNewsela, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSAInc.(“Newsela”) with Ed puzzlerespect to data security and privacy. Newsela requires that its subcontractors that receive data containing PII (defined below) maintain similar policies. This Policy describes, Inc. which governs in general, the availability information that Newsela collects, how it is used and how it is protected. The principles described in this Policy apply not just to Participating Educational Agencies of PII, but to all data provided by customers. However, the following Product(s): Pursuant requirements and policies in this Data Privacy and Security Policy apply specifically to the MLSA, Participating Educational Agencies may provide to Vendor, use and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected protection of PII provided by Section 2-d of the New York State Education Law (“Protected Data”)customers.
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 CFO _5/18/2023 ERIE 1 BOCES AND EDPUZZLE[EDUCATIONAL VISTAS, INC. .] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle[Educational Vistas, Inc. inc.] which governs the availability to Participating Educational Agencies of the following Product(s): [Curriculum Developer™, DataMate Live, DataMate-DataMate Live-Elite, Social Emotional Learning System (SELS), AIMS, Teacher Evaluation and SLO Tracking 2020] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Samples: Master License and Service Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx, Xxxxxx-Xxxxx directly by email Tioga BOCES Data Privacy Officer, at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).000-0000
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx St. Xxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may BOCES or its Participating Districts if they have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx St. Xxxx or her designeesdesignee.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx St. Xxxx or her designees designee prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES RIC or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Xxx Xxxxxxxxx CFO 7/24/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzleActive Internet Technologies, Inc. LLC, dba Finalsite which governs the availability to Participating Educational Agencies of the following Product(s): Web Community Manager (Renewals Only) Mass Notifications Mobile App Ally (Renewals Only) Finalsite Composer (See below for core package elements) WeGlot AudioEye Messages/Messages/XR Training and Services Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● . • The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon • Within sixty (60 days of expiration of the MLSA without renewal and written request by any Participating Educational Agencyrenewal, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agencyexpiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected DataAgency, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data• In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), teachers/staff of a Participating Educational Agency the Vendor will have cooperate with Erie 1 BOCES as necessary to transition Protected Data to the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point successor Vendor prior to deletion deletion. • Neither Vendor nor any of accountsits subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. It is not possible Upon request, Vendor and/or its subcontractors or other authorized persons or entities to export or retrieve data whom it has disclosed Protected Data, as applicable, will provide Erie 1 BOCES with a certification from an appropriate officer that is these requirements have been satisfied in full. THESE MASTER TERMS AND CONDITIONS (i“MASTER TERMS”) not compatible APPLY TO ALL SERVICES MADE AVAILABLE TO THE CUSTOMER BY ACTIVE INTERNET TECHNOLOGIES, LLC, dba FINALSITE, A CONNECTICUT LIMITED LIABLITY COMPANY HAVING A PRINCIPAL PLACE OF BUSINESS AT 000 XXXXXXX XXXXX XXXXX, XXXXXXXXXXX, XXXXXXXXXXX 00000 AND ITS OPERATING AFFILIATES INCLUDING SCHOOLADMIN LLC, SCHOOLPOINT, INC. AND FINALSITE HOLDINGS (UK) LIMITED (COLLECTIVELY, “FINALSITE”). THE “CUSTOMER” IS A SCHOOL DISTRICT OR OTHER EDUCATION AGENCY WHICH ENTERS INTO AN ORDER WITH FINALSITE PURSUANT TO THESE MASTER TERMS. EACH ORDER EXECUTED BY THE PARTIES FORMS A SEPARATE CONTRACT BETWEEN WHICH INCORPORATES AND IS GOVERNED BY THESE MASTER TERMS (FINALSITE AND CUSTOMER ARE SOMETIMES COLLECTIVELY REFERRED TO AS THE “PARTIES”). These Master Terms, together with each fully executed Order and Statement of Work, any applicable Services Rider containing terms and conditions specific to any Services and any additional contract documents agreed in writing between the Edpuzzle service Parties (such as collectively, the “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among othersCustomer Contract Documents”), forms the contract between Finalsite and the Customer (ii) technically impossible; or (iii) involve a disproportionate effort for Vendorcollectively, the “Agreement”). In the event of any conflict between the terms and conditions of these Master Terms and the terms and conditions of any Order, the terms and conditions of the Order shall control with respect to such Order. In the event of any conflict between the terms and conditions of these Master Terms and the terms and conditions of any Services Rider, the terms and conditions of the Services Rider shall control with respect to the relevant Services. In the event of any conflict between the terms and conditions of these Master Terms and the terms and conditions of the Customer Contract Documents, the terms and conditions of the Customer Contract Documents shall control.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie Xxxx 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxx- Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosurexxxx://xxx.xxxxx.xxx/data-privacy- security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 SVP, Xxxxxxx School Assessment 9/8/2023 Page 38 of 41 ERIE 1 BOCES AND EDPUZZLENCS XXXXXXX, INC. INC Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzleNCS Xxxxxxx, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): [aimswebPlus, WriteToLearn, and SSIS Social-Emotional Learning Edition on Review360] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. . Oversight of Subcontractors: In the event that Vendor shall ensure thatengages subcontractors, prior assignees, or other authorized agents to perform one or more of its obligations under the MLSA (including any such disclosurehosting service provider), it will require those to whom it discloses Protected Data to execute legally binding agreements acknowledging the assignee, agent or subcontractor receiving data has agreed in writing obligation under Section 2-d of the New York State Education Law to comply with the same data protection obligations consistent with those applicable to Edpuzzle security and privacy standards required of Vendor under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026applicable state and federal law. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors ensure that such subcontractors, assignees, or other authorized persons or entities to whom it has disclosed Protected Data. In agents abide by the absence provisions of a written requestthese agreements by providing training for information security and data privacy awareness, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own information security acceptable use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff and code of a Participating Educational Agency will have the ability to download names, responses, results conduct upon hire and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendorannually thereafter.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor ALLDATA shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor ALLDATA has discovered or been informed of the breach or unauthorized release.
(b) Vendor ALLDATA will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxxxx Xxxxx directly by email at xxxxx@x0x.xxx, Xxxxxxx.xxxxx@xxxxx.xxx or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor ALLDATA will cooperate with Erie 1 BOCES XXXXX and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx the General Counsel or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor ALLDATA discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor ALLDATA has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor ALLDATA representatives who can assist affected individuals that may have additional questions.
(d) Vendor ALLDATA acknowledges that upon initial notification from VendorALLDATA, Erie 1 BOCES, as the educational agency with which Vendor ALLDATA contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor ALLDATA shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor ALLDATA directly or requests more information from Vendor ALLDATA regarding the incident after having been initially informed of the incident by Erie 1 BOCESXXXXX, Vendor ALLDATA will promptly inform Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees.
(e) Vendor ALLDATA will consult directly with Xxxxxxxx Xxxx-Xxxxx General Counsel or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Exhibit (continued) Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES XXXXX wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 _H__e__a_t__h_e__r__B__e_h__r_m___a_n_______ Exhibit (continued) BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleALLDATA (“ALLDATA”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to VendorALLDATA, and Vendor ALLDATA will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior . The exclusive purpose for which ALLDATA is being provided access to any such disclosure, Protected Data is to provide Participating Educational Agencies with the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration functionality of the MLSA without renewal and written request Product(s) listed above. ALLDATA agrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by any Participating Educational AgencyALLDATA, or upon termination any of the MLSA prior to expiration and written request by any Participating Educational AgencyALLDATA’s subcontractors, or at any point upon written request by a Participating Educational Agencyassignees, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons agents, will not be sold, or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete released or otherwise destroy used for any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable commercial or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendormarketing purposes.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor LIGHTSPEED SYSTEMS shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor LIGHTSPEED SYSTEMS has discovered or been informed of the breach or unauthorized release.
(b) Vendor LIGHTSPEED SYSTEMS will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxxthe BOCES Data Privacy Officer, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell)000-0000.
(c) Vendor LIGHTSPEED SYSTEMS will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her the Data Protection Officeror designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor LIGHTSPEED SYSTEMS discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor LIGHTSPEED SYSTEMS has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor LIGHTSPEED SYSTEMS representatives who can assist affected individuals that may have additional questions.
(d) Vendor LIGHTSPEED SYSTEMS acknowledges that upon initial notification from VendorLIGHTSPEED SYSTEMS, Erie 1 BOCES, as the educational agency with which Vendor LIGHTSPEED SYSTEMS contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor LIGHTSPEED SYSTEMS shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor LIGHTSPEED SYSTEMS directly or requests more information from Vendor LIGHTSPEED SYSTEMS regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor LIGHTSPEED SYSTEMS will promptly inform Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees.
(e) Vendor LIGHTSPEED SYSTEMS will consult directly with Xxxxxxxx Xxxx-Xxxxx the Data Protection Officer or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 Signature Xxxxxxx Xxxx – VP, Global Finance Name & Title 1__3_-_J_u__l_-_2__0_2_0_________________ Date Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of student, teacher, and principal data. In personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law § Section 2-dd. To further these goals, the BOCES wishes to inform the community parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventoryxxxx://xxx.x00.xxxxx.xxx/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should may be directed in to the NYS Chief Privacy Officer by writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using directed to the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosureChief Privacy Officer via email at: XXX@xxxx.xxxxx.xxx. Xxxxx Signature Xxxxxxx Printed Xxxx – VP, Global Finance Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 1_3__-_J_u__l_-_2_0__2_0_________________ Date BOCES has entered into a Master License and Service An Agreement (“MLSAAGREEMENT”) with Ed puzzleLIGHTSPEED SYSTEMS (“LIGHTSPEED SYSTEMS”), Inc. which governs the availability to Participating Educational Agencies of the following Product(s): [list scope of services from LIGHTSPEED SYSTEMS] • Analytics xxxxx://xxx.xxxxxxxxxxxxxxxxx.xxx/analytics/ • Mobile Manager xxxxx://xxx.xxxxxxxxxxxxxxxxx.xxx/manage/ • Relay Filter xxxxx://xxx.xxxxxxxxxxxxxxxxx.xxx/filter/ • Relay Classroom xxxxx://xxx.xxxxxxxxxxxxxxxxx.xxx/monitor/ • Relay Safety Check xxxxx://xxx.xxxxxxxxxxxxxxxxx.xxx/protect/ • Web Filter xxxxx://xxx.xxxxxxxxxxxxxxxxx.xxx/filter/ Pursuant to the MLSAAGREEMENT, Participating Educational Agencies may provide to VendorLIGHTSPEED SYSTEMS, and Vendor LIGHTSPEED SYSTEMS will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor Data will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed be used for the purposes purpose for which it was collected, which will be deemed collected and to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior fulfill contractual obligations to provide the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be service requested by the educational agency The exclusive purpose for which LIGHTSPEED SYSTEMS is being provided access to Protected Data is to provide Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible Agencies with the Edpuzzle service (such as “downloading” Edpuzzle videos – functionality of the Product(s) listed above. LIGHTSPEED SYSTEMS agrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by LIGHTSPEED SYSTEMS, or any of LIGHTSPEED SYSTEMS’ subcontractors, assignees, or other authorized agents, will not be it YouTube embeds sold, or Edpuzzle originals, among others), (ii) technically impossible; released or (iii) involve a disproportionate effort used for Vendorany commercial or marketing purposes.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxx- Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie ERIE 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:BOCES
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Samples: Master License and Service Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.8/30/2023
Appears in 1 contract
Samples: Master License and Service Agreement
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES and Participating Educational Agencies in writing of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of determined a the breach or unauthorized releaserelease has occurred.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716) 000- 0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and the impacted Participating Educational Agencies, and will also provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxx- Xxxxx or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information involved, an estimate of the number of records affected, the Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Xxx Xxxx VP, Bids and Proposals Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Date_5/25/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. Learning A-Z which governs the availability to Participating Educational Agencies of the following Product(s): Raz-Plus Reading A-Z Raz-Kids ELL Edition Connected Classroom Science A-Z Vocabulary A-Z Raz-Plus + ELL Edition Foundations A-Z Writing A-Z Espanol Add-on Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
Notification of Xxxxxx and Unauthorized Release. (a) Vendor shall promptly notify Erie 1 BOCES of any breach or unauthorized release of Protected Data in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to Erie 1 BOCES by contacting Xxxxxxxx Xxxx-Xxxxx directly by email at xxxxx@x0x.xxx, or by calling (000) 000-0000 (office) or (716000) 000- 000-0000 (cell).
(c) Vendor will cooperate with Erie 1 BOCES and provide as much information as possible directly to Xxxxxxxx Xxxx-Xxxxx or her designee about the incident, including but not limited limit- ed to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of personally identifiable information in- formation involved, an estimate of the number of records affected, the Participating Educational Edu- cational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Pro- tected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, Erie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor shall not provide this notification to the CPO directly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by Erie 1 BOCES, Vendor will promptly inform Xxxxxxxx Xxxx-Xxxxx or her designees.
(e) Vendor will consult directly with Xxxxxxxx Xxxx-Xxxxx or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposespurpos- es.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at xxxx://xxx.xxxxx.xxx/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, 00 Xxxxxxxxxx Xxxxxxx- xxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints Com- plaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, 00 Xxxxxxxxxx Xxxxxx, Xxxxxx, Xxx Xxxx 00000. Complaints may also be submitted using the form available at the following website xxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-disclosurexxxx://xxx.xxxxx.xxx/data-privacy-security/report-improper-dis- closure. Xxxxx Xxxxxxx Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. [PARENTSQUARE] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. Par- entSquare which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/staff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 1 contract
