Data Storage Where required by applicable law, Student Data shall be stored within the United States. Upon request of the LEA, Provider will provide a list of the locations where Student Data is stored.
Data Ownership and Authorized Access 1. Student Data Property of LEA. All Student Data transmitted to the Provider pursuant to the Service Agreement is and will continue to be the property of and under the control of the LEA. The Provider further acknowledges and agrees that all copies of such Student Data transmitted to the Provider, including any modifications or additions or any portion thereof from any source, are subject to the provisions of this DPA in the same manner as the original Student Data. The Parties agree that as between them, all rights, including all intellectual property rights in and to Student Data contemplated per the Service Agreement, shall remain the exclusive property of the LEA. For the purposes of FERPA, the Provider shall be considered a School Official, under the control and direction of the LEA as it pertains to the use of Student Data, notwithstanding the above.
Student Data Property of LEA All Student Data transmitted to the Provider pursuant to the Service Agreement is and will continue to be the property of and under the control of the LEA. The Provider further acknowledges and agrees that all copies of such Student Data transmitted to the Provider, including any modifications or additions or any portion thereof from any source, are subject to the provisions of this DPA in the same manner as the original Student Data. The Parties agree that as between them, all rights, including all intellectual property rights in and to Student Data contemplated per the Service Agreement, shall remain the exclusive property of the LEA. For the purposes of FERPA, the Provider shall be considered a School Official, under the control and direction of the LEA as it pertains to the use of Student Data, notwithstanding the above.
De-Identified Data Provider agrees not to attempt to re-identify de-identified Student Data. De-Identified Data may be used by the Provider for those purposes allowed under FERPA and the following purposes:
Unauthorized Access Notification XXX shall notify Provider promptly of any known unauthorized access. XXX will assist Provider in any efforts by Provider to investigate and respond to any unauthorized access.
Public Records Taxpayer acknowledges that GO-Biz is subject to the California Public Records Act (PRA) (Gov. Code, § 6250 et seq.). This Agreement and materials submitted by Taxpayer to GO-Biz may be subject to a PRA request. In such an event, GO-Biz will notify Taxpayer, as soon as practicable that a PRA request for Taxpayer’s information has been received, but not less than five (5) business days prior to the release of the requested information to allow Taxpayer to seek an injunction. GO-Biz will work in good faith with Taxpayer to protect the information to the extent an exemption is provided by law, including, but not limited to, notes, drafts, proprietary information, financial information, and trade secret information. GO-Biz will also apply the “balancing test” as provided for under Government Code section 6255, to the extent applicable. Notwithstanding the foregoing, GO-Biz agrees that any information provided to GO-Biz by the FTB, in connection with this Agreement will be treated as confidential tax information protected by Article 2 (commencing with Section 19542) of Chapter 7 of Part 10.2 of the RTC, assuming that FTB can rely on such a section and shall not be disclosed to any party, other than personnel of GO-Biz or the Committee, without Taxpayer’s prior written consent. Taxpayer acknowledges that this Agreement in whole or in part will be made available to the public at least ten (10) calendar days prior to the Committee hearing. Pursuant to RTC sections 17059.2 and 23689, in the event of approval by the Committee of this Agreement, Taxpayer acknowledges and agrees that GO-Biz will post on its website the following information:
Data Security The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who XXX may contact if there are any data security concerns or questions.
Parent Access To the extent required by law the LEA shall establish reasonable procedures by which a parent, legal guardian, or eligible student may review Education Records and/or Student Data correct erroneous information, and procedures for the transfer of student-generated content to a personal account, consistent with the functionality of services. Provider shall respond in a reasonably timely manner (and no later than forty five (45) days from the date of the request or pursuant to the time frame required under state law for an LEA to respond to a parent or student, whichever is sooner) to the LEA’s request for Student Data in a student’s records held by the Provider to view or correct as necessary. In the event that a parent of a student or other individual contacts the Provider to review any of the Student Data accessed pursuant to the Services, the Provider shall refer the parent or individual to the LEA, who will follow the necessary and proper procedures regarding the requested information.
Separate Account If Student-Generated Content is stored or maintained by the Provider, Provider shall, at the request of the LEA, transfer, or provide a mechanism for the LEA to transfer, said Student- Generated Content to a separate account created by the student.
Subscribing LEA An LEA that was not party to the original Service Agreement and who accepts the Provider’s General Offer of Privacy Terms.
