CHAPTER 7.00-BUSINESS SERVICES

7.40 Online Educational Services Agreements, Contacts

The District is committed to maintaining the privacy and security of student data and teacher and principal data and will follow all applicable laws and regulations for the handling and storage of this data in the District and when disclosing or releasing it to others, including, but not limited to, third-party contractors. The District adopts this policy to implement the requirements of state and federal privacy laws, including FERPA and its implementing regulations, the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§6501-6506, 20 U.S.C. Section 1232g(a)(4) and personally identifiable information (“PII”) as defined in 34 CFR §99.3, and Section 1002.22, F.S., F.A.C. §6A-1.09550(9) as well as to align the District’s data privacy and security practices. 

This procedure is required whether or not there is a written agreement governing student use, and whether or not the online educational service is free. This procedure is required even if the use of the online educational service is unique to specific classes or courses. Prior to entering into an online educational services agreement, the following review and approval procedure shall be followed. 

1. Definitions: 

a. “Commercial or marketing purpose” means the sale of student data; or its use or disclosure for purposes of receiving remuneration, whether directly or indirectly; the use of student data for advertising purposes, or to develop, improve, or market products or services to students. 

b. “Contract or other written agreement” means a binding agreement between an educational agency and a third-party, which includes, but is not limited to, an agreement created in electronic form and signed with an electronic or digital signature or a click-wrap agreement that is used with software licenses, downloaded, and/or online applications and transactions for educational technologies and other technologies in which a user must agree to terms and conditions prior to using the product or service.

c. “Disclose” or “disclosure”; means to permit access to, or the release, transfer, or other communication of personally identifiable information by any means, including oral, written, or electronic, whether intended or unintended. 

d. ”Education records” means an education record as defined in the Family Educational Rights and Privacy Act and its implementing regulations, 20 USC Section 1232g and 34 CFR Part 99, respectively. 

e. “Educational agency” means a school district, school, or charter school. 

f. “Eligible student” means a student who is eighteen years or older. 

g. “Online educational service” means computer software, mobile applications (apps), and web-based tools that students or parents are required to use and access through the internet and as part of a school activity or function. Examples include online services that students or parents use to access class readings, assignments, or videos, to view learning progression, or to complete assignments. This does not include online services that students or parents may use in their personal capacity or to online services that districts or schools may use to which students or parents do not have access, such as a district student information system. 

h. “Parent” means a parent, legal guardian, or person in parental relation to a student. 

i. “Personally identifiable information” or “PII” as applied to student data means information that can be used to distinguish or trace a student’s identity either directly or indirectly through linkages with other information, as defined in 34 CFR §99.3. PII includes, but is not limited to direct identifiers (such as a student’s or other family member’s name), indirect identifiers (such as a student’s date of birth, place of birth, or mother’s maiden name), and other personal identifiers (such as a student’s social security number or Florida Education Identifier (FLEID) number). PII also includes information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty. It also includes data as applied to teacher or principal data.

j. “Principal” means a building principal subject to annual performance evaluation review 

k. ”Release” has the same meaning as disclosure or disclose. 

l. “Student” means any person who is or has been in attendance in a district school and regarding whom the District maintains education records. 

m. “Student data” means personally identifiable information (PII) from the student records of an educational agency. 

n. “Teacher” means a teacher subject to annual performance evaluation review. 

o. ”Teacher or principal data” means personally identifiable information from the records of an educational agency relating to the annual professional performance reviews of classroom teachers or principals that is confidential and not subject to release pursuant to 1012.31, F.S. 

p. “Third-party contractor/service provider/vendor” means any person or entity, other than an educational agency, whether public or private, that receives student data or teacher or principal data from an educational agency pursuant to a contract or other written agreement for purposes of providing services to the educational agency, including but not limited to data management or storage services, conducting studies for or on behalf of the educational agency, or audit or evaluation of publicly funded programs. This term will include an educational partnership organization that receives student and/or teacher or principal data from a school district to carry out its responsibilities and is not an educational agency, and a not-for-profit corporation or other nonprofit organization, other than an educational agency. The term does not include the Florida Department of Education or the Department’s contractors and subcontractors. 

q. “Unauthorized disclosure” or “unauthorized release” means any disclosure or release not permitted by federal or state statute or regulation, any lawful contract or written agreement, or that does not respond to a lawful order of a court or tribunal or other lawful order.

2. Data Collection Transparency and Restrictions 

As part of its commitment to maintaining the privacy and security of student data and teacher and principal data, the District will take steps to minimize its collection, processing, and transmission of PII. Additionally, the District will: 

a. Not sell PII nor use or disclose it for any marketing or commercial purpose or facilitate its use or disclosure by any other party for any marketing or commercial purpose or permit another party to do so. 

b. Ensure that it has provisions in its contracts with third-party contractors or in separate data sharing and confidentiality agreements that require the confidentiality of shared student data or teacher or principal data be maintained in accordance with law, regulation, and District policy. 

c. Any agreement for online educational services shall contain an explicit prohibition against sharing or selling a student’s PII for commercial purposes without providing parents a means to either consent or disapprove. 

d. This disclosure prohibition does not prevent the purchase, merger, or other type of acquisition of a third party provider or online educational service by another entity, provided that the successor entity continues to be subject to the provisions of this rule with respect to previously acquired PII. 

e. If student PII will be collected by the online educational service, the Superintendent shall establish procedures for notifying parents and eligible students of information that will be collected, how it will be used, when and how it will be destroyed, and the terms of re disclosure, if any. 

3. Data Protection and Terms of Service 

Prior to submitting any online services agreement or contract to the School Board for approval, the Superintendent, or designee shall: 

a. Designate a person or persons responsible for the review and approval of online educational services that are required for students to use.

b. Ensure the online educational service’s terms of service and privacy comply with state and federal privacy laws, including FERPA and its implementing regulations, the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. ss. 6501-6506, and Section 1002.22, F.S. 

c. Ensure the Online Educational Services Agreement contains an explicit prohibition against sharing or selling a student’s PII for commercial purposes without providing parents a means to either consent or disapprove. (This disclosure prohibition does not prevent the purchase, merger, or other type of acquisition of a third party provider or online educational service by another entity, provided that the successor entity continues to be subject to the provisions of this policy with respect to previously acquired PII. 

d. Establish procedures for notifying parents and eligible students if student PII will be collected by the online educational service on how it will be collected, how it will be used, when and how it will be destroyed, and the terms of re-disclosure, if any. 

e. Ensure the service or application is inventoried and evaluated, and supports the schools’ and districts broader mission and goals. 

4. District Data Privacy 

The District will protect the privacy of PII by: 

a. Ensuring that every use and disclosure of PII by the District benefits students and the District by considering, among other criteria, whether the use and/or disclosure will: 

b. Improve academic achievement; 

c. Empower parents and students with information; and/or 

d. Advance efficient and effective school operations. 

e. Not including PII in public reports or other public documents. 

5. The District affords all protections under FERPA and the Individuals with Disabilities Education Act and their implementing regulations to parents or eligible students, where applicable.

6. Click-Wrap Agreements 

Periodically, District staff may wish to use software, applications, or other technologies in which the user must “click” a button or box to agree to certain online terms of service prior to using the software, application, or other technology. These are known as “click-wrap agreements” and are considered legally binding “contracts or other written agreements”. 

a. District staff are prohibited from using software, applications, or other technologies pursuant to a click-wrap agreement in which the third party contractor receives student data or teacher or principal data from the District unless they have received prior approval from the Superintendent, or designee. 

b. The District will develop and implement procedures requiring prior review and approval for staff use of any software, applications, or other technologies pursuant to click-wrap agreements. 

7. Notice: 

For any online educational service that a student is required to use, the district will provide notice on its website of the PII information that may be collected, how it will be used, when it will be destroyed and the terms of re-disclosure. This notice will include a link to the online educational service’s terms of service and privacy policy, if publicly available. 

8. Compliance: 

Pursuant to this policy, any online educational service provided through a Third party vendor or Third-party service provider must be School Board approved. An employee’s failure to follow this policy may result in disciplinary proceedings, up to and including termination. 

9. Parent/Guardian Notice: 

a. The use of any non-approved online educational software, web-based tools or mobile applications on district provided devices may result in the student’s PII being disclosed and not protected.

b. Students shall only use School Board approved online educational software, web-based tools or mobile applications on district provided devices. The use of any non-approved online educational software, web-based tools or mobile applications on district provided devices may result in disciplinary proceedings, up to and including expulsion. 

STATUTORY AUTHORITY: 1001.41; 1001.42, 1001.43, F.S. 

LAWS IMPLEMENTED: 1002.21 1002.22, F.S. 

20 U.S.C. s. 1232g(a)(4); 15 U.S.C. ss. 6501-6506 

34 CFR 99.3; 

F.A.C. 6A-1.09550 

History:

Adopted: June 29, 2023 

Revision Date(s): January 11, 2024 

Formerly: New