The Frontier Regional/Union#38 Schools hold data privacy and security in high regard and takes action to ensure that our students’ data is handled securely in compliance with the Family Educational Rights and Privacy Act (FERPA), Childrens Internet Protection Act (CIPA), and other recognized legislations that protects student data, like the Commonwealth’s Fair Information Practices Act (FIPA), G.L. c.66A.
Frontier Regional/Union #38 Schools uses a standardized data privacy agreement for all suppliers that store any student information including personally identifiable data (PII) that has been developed by the Massachusetts Student Privacy Alliance (MSPA).
According to the Data Privacy Agreement, all providers must:
- Verify that industry standard practices for data security and privacy are being adhered to.
- Ensure that the school system has the authority to check the vendor’s compliance.
- Do not sell student information or use it for anything other the service for which it was intended.
- Give the school district notice of a data breach as soon as it happens, if at all possible.
- No matter where the data is stored, make sure the school district keeps ownership of it.
- Observe the laws defending the rights of students.
Visit the online digital resources database which lists vetted resources for educational and privacy protections.
COPPA - Childrens Online Privacy Protection Act
COPPA puts special restrictions on software companies about the information they can collect about students under 13. So, students under 13 can’t make their own accounts, teachers have to make the accounts for them. In making the accounts, teachers need to be aware of their responsibility under FERPA.
FERPA - Family Educational Rights and Privacy Act
(2) DESE Policies Relating to the Collection and Use of Student Data (2014)
CIPA -Childrent's Internet Protection Act
Teachers don’t need to help comply with CIPA, but it’s useful to know that it is in place. CIPA requires districts to put measures in place to filter Internet access and other measures to protect students. Our district uses a content filter on our gateway to and from the internet, as well as content filtering services from GoGuardian.
HIPAA - Health Insurance Portability and Accountability Act
Restricts the access, use and disclosure of “protected health information” maintained by “covered entities.” These entities are typically health plans, health-care clearinghouses, and health-care providers. That means that your school is not a covered entity, unless you’re providing “health care,” like through a free clinic or other service beyond a day-to-day school nurse. HIPPA can apply to some school health records some of the time. The more important law is FERPA.
PPRA - Protection of Pupil Rights Act
PPRA governs the administration to students of any survey, analysis, or evaluation that concerns one or more of eight designated protected areas.
GDPR - General Data Protection Law in EU (GDPR)
Europe’s new data privacy and security law which includes hundreds of pages’ worth of new requirements for organizations around the world.
CCPA - California Consumer Privacy Act
The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law.