BLUE CARD Dawn Urbanek
AT page 364
WHAT SB 1177 DOES:
SB 1177 lays out a number of do's and don'ts for operators of K-12 Internet websites, online services, online applications and mobile applications that apply broadly whether companies contract with schools or not:
Do not target advertising on the site or another site based on information from K-12 users.
Do not use information gathered through the service to build a profile about a K-12 student.
Do not sell a student's information.
Do not disclose covered information unless it's for legal, regulatory, judicial, safety or operational improvement reasons.
Do protect student information through reasonable security procedures and practices.
Do delete school- or district-controlled student information upon request from those entities.
Do disclose student information when required by law, for legitimate research purposes and for K-12 purposes to education agencies.
Companies can use de-identified student data within their sites to improve educational products, demonstrate their effectiveness and improve their sites.
WHAT AB 1584 DOES
AB 1584 dives into the details by spelling out what types of things local educational agencies should include in contracts with third-party digital record and educational software providers:
Do establish that the local educational agency owns and controls student records.
Do describe how students can keep control of their projects and other content created for school, along with a way to transfer their content to a personal account later.
Do prohibit third parties from using student information for purposes outside of those named in the contract.
Do describe how parents, legal guardians or students can review and correct personally identifiable information contained in their records.
Do outline actions that third parties will take to make sure that student data is secure and confidential.
Do describe procedures for notifying affected parents, legal guardians or eligible students when there is an unauthorized disclosure of student records.
Do certify that student records will not be retained or available to the third party once the contract is over and lay out how that will be enforced.
Do describe how local educational agencies and third parties will comply with the federal FERPA legislation.
Do prohibit third parties from using personally identifiable information from student records to target advertising to students.
Along with these do's, the bill says that contracts will be voided if they do not comply with the requirements laid out above after a reasonable amount of time and notice to do so.