Skip to main content
Educational Technology » Explanation for Application Moratorium

Explanation for Application Moratorium

The SRUSD Educational Technology Department is currently placing a moratorium on new educational application purchases to ensure that any application purchased complies with FERPA (Family Educational Rights and Privacy Act) FERPA (Family Educational Rights and Privacy Act), COPPA (Children's Online Privacy Protection Act)  and  the California Student Data Privacy Protection Act (CSDPPA). This involves developing an application request process, educating staff and students in regard to online privacy, conducting a comprehensive assessment of each application requested, evaluating the vendor's data privacy and security practices, and negotiating a data privacy agreement with the vendor. By taking these [steps, SRUSD can ensure that student data is adequately protected and that we are in compliance with all relevant privacy laws and regulations.

Cybersecurity threats are increasingly becoming more prevalent and sophisticated, particularly in the education sector. Educational institutions are particularly attractive targets for hackers due to the vast amounts of personal and sensitive data that they hold. Cybersecurity breaches can result in the unauthorized access, theft, or manipulation of staff and student data, putting their privacy and security at risk. Therefore, it is crucial for the educational technology department to conduct a thorough assessment of any educational application intended for purchase to ensure it has adequate security measures to safeguard staff and student data.

FERPA (Family Educational Rights and Privacy Act) and COPPA (Children's Online Privacy Protection Act) are federal laws that protect the privacy and security of students' personally identifiable information (PII). These laws place strict regulations on the collection, storage, and sharing of student data by educational institutions and their vendors. Therefore, any educational application purchased must comply with FERPA and COPPA regulations to ensure that student data is adequately protected.

Additionally, California has recently introduced the California Student Data Privacy Protection Act (CSDPPA), which places additional obligations on educational institutions and their vendors to protect student data. The CSDPPA requires educational institutions to evaluate and assess the privacy and security practices of their vendors, and to ensure that any contract or agreement with a vendor includes specific provisions relating to student data privacy and security. Therefore, the educational technology department is taking additional steps to ensure that any educational application purchased complies with the CSDPPA.

To address these concerns, the Educational Technology Department is taking necessary steps to acquire new and existing applications using a data privacy agreement. A data privacy agreement is a contractual agreement between the educational institution and the vendor that outlines the terms and conditions for the collection, use, storage, and sharing of student data.

Under a data privacy agreement, the vendor must provide assurances that they will comply with all relevant privacy laws and regulations, including FERPA, COPPA, and the CSDPPA. The agreement also outlines the specific measures that the vendor will take to ensure the security and privacy of student data, such as data encryption, access controls, and regular security audits.

Acquiring new and existing applications using a data privacy agreement can provide several benefits for the educational institution, including:

  1. Increased protection of student data - By requiring vendors to comply with strict data privacy and security standards, the educational institution can minimize the risk of cybersecurity breaches and protect the privacy of student data.
  2. Legal compliance - A data privacy agreement ensures that the educational institution is in compliance with all relevant privacy laws and regulations, such as FERPA, COPPA, and the CSDPPA.
  3. Transparent data practices - By requiring vendors to provide transparency regarding their data practices, the educational institution can ensure that students and parents are aware of how their data is being used and protected.
  4. Improved vendor management - By establishing clear expectations and standards for data privacy and security, the educational institution can effectively manage their relationships with vendors and ensure that they are meeting their obligations.