• Student Data Privacy
     
     
    Oak Park Unified School District prioritizes keeping student information private and safe from exploitation.  State and federal legislation mandates ALL vendors with access to student data or student accounts adhere to strict guidelines and safeguards concerning the use of student data. This includes the use of student email accounts for logging into a vendor's website or software application and any subsequent data collected about a student through their use of that website or software. The following provides an overview of the federal and state laws that the district operates under and the district's plan for remaining in compliance with all applicable student data privacy regulations. 
     

    FEDERAL LAWS : CIPA, FERPA, COPPA


    The Children's Internet Protection Act (CIPA) was enacted by Congress in 2000 to address concerns about children's access to inappropriate material over the Internet. It requires schools and libraries receiving certain federal funds to implement certain safeguards to prevent students from accessing obscene or harmful content while in session. 
    • CIPA - Children's Internet Protection Act of 2000 (US FTC, links to external website)
     
    The Family Educational Rights and Privacy Act (FERPA) protects student data privacy by prohibiting the improper disclosure of personally identifiable information derived from education records. FERPA requires parental consent for third parties to be granted access to student educational records. An exception to the parental consent requirement is granted to "school business officials" if there is "legitimate educational interest" in the student records being shared. The "legitimate educational interest" for "school business officials" exception may be applied to third-party vendors who have a written agreement (contract) for educational services with the district which has been crafted to address all applicable student data privacy concerns. Oak Park USD utilizes the California-National Student Data Privacy Agreement (CA-NDPA)  as the the standard vehicle with third party vendors to ensure compliance with FERPA and all other state and federal regulations regarding student data privacy (see section below).
    The Child Online Privacy Protection Act (COPPA) was updated in 2013  and gives parents (or schools) control over what information websites can collect from their kids and restricts what vendors they can do with such information. 
    • COPPA - Child Online Privacy Protection Act of 1998 and updated in 2013 (US FTC, links to external website)
    • Overview of COPPA (Consumer Federation of California, links to external website)

     


    CALIFORNIA LAWS: SOPIPA, CCPA, CPRA


     
    California's Student Online Personal Information Protection Act (SOPIPA) took effect in 2015/16 and requires online vendors with access to student logins  (including Google, Apple, and Microsoft)  to comply with strict student information privacy safeguards. This legislation prohibits third-party vendors from creating dossiers of student data and selling such information to other entities. Online vendors may not advertise to students nor provide information about students to third parties. The Student Online Personal Information Protection Act (SOPIPA) comprises AB1548 and SB1177. 
     
    The California Consumer Privacy Act (CCPA) of 2018 regulates the collection and use of user data by vendors. It establishes a user (and therefore school's) right to know what data is being collected about them by the vendor, the right to delete personal information collected, and the right to opt out of the sale or sharing of personal information.
     
    The California Privacy Rights Act (CPRA) was enacted in 2020 with the ratification of Proposition 24 and began taking effect in 2023. The CPRA amends the California Consumer Privacy Act of 2018 and enhances consumer privacy by establishing the right to correct inaccurate personal information collected and the right to limit the use and disclosure of sensitive personal information. 
      
     

    Google Workspace for Education (G Suite)


     
    Oak Park Unified School District utilizes Google Workspace for Education to house and maintain student accounts that may be used to access email services, store student documents and other work, or to access curricular materials and online resources that require individual student logins. Google Workspace for Education (GWFE), formerly known as Google Apps For Education (GAFE), and sometimes referred to as G Suite, is a collection of free Google cloud-based apps and services that allow teachers and students to collaborate on school projects in a secure environment that is completely separate from public Google offerings and is inherently free from advertising and third-party data mining. Examples of Google services that Oak Park Unified School District has enabled via Google Workspace for Education include Google Docs, Google Drive, limited Google Email, and Google Classroom. Some teachers distribute and collect assignments through GWFE and the Google Classroom service. Students will be learning digital citizenship skills and cyber safety and information security/privacy through the use of GWFE and potentially Google Email in certain grades. To enable students to use Google Workspace for Education, the district creates district-managed GWFE accounts for each student using the @opusd.us domain. Information about GWFE and online account management are included in the revised Student Technology Acceptable Use agreement which is in the school registration package and referenced in the school handbooks. 
      

    Student Data Privacy


     
    Student data privacy and information security are of great importance to Oak Park Unified School District and we share your concern that student data is handled appropriately and not shared with outside sources without our permission and that all student data remains under strict control.  In addition to using Google Workspace for Education (GWFE) to provision student online accounts, Oak Park maintains an independent archive of all data housed in Google Workspace For Education data and routinely monitors the student use of these services. 
     
    Because student data privacy is of such great importance and online providers of cloud-hosted services for schools and districts may house student data, the California Information Technology in Education professional organization, CITE, (representing  all public school districts in the state) hired the law firm of Fagen, Friedman, and Fulfrost (F3) to conduct an audit of the three main online service providers of online accounts (Google, Apple, and Microsoft)  for their adherence to state (AB1584/SOPIPA) and federal (FERPA) student data privacy laws.
     
    F3 has rendered their opinion that each vendor has been found to be in compliance with the relevant laws: (click below for F3's findings for each vendor)
     
     
     
     
    Because of the demonstrated adherence to California and Federal student data privacy laws, Oak Park Unified School district believes that students using these services provided by Google, Apple, and Microsoft are protected against the normal data harvesting practices that may apply to the free services that certain vendors provide to the public. According to AB1584, vendors providing services to schools and districts in California are not permitted to create a dossier based on student information and usage except to provide access to their own services, may not share any student information with other third parties, and may not advertise to students. 
     

    California Student Data Privacy Agreement (CA-NDPA)


    Our district partners with other online vendors who handle student data including name, email address, grade level information, teacher name, and course information, and may integrate with a student's district-issued Google account.  To ensure our students’ data is protected and kept private according to state and federal regulations, Oak Park USD requires that vendors with access to student accounts and information sign the California Student Privacy Alliance's Data Privacy Agreement (CSDPA). The California-National Student Data Privacy Agreement (CA-NDPA) ensures that vendors are in compliance with all California and National student data privacy laws, including:

     

    1. Family Educational Rights and Privacy Act (FERPA): Privacy for students data records, parental consent requirement (with exceptions)
    2. Children’s Online Privacy Protection Act (COPPA):  Privacy for children under 13
    3. California Privacy Rights Act of 2020 
    4. California Consumer Privacy Act of 2018
    5. Protection of Pupil Rights Amendment (PPRA):  Student protection for survey information
    6. Student Online Protection Information Protection Act (SOPIPA):  Protection from selling student data
    7. AB1584, Pupil records: privacy

    The entire CSDPA Agreement that covers all the student data privacy laws may be viewed here: CSDPA

    The district constantly works to ensure that all new third party companies handling our student's data meets the standards of the CSDPA.  Currently, the following Vendors have signed the CSDPA:

    Oak Park USD CSDPA Vendor List