Student Data PrivacyOak Park Unified School District prioritizes keeping student information private and safe from exploitation. State and federal legislation mandates ALL vendors with access to student data or student accounts adhere to strict guidelines and safeguards concerning the use of student data. This includes the use of student email accounts for logging into a vendor's website or software application and any subsequent data collected about a student through their use of that website or software. The following provides an overview of the state and federal laws that the district operates under and the district's plan for remaining in compliance with all applicable student data privacy regulations.
CALIFORNIA LAWS: SOPIPA, CCPA, CPRA
California's Student Online Personal Information Protection Act (SOPIPA) took effect in 2015/16 and requires online vendors with access to student logins (including Google, Apple, and Microsoft) to comply with strict student information privacy safeguards. This legislation prohibits third-party vendors from creating dossiers of student data and selling such information to other entities. Online vendors may not advertise to students nor provide information about students to third parties. The Student Online Personal Information Protection Act (SOPIPA) comprises AB1548 and SB1177.
The California Consumer Privacy Act (CCPA) of 2018 regulates the collection and use of user data by vendors. It establishes a user (and therefore school's) right to know what data is being collected about them by the vendor, the right to delete personal information collected, and the right to opt out of the sale or sharing of personal information.
- Introduction to SOPIPA (from Common Sense Media, links to external website)
The California Privacy Rights Act (CPRA) was enacted in 2020 with the ratification of Proposition 24 and began taking effect in 2023. The CPRA amends the California Consumer Privacy Act of 2018 and enhances consumer privacy by establishing the right to correct inaccurate personal information collected and the right to limit the use and disclosure of sensitive personal information.
- CCPA of 2018 (from California Office of the Attorney General, links to external website)
- Your Rights Under CCPA (from Consumer-Action.org, links to external website)
- CPRA and Proposition 24 (from Future of Privacy Forum, links to external website)
FEDERAL LAWS : CIPA, FERPA, COPPAThe Children's Internet Protection Act (CIPA) was enacted by Congress in 2000 to address concerns about children's access to inappropriate material over the Internet. It requires schools and libraries receiving certain federal funds to implement certain safeguards to prevent students from accessing obscene or harmful content while in session.
The Family Educational Rights and Privacy Act (FERPA) protects student data privacy by prohibiting the improper disclosure of personally identifiable information derived from education records.
- CIPA - Children's Internet Protection Act of 2000 (US FTC, links to external website)
The Child Online Privacy Protection Act (COPPA) was updated in 2013 and gives parents (or schools) control over what information websites can collect from their kids and restricts what vendors they can do with such information.
- FERPA Regulations (links to external website)
- FERPA Guidance for Parents (links to external website)
- COPPA - Child Online Privacy Protection Act of 1998 and updated in 2013 (US FTC, links to external website)
- Overview of COPPA (Consumer Federation of California, links to external website)
What is Google Workspace for Education (G Suite)?
Google Workspace for Education (GWFE), formerly known as Google Apps For Education (GAFE), and sometimes referred to as G Suite, is a collection of free Google cloud-based apps and services that allow teachers and students to collaborate on school projects in a secure environment that is completely separate from public Google offerings and is free from advertising and third-party data mining. Examples of Google services that Oak Park Unified School District has enabled via Google Workspace for Education include Google Docs, Google Drive, limited Google Email, and Google Classroom. Some teachers distribute and collect assignments through GWFE and the Google Classroom service. Students will be learning digital citizenship skills and cyber safety and information security/privacy through the use of GWFE and potentially Google Email in certain grades. To enable students to use Google Workspace for Education, the district will create district-managed GWFE accounts for each student. Information about GWFE and online account management are included in the revised Student Technology Acceptable Use agreement which is in the school registration package and referenced in the school handbooks.
Student Data Privacy
Student data privacy and information security are of great importance to Oak Park Unified School District and we share your concern that student data is handled appropriately and not shared with outside sources without our permission and that all student data remains under strict control. We have designed our implementation of cloud-based accounts and data storage to be as similar as possible to the data access and security we have with district files/data hosted on our own district servers. In addition to using Google Workspace for Education (GWFE) to provision student online accounts, Oak Park maintains an independent archive of all data housed in Google Workspace For Education data and routinely monitors the contents of student data. We have also employed the services of AmplifiedIT, the leading K-12 Google Apps for Education consultancy to assist us in configuring our GWFE implementation to ensure it follows best practices to maximize the security and safety of student data.Because student data privacy is of such great importance and online providers of cloud-hosted services for schools and districts may house student data, the California Information Technology in Education professional organization, CITE, (representing all public school districts in the state) hired the law firm of Fagen, Friedman, and Fulfrost (F3) to conduct an audit of the three main online service providers of online accounts (Google, Apple, and Microsoft) for their adherence to state (AB1584/SOPIPA) and federal (FERPA) student data privacy laws.F3 has rendered their opinion that each vendor has been found to be in compliance with the relevant laws: (click below for F3's findings for each vendor)F3 report finding Google in Compliance with California and Federal student data privacy regulations (links to external website)F3 report finding Apple in compliance with California and Federal student data privacy regulations (links to external website)F3 report finding Microsoft in compliance with California and Federal student data privacy regulations (links to external website)Because of the demonstrated adherence to California and Federal student data privacy laws, Oak Park Unified School district believes that students using these services provided by Google, Apple, and Microsoft are protected against the normal data harvesting practices that may apply to the free services that certain vendors provide to the public. According to AB1584, vendors providing services to schools and districts in California are not permitted to create a dossier based on student information and usage except to provide access to their own services, may not share any student information with other third parties, and may not advertise to students.
California Student Data Privacy Agreement
Our district partners with other online vendors who handle student data including name, email address, grade level information, teacher name, and course information, and may integrate with a student's district-issued Google account. To ensure our students’ data is protected and kept private according to state and federal regulations, Oak Park USD requires that vendors with access to student accounts and information sign the California Student Privacy Alliance's Data Privacy Agreement (CSDPA). The California-National Student Data Privacy Agreement ensures that vendors are in compliance with all California and National student data privacy laws, including:
- California Privacy Rights Act of 2020
- California Consumer Privacy Act of 2018
- Family Educational Rights and Privacy Act (FERPA): Privacy for students data records
- Children’s Online Privacy Protection Act (COPPA): Privacy for children under 13
- Protection of Pupil Rights Amendment (PPRA): Student protection for survey information
- Student Online Protection Information Protection Act (SOPIPA): Protection from selling student data
- AB1584, Pupil records: privacy
The entire CSDPA Agreement that covers all the student data privacy laws may be viewed here: CSDPA
The district constantly works to ensure that all new third party companies handling our student's data meets the standards of the CSDPA. Currently, the following Vendors have signed the CSDPA: