The District will abide by any law, statutory, regulatory, or contractual obligations affecting its informational systems. The following laws, rules, and standards, among others, inform the District’s data governance policy and procedures:
CIPA: Congress enacted the Children’s Internet Protection Act in 2000 to address concerns about children’s access to obscene or harmful content over the Internet. CIPA imposes certain requirements on schools or libraries that receive discounts for Internet access or internal connections through the E-rate program. Schools subject to CIPA have two additional certification requirements: 1) their Internet safety policies shall include monitoring the online activities of minors; and 2) as required by the Protecting Children in the 21st Century Act, they shall provide for educating minors about appropriate online behavior, including interacting with other individuals on social networking websites and in chat rooms, and cyber bullying awareness and response. For more information, see: http://www.fcc.gov/guides/childrens-internet-protection-act
COPPA: The Children’s Online Privacy Protection Act regulates operators of commercial websites or online services directed to children under 13 that collect or store information about children. Parental permission is required to gather certain information, See www.coppa.org for details.
FERPA: The Family Educational Rights and Privacy Act, applies to all institutions that are recipients of federal aid administered by the Secretary of Education. This regulation protects student information and accords students’ specific rights with respect to their data. For more information, see: http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
HIPAA: The Health Insurance Portability and Accountability Act, applies to organizations that transmit or store Protected Health Information (PII). It is a broad standard that was originally intended to combat waste, fraud, and abuse in health care delivery and health insurance, but is now used to measure and improve the security of health information as well. For more information, see: http://www.hhs.gov/ocr/privacy/hipaa/understanding/
PCI DSS: A consortium of payment brands including American Express, Discover, MasterCard, and Visa created the Payment Card Industry Data Security Standard. It covers the management of payment card data and is relevant for any organization that accepts credit card payments. For more information, see: www.pcisecuritystandards.org
PPRA: The Protection of Pupil Rights Amendment affords parents and minor students’ rights regarding our conduct of surveys, collection, and use of information for marketing purposes, and certain physical exams.
These include the right to the following: Consent before students are required to submit to a survey that concerns one or more of the following protected areas (“protected information survey”) if the survey is funded in whole or in part by a program of the U.S. Department of Education (ED)–
- Political affiliations or beliefs of the student or student’s parent
- Mental or psychological problems of the student or student’s family
- Sex behavior or attitudes
- Illegal, anti-social, self-incriminating, or demeaning behavior
- Critical appraisals of others with whom respondents have close family relationships
- Legally recognized privileged relationships, such as with lawyers, doctors, or ministers
- Religious practices, affiliations, or beliefs of the student or parents or
- Income, other than as required by law to determine program eligibility
Receive notice and an opportunity to opt a student out of the following:
- Any other protected information survey, regardless of funding;
- Any non-emergency, invasive physical exam or screening required as a condition of attendance, administered by the school or its agent, and not necessary to protect the immediate health and safety of a student, except for hearing, vision, or scoliosis screenings, or any physical exam or screening permitted or required under State law; and
- Activities involving collection, disclosure, or use of personal information obtained from students for marketing or to sell or otherwise distribute the information to others.