If a school and/or a teacher wanted to create a website or portal that would allow students to login and take online classes, yet had to host the site through a third party hosting company, would they be in violation of the Children’s Online Privacy Protection Act (COPPA) in the US for transferring student personal information?
As an authorized agent of the board of trustees for SCHOOL DISTRICT NAME, I authorize release of all current school district data to the VENDOR NAME. VENDORNAME warrants that the confidentiality of data from the school district will be maintained according to all Federal and State laws, and any local policies that are communicated to the responsible parties. VENDORNAME will act as an agent and representative for the school district in the translation, import, and/or use of data. Access to personally identifiable data will not be allowed for anyone other than the staff and sub-contractors directly responsible for the translation, import, and/or use of the data.
Data will be provided only to persons or entities authorized by the school district. The data will be physically stored and backed up on servers located at VENDORNAME’S subcontractor’s offices or on servers located at Internet Service provider secured sites. If the agreement between SCHOOL DISTRICT and VENDORNAME is terminated, data will be copied to storage media and returned to the district or destroyed upon the request of the District. No backup or other copies of the data will be maintained by VENDORNAME or its sub-contractors.
VENDORNAME warrants the confidentiality of student data received from the SCHOOL DISTRICT will be maintained according to all federal and Texas laws, and according to any local policies provided that such local policies are communicated to VENDOR NAME Chief Technology Officer by SCHOOL DISTRICT in written or electronic form.
VENDORNAME will act as SCHOOL DISTRICT’S agent and representative in the translation, import, and/or analysis of certain student data. Access to personally identifiable student data will not be granted to anyone other than persons or entities authorized by SCHOOL DISTRICT representatives and VENDORNAME staff and contractors directly responsible for the translation, import, and/or analysis of the data. VENDORNAME will only use student data received from SCHOOL DISTRICT according to the terms of our agreements or addenda.
The student data received from SCHOOL DISTRICT will be physically stored and backed up on servers located at a secure site.
When the project ends, student data received from SCHOOL DISTRICT will be copied to storage media and delivered to SCHOOL DISTRICT or destroyed upon SCHOOL DISTRICT’S request. No backup or other copies will be maintained by VENDORNAME.
Please call either the Chief Technology Officer or I at your convenience with any questions. We look forward to working with SCHOOL DISTRICT.
CHIEF EXECUTIVE OFFICER, VENDORNAME