Stats Medic, Exams of Law

Lemont High School. Stats Medic ... Stats Medic. 6694 Fencerow Ct Caledonia,. MN 49316 ... [email protected]. 03/02/2021. Donna Wall. IT Director.

Typology: Exams

2022/2023

Uploaded on 03/01/2023

nicoth
nicoth 🇺🇸

4.3

(20)

262 documents

1 / 22

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1






Lemont High School
Stats Medic
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16

Partial preview of the text

Download Stats Medic and more Exams Law in PDF only on Docsity!

4UBOEBSE4UVEFOU%BUB1SJWBDZ"HSFFNFOU

BOE

*-/%1"4UBOEBSE

7FSTJPO

-BTU6QEBUFE *-/%1"7FSTJPO1BHFPG

Lemont High School

Stats Medic

This Student Data Privacy Agreement (“ DPA ”) is entered into on the date of full execution (the “ Effective Date ”) and is entered into by and between: [], located at [] (the “ Local Education Agency ” or “ LEA ”) and [], located at [] (the “ Provider ”). WHEREAS , the Provider is providing educational or digital services to LEA. WHEREAS , the Provider and LEA recognize the need to protect personally identifiable student information and other regulated data exchanged between them as required by applicable laws and regulations, such as the Family Educational Rights and Privacy Act (“ FERPA ”) at 20 U.S.C. § 1232g (34 CFR Part 99); the Children’s Online Privacy Protection Act (“COPPA”) at 15 U.S.C. § 6501-6506 (16 CFR Part 312), applicable state privacy laws and regulations and WHEREAS , the Provider and LEA desire to enter into this DPA for the purpose of establishing their respective obligations and duties in order to comply with applicable laws and regulations. NOW THEREFORE , for good and valuable consideration, LEA and Provider agree as follows:

  1. A description of the Services to be provided, the categories of Student Data that may be provided by LEA to Provider, and other information specific to this DPA are contained in the Standard Clauses hereto.
  2. Special Provisions. Check if Required If checked, the Supplemental State Terms and attached hereto as Exhibit “G” are hereby incorporated by reference into this DPA in their entirety. If checked, LEA and Provider agree to the additional terms or modifications set forth in Exhibit “H”. (Optional) If Checked, the Provider, has signed Exhibit “E” to the Standard Clauses, otherwise known as General Offer of Privacy Terms
  3. In the event of a conflict between the SDPC Standard Clauses, the State or Special Provisions will control. In the event there is conflict between the terms of the DPA and any other writing, including, but not limited to the Service Agreement and Provider Terms of Service or Privacy Policy the terms of this DPA shall control.
  4. This DPA shall stay in effect for three years. Exhibit E will expire 3 years from the date the original DPA was signed.
  5. The services to be provided by Provider to LEA pursuant to this DPA are detailed in Exhibit “A” (the “ Services ”).
  6. Notices. All notices or other communication required or permitted to be given hereunder may be given via e-mail transmission, or first-class mail, sent to the designated representatives below. -BTU6QEBUFE *-/%1"7FSTJPO1BHFPG Lemont High School 800 Porter^60439 Street^ Lemont,^ IL Stats Medic 6694 Fencerow MN 49316 Ct^ Caledonia, ✔ ✔
STANDARD CLAUSES

Version 1.

ARTICLE I: PURPOSE AND SCOPE

1. Purpose of DPA. The purpose of this DPA is to describe the duties and responsibilities to protect Student Data including compliance with all applicable federal, state, and local privacy laws, rules, and regulations, all as may be amended from time to time. In performing these services, the Provider shall be considered a School Official with a legitimate educational interest, and performing services otherwise provided by the LEA. Provider shall be under the direct control and supervision of the LEA, with respect to its use of Student Data 2. Student Data to Be Provided. In order to perform the Services described above, LEA shall provide Student Data as identified in the Schedule of Data, attached hereto as Exhibit “B”. 3. DPA Definitions. The definition of terms used in this DPA is found in Exhibit “C”. In the event of a conflict, definitions used in this DPA shall prevail over terms used in any other writing, including, but not limited to the Service Agreement, Terms of Service, Privacy Policies etc.

ARTICLE II: DATA OWNERSHIP AND AUTHORIZED ACCESS

1. Student Data Property of LEA. All Student Data transmitted to the Provider pursuant to the Service Agreement is and will continue to be the property of and under the control of the LEA. The Provider further acknowledges and agrees that all copies of such Student Data transmitted to the Provider, including any modifications or additions or any portion thereof from any source, are subject to the provisions of this DPA in the same manner as the original Student Data. The Parties agree that as between them, all rights, including all intellectual property rights in and to Student Data contemplated per the Service Agreement, shall remain the exclusive property of the LEA. For the purposes of FERPA, the Provider shall be considered a School Official, under the control and direction of the LEA as it pertains to the use of Student Data, notwithstanding the above. 2. Parent Access. To the extent required by law the LEA shall establish reasonable procedures by which a parent, legal guardian, or eligible student may review Education Records and/or Student Data correct erroneous information, and procedures for the transfer of student-generated content to a personal account, consistent with the functionality of services. Provider shall respond in a reasonably timely manner (and no later than forty five (45) days from the date of the request or pursuant to the time frame required under state law for an LEA to respond to a parent or student, whichever is sooner) to the LEA’s request for Student Data in a student’s records held by the Provider to view or correct as necessary. In the event that a parent of a student or other individual contacts the Provider to review any of the Student Data accessed pursuant to the Services, the Provider shall refer the parent or individual to the LEA, who will follow the necessary and proper procedures regarding the requested information. 3. Separate Account. If Student-Generated Content is stored or maintained by the Provider, Provider shall, at the request of the LEA, transfer, or provide a mechanism for the LEA to transfer, said Student- Generated Content to a separate account created by the student. -BTU6QEBUFE *-/%1"7FSTJPO1BHFPG

4. Law Enforcement Requests. Should law enforcement or other government entities (“Requesting Party(ies)”) contact Provider with a request for Student Data held by the Provider pursuant to the Services, the Provider shall notify the LEA in advance of a compelled disclosure to the Requesting Party, unless lawfully directed by the Requesting Party not to inform the LEA of the request. 5. Subprocessors. Provider shall enter into written agreements with all Subprocessors performing functions

for the Provider in order for the Provider to provide the Services pursuant to the Service Agreement,

whereby the Subprocessors agree to protect Student Data in a manner no less stringent than the terms of this DPA.

ARTICLE III: DUTIES OF LEA

1. Provide Data in Compliance with Applicable Laws. LEA shall provide Student Data for the purposes of obtaining the Services in compliance with all applicable federal, state, and local privacy laws, rules, and regulations, all as may be amended from time to time. 2. Annual Notification of Rights. If the LEA has a policy of disclosing Education Records and/or Student Data under FERPA (34 CFR § 99.31(a)(1)), LEA shall include a specification of criteria for determining who constitutes a school official and what constitutes a legitimate educational interest in its annual notification of rights. 3. Reasonable Precautions. LEA shall take reasonable precautions to secure usernames, passwords, and any other means of gaining access to the services and hosted Student Data. 4. Unauthorized Access Notification. LEA shall notify Provider promptly of any known unauthorized access. LEA will assist Provider in any efforts by Provider to investigate and respond to any unauthorized access.

ARTICLE IV: DUTIES OF PROVIDER

1. Privacy Compliance. The Provider shall comply with all applicable federal, state, and local laws, rules, and regulations pertaining to Student Data privacy and security, all as may be amended from time to time. 2. Authorized Use. The Student Data shared pursuant to the Service Agreement, including persistent unique identifiers, shall be used for no purpose other than the Services outlined in Exhibit A or stated in the Service Agreement and/or otherwise authorized under the statutes referred to herein this DPA. 3. Provider Employee Obligation. Provider shall require all of Provider’s employees and agents who have access to Student Data to comply with all applicable provisions of this DPA with respect to the Student Data shared under the Service Agreement. Provider agrees to require and maintain an appropriate confidentiality agreement from each employee or agent with access to Student Data pursuant to the Service Agreement. 4. No Disclosure. Provider acknowledges and agrees that it shall not make any re-disclosure of any Student Data or any portion thereof, including without limitation, user content or other non-public information and/or personally identifiable information contained in the Student Data other than as directed or -BTU6QEBUFE *-/%1"7FSTJPO1BHFPG

agency with oversight authority or jurisdiction in connection with any audit or investigation of the Provider and/or delivery of Services to students and/or LEA, and shall provide reasonable access to the Provider’s facilities, staff, agents and LEA’s Student Data and all records pertaining to the Provider, LEA and delivery of Services to the LEA. Failure to reasonably cooperate shall be deemed a material breach of the DPA.

3. Data Security. The Provider agrees to utilize administrative, physical, and technical safeguards designed to protect Student Data from unauthorized access, disclosure, acquisition, destruction, use, or modification. The Provider shall adhere to any applicable law relating to data security. The provider shall implement an adequate Cybersecurity Framework based on one of the nationally recognized standards set forth set forth in Exhibit “F”. Exclusions, variations, or exemptions to the identified Cybersecurity Framework must be detailed in an attachment to Exhibit “H”. Additionally, Provider may choose to further detail its security programs and measures that augment or are in addition to the Cybersecurity Framework in Exhibit “F”. Provider shall provide, in the Standard Schedule to the DPA, contact information of an employee who LEA may contact if there are any data security concerns or questions. 4. Data Breach. In the event of an unauthorized release, disclosure or acquisition of Student Data that compromises the security, confidentiality or integrity of the Student Data maintained by the Provider the Provider shall provide notification to LEA within seventy-two (72) hours of confirmation of the incident, unless notification within this time limit would disrupt investigation of the incident by law enforcement. In such an event, notification shall be made within a reasonable time after the incident. Provider shall follow the following process: (1) The security breach notification described above shall include, at a minimum, the following information to the extent known by the Provider and as it becomes available: i. The name and contact information of the reporting LEA subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. iii. If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided; and v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (2) Provider agrees to adhere to all federal and state requirements with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach. (3) Provider further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide LEA, upon request, with a summary of said written incident response plan. -BTU6QEBUFE *-/%1"7FSTJPO1BHFPG

(4) LEA shall provide notice and facts surrounding the breach to the affected students, parents or guardians. (5) In the event of a breach originating from LEA’s use of the Service, Provider shall cooperate with LEA to the extent necessary to expeditiously secure Student Data.

ARTICLE VI: GENERAL OFFER OF TERMS

Provider may, by signing the attached form of “General Offer of Privacy Terms” (General Offer, attached hereto as Exhibit “E” ), be bound by the terms of Exhibit “E” to any other LEA who signs the acceptance on said Exhibit. The form is limited by the terms and conditions described therein.

ARTICLE VII: MISCELLANEOUS

1. Termination. In the event that either Party seeks to terminate this DPA, they may do so by mutual written consent so long as the Service Agreement has lapsed or has been terminated. Either party may terminate this DPA and any service agreement or contract if the other party breaches any terms of this DPA. 2. Effect of Termination Survival. If the Service Agreement is terminated, the Provider shall destroy all of LEA’s Student Data pursuant to Article IV, section 6. 3. Priority of Agreements. This DPA shall govern the treatment of Student Data in order to comply with the privacy protections, including those found in FERPA and all applicable privacy statutes identified in this DPA. In the event there is conflict between the terms of the DPA and the Service Agreement, Terms of Service, Privacy Policies, or with any other bid/RFP, license agreement, or writing, the terms of this DPA shall apply and take precedence. In the event of a conflict between Exhibit H, the SDPC Standard Clauses, and/or the Supplemental State Terms, Exhibit H will control, followed by the Supplemental State Terms. Except as described in this paragraph herein, all other provisions of the Service Agreement shall remain in effect. 4. Entire Agreement. This DPA and the Service Agreement constitute the entire agreement of the Parties relating to the subject matter hereof and supersedes all prior communications, representations, or agreements, oral or written, by the Parties relating thereto. This DPA may be amended and the observance of any provision of this DPA may be waived (either generally or in any particular instance and either retroactively or prospectively) only with the signed written consent of both Parties. Neither failure nor delay on the part of any Party in exercising any right, power, or privilege hereunder shall operate as a waiver of such right, nor shall any single or partial exercise of any such right, power, or privilege preclude any further exercise thereof or the exercise of any other right, power, or privilege. -BTU6QEBUFE *-/%1"7FSTJPO1BHFPG

EXHIBIT “A”

DESCRIPTION OF SERVICES

-BTU6QEBUFE *-/%1"7FSTJPO1BHFPG

Stats Medic AP Exam Review Course

EXHIBIT “B”

SCHEDULE OF DATA

Category of Data Elements Check if Used by Your System Application Technology Meta Data IP Addresses of users, Use of cookies, etc. Other application technology meta data-Please specify: Application Use Statistics (^) Meta data on user interaction with application Assessment (^) Standardized test scores Observation data Other assessment data-Please specify: Attendance (^) Student school (daily) attendance data Student class attendance data Communications (^) Online communications captured (emails, blog entries) Conduct (^) Conduct or behavioral data Demographics (^) Date of Birth Place of Birth Gender Ethnicity or race Language information (native, or primary language spoken by student) Other demographic information-Please specify: Enrollment (^) Student school enrollment Student grade level Homeroom Guidance counselor Specific curriculum programs Year of graduation Other enrollment information-Please specify: Parent/Guardian Contact Information Address Email -BTU6QEBUFE *-/%1"7FSTJPO1BHFPG ✔

Category of Data Elements Check if Used by Your System Student course grades/ performance scores Other transcript data - Please specify: Transportation (^) Student bus assignment Student pick up and/or drop off location Student bus card ID number Other transportation data – Please specify: Other Please list each additional data element used, stored, or collected by your application: None No Student Data collected at this time. Provider will immediately notify LEA if this designation is no longer applicable. -BTU6QEBUFE *-/%1"7FSTJPO1BHFPG ✔

EXHIBIT “C”

DEFINITIONS

De-Identified Data and De-Identification : Records and information are considered to be de-identified when all personally identifiable information has been removed or obscured, such that the remaining information does not reasonably identify a specific individual, including, but not limited to, any information that, alone or in combination is linkable to a specific student and provided that the educational agency, or other party, has made a reasonable determination that a student’s identity is not personally identifiable, taking into account reasonable available information. Educational Records : Educational Records are records, files, documents, and other materials directly related to a student and maintained by the school or local education agency, or by a person acting for such school or local education agency, including but not limited to, records encompassing all the material kept in the student’s cumulative folder, such as general identifying data, records of attendance and of academic work completed, records of achievement, and results of evaluative tests, health data, disciplinary status, test protocols and individualized education programs. Metadata : means information that provides meaning and context to other data being collected; including, but not limited to: date and time records and purpose of creation Metadata that have been stripped of all direct and indirect identifiers are not considered Personally Identifiable Information. Operator : means the operator of an internet website, online service, online application, or mobile application with actual knowledge that the site, service, or application is used for K–12 school purposes. Any entity that operates an internet website, online service, online application, or mobile application that has entered into a signed, written agreement with an LEA to provide a service to that LEA shall be considered an “operator” for the purposes of this section. Originating LEA: An LEA who originally executes the DPA in its entirety with the Provider. Provider : For purposes of the DPA, the term “Provider” means provider of digital educational software or services, including cloud-based services, for the digital storage, management, and retrieval of Student Data. Within the DPA the term “Provider” includes the term “Third Party” and the term “Operator” as used in applicable state statutes. Student Generated Content : The term “student-generated content” means materials or content created by a student in the services including, but not limited to, essays, research reports, portfolios, creative writing, music or other audio files, photographs, videos, and account information that enables ongoing ownership of student content. School Official : For the purposes of this DPA and pursuant to 34 CFR § 99.31(b), a School Official is a contractor that: (1) Performs an institutional service or function for which the agency or institution would otherwise use employees; (2) Is under the direct control of the agency or institution with respect to the use and maintenance of Student Data including Education Records; and (3) Is subject to 34 CFR § 99.33(a) governing the use and re- disclosure of personally identifiable information from Education Records. Service Agreement : Refers to the Contract, Purchase Order or Terms of Service or Terms of Use. Student Data : Student Data includes any data, whether gathered by Provider or provided by LEA or its users, students, or students’ parents/guardians, that is descriptive of the student including, but not limited to, -BTU6QEBUFE *-/%1"7FSTJPO1BHFPG

EXHIBIT “D”

DIRECTIVE FOR DISPOSITION OF DATA

Provider to dispose of data obtained by Provider pursuant to the terms of the Service Agreement between LEA and Provider. The terms of the Disposition are set forth below:

  1. Extent of Disposition _____ Disposition is partial. The categories of data to be disposed of are set forth below or are found in an attachment to this Directive: [  ] _____ Disposition is Complete. Disposition extends to all categories of data.
  2. Nature of Disposition _____ Disposition shall be by destruction or deletion of data. _____ Disposition shall be by a transfer of data. The data shall be transferred to the following site as follows: [ ]
  3. Schedule of Disposition Data shall be disposed of by the following date: _____ As soon as commercially practicable. _____ By [  ]
  4. Signature

Authorized Representative of LEA

_____________

Date

  1. Verification of Disposition of Data

Authorized Representative of Company

_____________

Date -BTU6QEBUFE *-/%1"7FSTJPO1BHFPG Lemont High School

EXHIBIT “E”

GENERAL OFFER OF PRIVACY TERMS

1. Offer of Terms Provider offers the same privacy protections found in this DPA between it and [  ](“Originating LEA”) which is dated [  ], to any other LEA (“Subscribing LEA”) who accepts this General Offer of Privacy Terms (“General Offer”) through its signature below. This General Offer shall extend only to privacy protections, and Provider’s signature shall not necessarily bind Provider to other terms, such as price, term, or schedule of services, or to any other provision not addressed in this DPA. The Provider and the Subscribing LEA may also agree to change the data provided by Subscribing LEA to the Provider to suit the unique needs of the Subscribing LEA. The Provider may withdraw the General Offer in the event of: (1) a material change in the applicable privacy statues; (2) a material change in the services and products listed in the originating Service Agreement; or three (3) years after the date of Provider’s signature to this Form. Subscribing LEAs should send the signed Exhibit “E” to Provider at the following email address: _________________________________________. BY: _________________________________________________________Date: ___________________________ Printed Name: ___________________________________Title/Position: ________________________________ 2. Subscribing LEA A Subscribing LEA, by signing a separate Service Agreement with Provider, and by its signature below, accepts the General Offer of Privacy Terms. The Subscribing LEA and the Provider shall therefore be bound by the same terms of this DPA for the term of the DPA between the [  ] and the Provider. **PRIOR TO ITS EFFECTIVENESS, SUBSCRIBING LEA MUST DELIVER NOTICE OF ACCEPTANCE TO PROVIDER PURSUANT TO ARTICLE VII, SECTION 5. ** BY: _______________________________________________________Date:______________________________ Printed Name: ___________________________________ Title/Position: ________________________________ SCHOOL DISTRICT NAME: ______________________________________________________________________ DESIGNATED REPRESENTATIVE OF LEA: Name: ________________________________________________________________________ Title: ________________________________________________________________________ Address: ________________________________________________________________________ Telephone Number: ________________________________________________________________________ Email: ________________________________________________________________________ -BTU6QEBUFE *-/%1"7FSTJPO1BHFPG

Lemont High School

Lemont High School 3/2/ Stats Medic 03/02/ Luke Wilcox Co-Founder

Luke Waking

EXHIBIT “G” – Supplemental SDPC State Terms for Illinois

Version 1. This Exhibit G , Supplemental SDPC State Terms for Illinois (“Supplemental State Terms”), effective simultaneously with the attached Student Data Privacy Agreement (“DPA”) by and between ______________________________________________ (the “Local Education Agency” or “LEA”) and ______________________________________________ (the “Provider”), is incorporated in the attached DPA and amends the DPA (and all supplemental terms and conditions and policies applicable to the DPA) as follows:

  1. Compliance with Illinois Privacy Laws. In performing their respective obligations under the Agreement, the LEA and the Provider shall comply with all Illinois laws and regulations pertaining to student data privacy and confidentiality, including but not limited to the Illinois School Student Records Act (“ISSRA”), 105 ILCS 10/, Mental Health and Developmental Disabilities Confidentiality Act (“MHDDCA”), 740 ILCS 110/, Student Online Personal Protection Act (“SOPPA”), 105 ILCS 85/, Identity Protection Act (“IPA”), 5 ILCS 179/, and Personal Information Protection Act (“PIPA”), 815 ILCS 530/.
  2. Definition of “Student Data.” In addition to the definition set forth in Exhibit C , Student Data includes any and all “covered information,” as that term is defined in Section 5 of SOPPA (105 ILCS 85/5), and Student Data shall constitute “school student records” as that term is defined in Section 2 of ISSRA (105 ILCS 10/2(d)).
  3. School Official Designation. Pursuant to Article I, Paragraph 1 of the DPA Standard Clauses, and in accordance with FERPA, ISSRA and SOPPA, in performing its obligations under the DPA, the Provider is acting as a school official with legitimate educational interest; is performing an institutional service or function for which the LEA would otherwise use its own employees; is under the direct control of the LEA with respect to the use and maintenance of Student Data; and is using Student Data only for an authorized purpose.
  4. Limitations on Re-Disclosure. The Provider shall not re-disclose Student Data to any Third Party or affiliate without the express written permission of the LEA or pursuant to court order, unless such disclosure is otherwise permitted under SOPPA, ISSRA, FERPA, and MHDDCA. In the event a Third Party, including law enforcement or a government entity, contacts the Provider with a request or subpoena for Student Data in the possession of the Provider, the Provider shall redirect the Third Party to seek the data directly from the LEA. In the event the Provider is compelled to produce Student Data to a Third Party in compliance with a court order, Provider shall notify the LEA at least five (5) school days in advance of the court ordered disclosure and, upon request, provide the LEA with a copy of the court order requiring such disclosure.
  5. Notices. Any notice delivered pursuant to the DPA shall be deemed effective, as applicable, upon receipt as evidenced by the date of transmission indicated on the transmission material, if by e-mail; or four (4) days after mailing, if by first-class mail, postage prepaid.
  6. Parent Right to Access and Challenge Student Data. The LEA shall establish reasonable procedures pursuant to which a parent, as that term is defined in 105 ILCS 10/2(g), may inspect and/or copy Student Data and/or challenge the accuracy, relevance or propriety of Student Data, pursuant to Sections 5 and 7 of ISSRA (105 ILCS 10/5; 105 ILCS 10/7) and Section 33 of SOPPA (105 ILCS 85/33). The Provider shall respond to any request by the LEA for Student Data in the possession of the Provider, for -BTU6QEBUFE *-/%1"7FSTJPO1BHFPG Lemont High School Stats Medic

purposes of affording a parent an opportunity to inspect and/or copy the Student Data, no later than 10 business days from the date of the request. In the event that a parent contacts the Provider directly to inspect and/or copy Student Data, the Provider shall refer the parent to the LEA, which shall follow the necessary and proper procedures regarding the requested Student Data.

  1. Corrections to Factual Inaccuracies. In the event that the LEA determines that the Provider is maintaining Student Data that contains a factual inaccuracy, the LEA shall notify the Provider of the factual inaccuracy and the correction to be made. No later than 90 calendar days after receiving the notice of the factual inaccuracy, the Provider shall correct the factual inaccuracy and shall provide written confirmation of the correction to the LEA.
  2. Security Standards. The Provider shall implement and maintain commercially reasonable security procedures and practices that otherwise meet or exceed industry standards designed to protect Student Data from unauthorized access, destruction, use, modification, or disclosure, including but not limited to the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the Student Data (a “Security Breach”). For purposes of the DPA and this Exhibit G , “Security Breach” does not include the good faith acquisition of Student Data by an employee or agent of the Provider or LEA for a legitimate purpose of the Provider or LEA, so long as the Student Data is used solely for purposes permitted by SOPPA and other applicable law, and so long as the Student Data is restricted from further unauthorized disclosure.
  3. Security Breach Notification. In addition to the information enumerated in Article V, Section 4(1) of the DPA Standard Clauses, any Security Breach notification provided by the Provider to the LEA shall include: a. A list of the students whose Student Data was involved in or is reasonably believed to have been involved in the breach, if known; and b. The name and contact information for an employee of the Provider whom parents may contact to inquire about the breach.
  4. Reimbursement of Expenses Associated with Security Breach. In the event of a Security Breach that is attributable to the Provider, the Provider shall reimburse and indemnify the LEA for any and all costs and expenses that the LEA incurs in investigating and remediating the Security Breach, including but not limited to costs and expenses associated with: a. Providing notification to the parents of those students whose Student Data was compromised and regulatory agencies or other entities as required by law or contract; b. Providing credit monitoring to those students whose Student Data was exposed in a manner during the Security Breach that a reasonable person would believe may impact the student’s credit or financial security; c. Legal fees, audit costs, fines, and any other fees or damages imposed against the LEA as a result of the security breach; and -BTU6QEBUFE *-/%1"7FSTJPO1BHFPG