FERPA COMPLIANCE & PRIVACY POLICY
1 Purpose and Scope
This document describes Edulog’s standards of practice relating to disclosures to Edulog of personally identifiable information (“PII”) by educational agencies and institutions (“EAs”).
This document applies to all Edulog employees and technology resources including all externally hosted systems and data repositories.
Edulog, in its role as a vendor to educational agencies and institutions (EAs), receives disclosures from the EAs of personally identifiable information (PII) contained in student records. Only information that is needed for Edulog to perform services outsourced to it by the EA is disclosed to Edulog. These disclosures are authorized under the Family Educational Rights and Privacy Act (FERPA), a federal statute that regulates the privacy of student records by EAs that receive financial assistance from the U.S. Department of Education. Edulog, as a contractor to the EA, receives the disclosures on the same basis as school officials employed by the EA, consistent with FERPA regulations, 34 CFR §99.31(a)(1)(i)(B). Consistent with those regulations, Edulog has a legitimate educational interest in the information to which it is given access because the information is needed to perform the outsourced service, and Edulog is under the direct control of the EA in using and maintaining the disclosed education records, consistent with the terms of its contract.
2 Appropriate Use
Edulog is subject to the same conditions on use and redisclosure of education records that govern all school officials, as provided in 34 CFR §99.33. In particular, Edulog must ensure that only individuals that it employs or that are employed by its contractor, with legitimate educational interests – consistent with the purposes for which Edulog obtained the information -- obtain access to PII from education records it maintains on behalf of the district or institution. Further, in accordance with 34 CFR §99.33(a) and (b), Edulog may not redisclose PII without consent of a parent or an eligible student (meaning a student who is 18 years old or above or is enrolled in postsecondary education) unless the agency or institution has authorized the redisclosure under a FERPA exception and the agency or institution records the subsequent disclosure. An example of such a disclosure is when Edulog is requested by a school district to assist the district in the transfer of the student records from our system to another system.
Edulog shall use education records only for the purposes of fulfilling its duties contracted by the educational institution. Edulog will not sell or otherwise use or redisclose education records for behavioral or targeted advertising or marketing to parents or students. In order to continuously improve the products and services it provides to EAs and educational research, Edulog may use anonymized or de-identified, non-PII data, and any reports or other data generated by the Edulog Products or Edulog Services regarding traffic flow, feature use, system loads, product installation, and/or similar information, as well as seek input from the EAs and their employees regarding use of the Edulog Products and Edulog Services.
3 Data Security and Privacy Measures
Edulog employs extensive technological and operational measures to ensure data security and privacy, including advanced security systems technology, physical access controls, and annual privacy training for employees and partners, and criminal background checks of all employees.
All employees of Edulog are required to sign an Acknowledgement and Agreement of Policies that commits the employees to comply with Edulog's data privacy and security policies and receive required annual security and privacy training, including commitments and training regarding the prohibition on disclosure of student data.
4 Data Management
The collection, input, use, retention, disposal, and disclosure of education records in our software applications are controlled solely by the EAs which license our products. Except by law or as contracted by the EA, Edulog cannot delete, change, or disclose any records from our software applications controlled by the EA.
In the event of termination of a license to use our products, Edulog works with the EA, in accordance with the terms of the EA’s contract, to destroy all education records contained in our systems. Edulog shall not knowingly retain copies of any education records received from the EA once EA has directed Edulog that the information shall be destroyed. Furthermore, Edulog shall ensure that it disposes of any and all education records received from EA in a commercially reasonable manner that maintains the confidentiality of the contents of such records. At the request of the EA, Edulog will provide a written certification of destruction.
In the event any third party (including the eligible student or parent/guardian of the eligible student) seeks to access education records, Edulog will immediately inform the EA of such request in writing, if allowed to by law. Edulog shall not provide access to such education records or respond to such requests unless compelled to do so by court order or lawfully issued subpoena from any court of competent jurisdiction or directed to do so by the EA. Should Edulog receive a court order or lawfully issued subpoena seeking the release of such data or information, Edulog shall provide immediate notification, along with a copy thereof, to the EA prior to releasing the requested data or information, unless such notification is prohibited by law or judicial and/or administrative order or subpoena.
If the EA is unable to fulfil a request of an eligible student or parent/guardian to review the student’s education records, Edulog can assist at the direction and expense of the EA. In such an event where a parent, legal guardian, or eligible student seeks to make changes to the data within our products, parents, legal guardians, or eligible students shall follow the procedures established by the EA in accordance with FERPA. Generally, these procedures establish the right to request an amendment of the student’s education records that the parent or eligible student believes is inaccurate, misleading, or otherwise in violation of the student’s privacy rights under FERPA. Parents or eligible students who wish to ask the EA to amend their child’s or their education record should write an EA official (often a Principal or Superintendent), clearly identify the part of the record they want changed, and specify why it should be changed. If the EA decides not to amend the record as requested by the parent or eligible student, the EA will notify the parent or eligible student of the decision and of their right to a hearing regarding the request for amendment. Additional information regarding the hearing procedures would be provided to the parent or eligible student when notified of the right to a hearing.
To the extent parents, guardians or students have questions regarding the content of, or privacy associated with, any applications used by the educational institution, please contact that agency or institution.
5 Policy Maintenance and Management
Edulog may, from time to time, update this policy to be in compliance with evolving state and federal laws and regulations. We will not materially change our policies and practices to make them less protective of your privacy without the written consent of the EA and the EA may rely upon any and enforce any current or prior version of this policy unless otherwise agreed to in writing.
6 References
Family Education Rights & Privacy Act, 20 USC 1232g – Family Educational & Privacy Rights
34 CFR Part 99 – Family Educational & Privacy Rights
Last Updated: 9/19/2023