Student Privacy Pledge
We appreciate the sensitivity of student data issues for schools, parents/guardians, and students. Federal and state laws require confidentiality for any student identifying records or information. This data includes any and all Personally Identifiable Information (PII) and other non-public information that a teacher shares on The Graide Network (“Data”). Data include, but are not limited to, student data, metadata, and user content.
Our three-pronged approach to ensuring compliance with student records privacy is as follows:
First, Graiders are required to sign a confidentiality agreement that they may not re-disclose information shared with them with any third party or use the information shared for any purpose other than the agreed-upon work with the teacher who provided the information. Graiders do NOT work directly with students. As aspiring teachers, Graiders are receiving similar education on the importance of student privacy from their teacher preparation program, including even more rigorous requirements for student teaching placements. They take their legal responsibilities seriously as compliance directly relates to their professional goals.
Second, we require teachers to obtain the proper approvals from an authorized school administrator before working with a Graider. Teachers must adhere to one of the following prior to uploading any student work to the Site:
- Have an authorized administrator from your school enter into an agreement directly with The Graide Network (the best option—more on that later); or
- Obtain permission from a school administrator with authority to enter into contracts on behalf of the school district; or
- Obtain parent permission to share the student identifying information; or
- Redact all student identifying information (e.g., assign each student a number and have them write it on their assignment instead of their name)
For the third option, the written consent must contain all of the following:
- Signature of the parent/guardian or eligible student;
- The date of the written consent;
- Specification of the records to be disclosed;
- A statement of the purpose of the disclosure; and
- Identification of the party or class of parties to whom the disclosure may be made.
The consent may be obtained electronically, but only if it is obtained in a way that: (1) identifies and authenticates the particular person as the source of the consent; and (2) indicates such person’s approval of the information contained in the consent. Further, if information is shared by a Teacher through a “shared drive,” access may only be given to information for which there is adequate consent.
Third, we as a company collect as little data as possible about students and will not use that data to advertise or market to students or their parents. Student-identifying records or information on Site may be shared with administrators and other school employees pursuant to the school district’s policies and procedures. The Graide Network will not use any Data to advertise or market to students or their parents. Advertising or marketing may be directed to schools or districts only if student information is properly de-identified.
How We Use Data
Student-identifying records or information on the Site may be shared with The Graide Network employees for quality control measures. We will use Data only for the purpose of fulfilling our duties and providing services under our agreements with schools and for improving services. The Graide Network may use de-identified Data for product development, research, or other purposes.
De-identified Data will have all direct and indirect personal identifiers removed. This includes, but is not limited to, name, ID numbers, location information, and school ID. Furthermore, The Graide Network agrees not to attempt to re-identify de-identified Data and not to transfer de-identified Data to any party unless that party agrees not to attempt re-identification.
School partners understand that we will rely on one or more subcontractors to perform our services. We agree to share the names of these subcontractors with school partners upon request. All subcontractors and successor entities of The Graide Network will be subject to the terms of this Privacy Pledge.
We store and process Data in accordance with industry best practices. This includes appropriate administrative, physical, and technical safeguards to secure Data from unauthorized access, disclosure, and use. We will conduct periodic risk assessments and remediate any identified security vulnerabilities in a timely manner.
The Graide Network will also have a written incident response plan, to include prompt notification of school partners in the event of a security or privacy incident, as well as best practices for responding to a breach of PII.
Last updated: February 2017