A technology provider shall comply with Chapter 1347. of the Revised Code with regard to the collection, use, and protection of data as if it were a school district.
(A)Education records created, received, maintained, or disseminated by a technology provider pursuant or incidental to a contract with a school district are solely the property of the school district.
(B)If education records maintained by the technology provider are subject to a breach of the security of the data, as described in section1347.12of the Revised Code, the technology provider shall, following discovery of the breach, disclose to the school district all information necessary to fulfill the requirements of that section.
(C)Unless renewal of the contract is reasonably anticipated, within ninety days of the expir
Free access — add to your briefcase to read the full text and ask questions with AI
A technology provider shall comply with Chapter 1347. of the Revised Code with regard to the collection, use, and protection of data as if it were a school district.
(A) Education records created, received, maintained, or disseminated by a technology provider pursuant or incidental to a contract with a school district are solely the property of the school district.
(B) If education records maintained by the technology provider are subject to a breach of the security of the data, as described in section1347.12of the Revised Code, the technology provider shall, following discovery of the breach, disclose to the school district all information necessary to fulfill the requirements of that section.
(C) Unless renewal of the contract is reasonably anticipated, within ninety days of the expiration of the contract, a technology provider shall destroy or return to the appropriate school district all education records created, received, or maintained pursuant or incidental to the contract.
(D) A technology provider shall not sell, share, or disseminate education records, except as provided by this section or as part of a valid delegation or assignment of its contract with a school district.
(E) A technology provider shall not use education records for any commercial purpose, including, but not limited to, marketing or advertising to a student or parent. A commercial purpose does not include providing the specific services contracted for by a school district. Nothing in this division prohibits the technology provider from using aggregate information removed of any personally identifiable information for improving, maintaining, developing, supporting, or diagnosing the provider's site, service, or operation.
(F) A contract between a technology provider and a school district shall ensure appropriate security safeguards for education records and include both of the following:
(1) A restriction on unauthorized access by the technology provider's employees or contractors;
(2) A requirement that the technology provider's employees or contractors may be authorized to access education records only as necessary to fulfill the official duties of the employee or contractor.
(G) Not later than the first day of August of each school year, each school district shall provide parents and students direct and timely notice, by mail, electronic mail, or other direct form of communication, of any curriculum, testing, or assessment technology provider contract affecting a student's education records. The notice shall do all of the following:
(1) Identify each curriculum, testing, or assessment technology provider with access to education records;
(2) Identify the education records affected by the curriculum, testing, or assessment technology provider contract;
(3) Include information about the contract inspection and provide contact information for a school department to which a parent or student may direct questions or concerns regarding any program or activity that allows a curriculum, testing, or assessment technology provider access to a student's education records.
Each school district shall provide parents and students an opportunity to inspect a complete copy of any contract with a technology provider.
Last updated January 9, 2025 at 3:10 PM