This policy is designed to outline certain retention and deletion requirements for Data, including, PII, in alignment with laws and regulations for student users in grades K-12. Retention of certain Data, including, PII, may be required by law or permitted for designated purposes.
This policy is written for all Data Owners, privacy officer(s) and any others who manage the use of Data, including, PII, within Campus Suite.
See the Definitions section of the policies for certain definitional terms used in this policy.
Campus Suite only collects minimal Data, including, PII, from students who opt to use the Campus Suite communications platform, i.e. opt to be notified by the school via voice or email regarding school notifications.
Campus Suite typically queries a student users’ data, including, PII, directly from the school’s SIS system, or via a third-party like Clever, GG4L and ClassLink. These providers have already been granted access to selected data made available to them by the school. In these cases, the school can decide to revoke access to the selected data at their discretion. The data used by Campus Suite is only used for as long as the students account is active, and it is necessary to provide the Campus Suite services to the student user and thereafter, unless, otherwise specified herein.
Some Data, including, PII, may be kept after an account is inactive, including, for an Educational Entity’s legal compliance reasons (e.g., maintenance of “education records” under FERPA or “student user records” under various state student privacy laws.)
Campus Suite has established a Data Table K-12 to document all Data, including, PII, processed, considering any reasons why Data, including, PII, must be retained. For each data type, the Data Table K-12 also documents the following:
When the Data, including, PII, meets the end of the retention period or a request is made to delete the Data, including, PII, it may be erased or sufficiently anonymized. Anonymization may include practices such as the following:
Backups will be executed in accordance with the backup schedule of _____________ which is deployed by Campus Suite in support of the Site and the Campus Suite App.
Campus Suite ensures that Data, including, PII stored is accurate and kept up-to-date through the means of auditing, review processes, and the implementation of security controls (e.g. integrity monitoring).
Data, including, PII, may be stored if it will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes.
In the event of prolonged storage, Campus Suite must document the purpose as Campus Suite must implement and maintain technical and organizational measures to protect said Data, including, PII. Technical measures may include anonymization, encryption, and other controls.
As part of the contract between Campus Suite and an Educational Entity, the Educational Entity acknowledges that upon termination of that relationship, for any reason, Campus Suite will schedule complete disposition of the data with AWS (our upstream provider), and will only continue to maintain the Data, including, PII when required to do so upon order of an authority.
Upon termination of the contract between Campus Suite and an Educational Entity, Campus Suite will terminate any access to the Data, including, PII, by the Educational Entity, including, access by administrators, faculty and its personnel.
Upon termination of a contract between Campus Suite and an Educational Entity, student users will only be allowed access to add new Data, including, PII, if the student user becomes associated with another Educational Entity that Campus Suite has a contract with, or is registered with Campus Suite as an Individual User in accordance with the requirements of Campus Suite and the Terms.
Any exceptions to the Data Retention and Deletion Policy K-12 are highly discouraged, but in the event, there is a legitimate business need, it must be approved by Chief Executive Officer and the exception will be documented. All exceptions will be reviewed quarterly and will be prohibited after no longer necessary.
Family Educational Rights and Privacy Act and its implementing regulations, 20 U.S.C. 1232g and 34 C.F.R. Part 99, respectively (FERPA)
Children’s Online Privacy Protection Act (COPPA)
NYS Education Law section 2-d, 101, 207 and 305 – Part 121
Violations of this policy will be treated in accordance with Campus Suite’s policies. Campus Suite may face significant fines if non-compliant with regulations. Individuals subject to this policy will be subject to sanctions for non-compliance that may include, but are not limited to, one or more of the following: