California Student Privacy Certification
Helping educators and parents find trusted products.
About the California Student Privacy Certification
The CSPC builds on iKeepSafe’s FERPA Assessment and COPPA Safe Harbor, which help educators and parents find products that meet the expectations of federal privacy laws. This certification is recommended for operators and providers of websites and online services that are, whole or in part, intended for use in and by schools. Earning the iKeepSafe CSPC asserts that your technology company is a leader in student privacy.
The certification assesses for federal and California laws governing student data privacy, including:
- Family Educational Rights and Privacy Act (“FERPA”)
- Protection of Pupil Rights Amendment (“PPRA”)
- California Education Code 49073.6 – Collection of Student Information from Social Media
- California AB 1584, Education Code section 49073.1 – Privacy of Pupil Records: 3rd-Party Digital
- Storage & Education Software
- Student Online Personal Information Protection Act (“SOPIPA”)
Benefits of of Earning the iKeepSafe CSPC
Instill confidence with parents, students and schools.
An assessment from a trusted and experienced independent third party like iKeepSafe will assure schools and parents that your educational technology is one that can be trusted with handling student data.
Clearly communicate compliance with stringent student data privacy laws.
Earning and displaying the iKeepSafe certification indicates you value the privacy of your customers.
Move the complicated privacy compliance guess work out of your hands and into a professional’s.
Having iKeepSafe’s experts assess and guide you through the various elements of multiple student privacy regulations will eliminate compliance uncertainty and provide the right direction for your unique needs.
Assessment Guidelines
-
Transparency
Each product must include a clearly written, accurate and easily accessible privacy policy explaining what data is collected from or about students, how the data is used and stored, and to whom it may be disclosed and why.
-
Control
Participating companies agree to act as school officials, but schools will remain in control of personally identifiable information from education records during and after any arrangement with a participating company. Participating companies may not provide third parties with students’ personal data for advertising, marketing, or other purposes unrelated to the functioning of the product in the manner for which it is being used by the school.
Participating companies must also have a process in place to respond to requests to provide parents or eligible students with a means to review data or categories of data that have been collected and to request that the data be amended or corrected.
-
Choice
Participating company products should be designed to operate with minimally required collection of student data. Participating companies must clearly identify to schools what data collection is required for basic operation of the technology and what is optional.
-
Security
Participating companies must take reasonable measures to maintain the confidentiality, security and integrity of data.
-
Education
Participating companies must maintain a baseline level of knowledge of data privacy and security requirements and best practices through annual employee training.
