AB 1584
Safeguarding Pupil Digital Records (AB 1584): Existing law prohibits a school district from permitting access to pupil records to any person without parental consent or without a judicial order, except to specified persons under certain circumstances, including to a contractor or consultant with a legitimate educational interest who has a formal written agreement or contract with the school district regarding the provision of outsourced institutional services or functions by the contractor or consultant.
This bill would authorize a local educational agency, as defined, pursuant to a policy adopted by its governing board or governing body, as appropriate, to enter into a contract with a 3rd party, as defined, to provide services for the digital storage, management, and retrieval of pupil records, as defined, or to provide digital educational software, or both. The bill would require the contract to include specified provisions, including a statement that the pupil records continue to be the property of and under the control of the local educational agency, a description of the actions the 3rd party will take to ensure the security and confidentiality of pupil records, and a description of how the local educational agency and the 3rd party will jointly ensure compliance with the federal Family Educational Rights and Privacy Act. The bill would require that a contract that fails to comply with the requirements of this bill be rendered void if certain conditions are satisfied.
The bill would provide that, if these provisions are in conflict with the terms of a contract in effect before January 1, 2015, the provisions shall not apply to the local educational agency or the 3rd party subject to that agreement until the expiration, amendment, or renewal of the agreement.
Privacy Rights for California Minors in the Digital World (SB 568): Existing law requires an operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service to make its privacy policy available to consumers, as specified.
Existing federal law requires an operator of an Internet Web site or online service directed to a child, as defined, or an operator of an Internet Web site or online service that has actual knowledge that it is collecting personal information from a child to provide notice of what information is being collected and how that information is being used, and to give the parents of the child the opportunity to refuse to permit the operator’s further collection of information from the child.
This bill would, on and after January 1, 2015, prohibit an operator of an Internet Web site, online service, online application, or mobile application, as specified, from marketing or advertising specified types of products or services to a minor. The bill would prohibit an operator from knowingly using, disclosing, compiling, or allowing a 3rd party to use, disclose, or compile, the personal information of a minor for the purpose of marketing or advertising specified types of products or services. The bill would also make this prohibition applicable to an advertising service that is notified by an operator of an Internet Web site, online service, online application, or mobile application that the site, service, or application is directed to a minor.
The bill would, on and after January 1, 2015, require the operator of an Internet Web site, online service, online application, or mobile application to permit a minor, who is a registered user of the operator’s Internet Web site, online service, online application, or mobile application, to remove, or to request and obtain removal of, content or information posted on the operator’s Internet Web site, service, or application by the minor, unless the content or information was posted by a 3rd party, any other provision of state or federal law requires the operator or 3rd party to maintain the content or information, or the operator anonymizes the content or information. The bill would require the operator to provide notice to a minor that the minor may remove the content or information, as specified.
Pupil Records and Social Media (AB 1442): Existing law requires school districts to establish, maintain, and destroy pupil records according to regulations adopted by the State Board of Education.
This bill would, notwithstanding that provision, require a school district, county office of education, or charter school that considers a program to gather or maintain in its records any information obtained from social media, as defined, of any pupil enrolled in the school district, county office of education, or charter school to first notify pupils and their parents or guardians about the proposed program, and to provide an opportunity for public comment at a regularly scheduled public meeting before the adoption of the program. The bill would require a school district, county office of education, or charter school that adopts a program pursuant to these provisions to, among other things, gather and maintain only information that pertains directly to school safety or to pupil safety, provide a pupil with access to any information about the pupil obtained from social media, and destroy the information gathered from social media and maintained in its records, as provided. If a school district, county office of education, or charter school contracts with a 3rd party to gather information from social media on an enrolled pupil, the bill would prohibit the 3rd party from using the information for purposes other than to satisfy the terms of the contract, prohibit the 3rd party from selling or sharing the information with any person or entity, except as provided, and would provide additional restrictions on the destruction of the information by the 3rd party, as specified.
Student Online Personal Information Protection Act (SB 1177): Existing law, on and after January 1, 2015, prohibits an operator of an Internet Web site or online service from knowingly using, disclosing, compiling, or allowing a 3rd party to use, disclose, or compile the personal information of a minor for the purpose of marketing or advertising specified types of products or services. Existing law also makes this prohibition applicable to an advertising service that is notified by an operator of an Internet Web site, online service, online application, or mobile application that the site, service, or application is directed to a minor.
This bill would prohibit an operator of an Internet Web site, online service, online application, or mobile application from knowingly engaging in targeted advertising to students or their parents or legal guardians, using covered information to amass a profile about a K–12 student, selling a student’s information, or disclosing covered information, as provided. The bill would require an operator to implement and maintain reasonable security procedures and practices appropriate to the nature of the covered information, to protect the information from unauthorized access, destruction, use, modification, or disclosure, and to delete a student’s covered information if the school or district requests deletion of data under the control of the school or district. The bill would authorize the disclosure of covered information of a student under specified circumstances. The bill’s provisions would become operative January 1, 2016.