A whole bunch!

It's hard to explain briefly, so we won't. The tl;dr (too long; didn't read) version is a little bit further down. But for those who just want to know 'what does this mean for me,' here is an attempt at brevity:

The core issue:

Federal and State laws require RFSD to engage in specific practices when it allows 3rd parties to access protected student data. RFSD policy (JRCB) mandates various internal oversight requirements to all student data sharing processes and agreements. RFSD also has an interest to protect certain non-student data such as personnel and finance records.

Various systems such as Google, Infinite Campus, Clever, and Schoology, among others, store both protected student data and organizational data not intended for public release. These systems integrate with other 3rd party tools (such as online websites or apps) to share data. The sharing of protected student data with 3rd parties require a contract with the 3rd party or parental consent (legal and policy requirement). The sharing of organizational data not intended for public release requires a contract/MOU with the 3rd party (internal process/best practice but not a legal/policy requirement).

It is assumed protected data resides in staff Gmail, Drive, and other Google services. Using 'sign-in with Google' can provide 3rd parties access to staff's Google data. Therefore, the ability to use 'sign-in with Google' has been made more restrictive. If 'sign-in with Google' is NOT USED, there is no issue with the 3rd party accessing protected data in staff Google accounts.

Teachers:

1. In Fall of 2023, RFSD instituted a new process to request use of online apps/websites to ensure legal compliance. Teachers can no longer engage with 3rd party apps and share protected data. Teachers and staff need to speak with their leadership team to ensure their is an acceptable need for the app and get their approval to use the app. Once that is done, create an IIQ ticket under the issue: All Other Tech/Software Request/Request New Software. The ticket will include a Recommended Solution with a link to the "New Software/App Request form," which is also in the Important Documents block on this page. Once the form is submitted, Tech/Instructional Team staff will work through the request with you.
2. Since parental consent is driving the majority of data being shared by schools, the list of approved apps can not be in a constant state of flux. Updates to the list need to be scheduled. New apps will only be onboarded at the start of the year and the middle of the year. New apps to be deployed in the Fall should be identified in the previous Spring for the vetting and approval process. Mid-year apps should be requested in the Fall.

Leaders:

1. If teachers want to use new online apps/websites, and there is no district contract with the vendor, you will need to secure parental consent if the app/websites collects student personally identifiable information (per FERPA, COPPA) or you (as a building leader) may offer consent on behalf of the parent. Teachers should discuss their request with you then submit the 'new app request' form if you do not have concerns. Tech/Instructional Team will work through the the request with you, to include addressing any parental consent needs.