TL/DR (short version):

Teachers/staff need leadership approval to use an app that accesses protected data. If an online app/tool only uses sign-in with Google' (no Drive, Gmail or other access), leaders can approve it's use. If an online app/tool can access protected data (class rosters, student records, Drive, Gmail, or other sensitive operational data), a district agreement OR parental consent is required.

The issue (long version):

Federal and State laws require RFSD to engage in specific practices when it allows 3rd parties to access protected student data. RFSD policy (JRCB) mandates various internal oversight requirements to all student data sharing processes and agreements. RFSD also has an interest to protect certain non-student data such as personnel and finance records.

Various systems such as Google, Infinite Campus, Clever, and Schoology, among others, store both protected student data and organizational data not intended for public release. These systems integrate with other 3rd party tools (such as online websites or apps) to share data. The sharing of protected student data with 3rd parties require a district contract with the 3rd party or parental consent (legal and policy requirement). The sharing of organizational data not intended for public release requires a contract/MOU with the 3rd party (internal process/best practice but not a legal/policy requirement).

It is assumed protected data resides in staff Gmail, Drive, and other Google services. Using 'sign-in with Google' can provide 3rd parties access to staff's Google data.

Teachers:

1. If you want to use an online app that uses 'sign-in with Google', class rosters, or houses academic work, you should first speak with your leadership team to ensure there is an acceptable need for the app and get their approval to use the app. Once that is done, create an IIQ ticket under the issue: All Other Tech/Software Request/Request New Software. The ticket will include a Recommended Solution with a link to the "New Software/App Request form," which is also in the Important Documents block on this page. Once the form is submitted, Tech/ACES staff will work through the request with you.
2. If there is no district contract and protected data is to be shared with a 3rd party, the school will need signed parental consent. It is suggested that new apps only be onboarded at the specific times of the year (such as start and middle) to prevent schools from repeatedly requesting consent for new apps.

Leaders:

1. If teachers want to use new online apps/websites and there is no district contract with the vendor, you will need to secure parental consent if the app/website accesses student personally identifiable information (such as rosters or academic records). If the app only uses 'sign-in with Google', you can approve its use without parental consent. Teachers should discuss their request with you then submit the 'new app request' form if you do not have concerns. Tech/Instructional Team will work through the the request with you, to include addressing any parental consent needs. You should have a mechanism in place to create, distribute, and manage parental consent documents.