Last Updated: July 15, 2022
Our privacy and data protection policies follow the guidelines and best practices for online applications.
As a provider of educational services, our privacy and data protection policies also follow the guidelines and best practices laid out by the U.S. Family Educational Rights and Privacy Act (“FERPA”) and Children’s Online Privacy Protection Act (“COPPA”). Specifically, we check with the Privacy Technical Assistance Center (PTAC), established by the U.S. Department of Education, for updated guidelines and best practices.
All Student Data transmitted to Cossey Web Solutions will continue to be the property of and under the control of the educational institution. For the purposes of FERPA, Cossey Web Solutions shall be considered a School Official, under the control and direction of the educational institution as it pertains to the use of Student Data.
To the extent required by law the educational institution shall establish reasonable procedures by which a parent, legal guardian, or eligible student may review Student Data and request corrections for erroneous information. Cossey Web Solutions shall respond in a reasonably timely manner and no later than 30 days after the date of the request. In the event that a parent of a student or other individual contacts Cossey Web Solutions to review any of the Student Data accessed pursuant to the services provided, Cossey Web Solutions shall refer the parent or individual to the educational institution, who will follow the necessary and proper procedures regarding the requested information. Cossey Web Solutions agrees to assist the educational institution in a reasonable manner to facilitate the Student Data request.
Law Enforcement Access.
Should law enforcement or other government agencies contact Cossey Web Solutions with a request for Student Data, Cossey Web Solutions shall notify the educational institution in advance of a disclosure to the law enforcement or other government agencies, unless lawfully directed by the requesting agency not to inform the educational institution of the request.
Responsibilites of Cossey Web Solutions
Cossey Web Solutions shall comply with all applicable federal, state, and local laws, rules, and regulations pertaining to Student Data privacy and security.
All Student Data transmitted to Cossey Web Solutions by an educational institution shall be used for no purpose other than those required to provide the services defined in the binding contract between Cossey Web Solutions and the educational institution.
Employees and Contractors.
Cossey Web Solutions agrees to use administrative, technical, and physical security measures to protect Student Data from unauthorized access, acquisition, use, modification, and destruction. Cossey Web Solutions shall follow all applicable laws relating to student data security, including those found in FERPA and COPPA.
Personally Identifiable Information (PII).
Cossey Web Solutions agrees not to disclose any personally identifiable information unless permitted by the educational institution or in response to a lawfully issued subpoena.
Cossey Web Solutions agrees not to re-dentify Student Data that was requested to be de-identified by the educational institution. De-identified Student Data may be used by Cossey Web Solutions only as allowed by the conditions and guideliens of FERPA. De-identified Student Data is allowed to remain in the systems of Cossey Web Solutions after requests by the educational institution to destroy Student Data.
Cossey Web Solutions shall notify the educational institution of any known unauthorized access as quickly as possible, and no longer then 24 hours after the discovery. Cossey Web Solutions agrees to assist, as appropriate, in the investigation and response to correct this unauthorized access and prevent similar unauthorized access in the future. Cossey Web Solutions also agrees to provide the educational institution with details of the breach, including but not limited to a general description of the breach and its causes, the names of all affected institutions, descriptions of data known to be breached, and an estimated date of the breach.
Responsibilites of Educational Institution
Annual Notification of Rights.
The educational institution shall notify Cossey Web Solutions each year what is considered a school official and what is considered a legitimate education interest, as these two pertain to FERPA.
The educational institution shall take reasonable precautions to secure all activities associated with Student Data, including but not limited to, usernames, passwords, account access and permissions, and unauthorized device access.
The educational institution shall notify Cossey Web Solutions of any known unauthorized access as quickly as possible, and no longer then 24 hours after the discovery. The educational institution agrees to assist, as appropriate, in the investigation and response to correct this unauthorized access and prevent similar unauthorized access in the future. The educational institution also agrees to provide Cossey Web Solutions with details of the breach, including but not limited to a general description of the breach and its causes, the names of all affected accounts, descriptions of data known to be breached, and an estimated date of the breach.