Loading...
HomeMy WebLinkAboutSANTA ANA UNIFIED SCHOOL DISTRICT (30) Ii9JIJ"V\;5i'i4.C%2, [1 QUIREU .. WORK MAY PI;CCEEO N-2a2s-ax3 CITY CLERK DATE: FEB 0 4 2026 DATA SHARING AGREEMENT(DSA) oylc+� D �r►o fDL1 This Data Sharing Agreement ("DSA") is entered into on thisW-r)day of3GylL'OF026 by and between Santa Ana Unified School District, (hereinafter referred to as "SAUSD" or"District"), and the City of Santa Ana, a charter city and municipal corporation "City"),on behalf of the Santa Ana Public Library (hereinafter referred to as "City" or "SAPL"). RECITALS WHEREAS, in order to provide the Student Success Library Card Program described in the MOU,the City may receive and the SAUSD may provide documents or data that are covered by several federal statues, among them, the Family Educational Rights and Privacy Act ("FERPA") at 20 U.S.C.1232g(34 CFR Part 99),Children's Online Privacy Protection Act ("COPPA"), 15 U.S.0 6501-6506; Protection of Pupil Rights Amendment("PPRA) 20 U.S.C. 123h; and WHEREAS,the documents and data transferred from SAUSD and created by the SAPL's Student Success Library Card Program are also subject to California state student privacy laws, including AB 1584,found at California Education Code Section 49073.1 and the Student Online Personal Information Protection Act ("SOPIPA") found at California Business and Professions Code section 22584; and WHEREAS, for the purposes of this DSA, SAPL is a public library with legitimate educational interests in accessing students' records pursuant to the MOU conforms to the requirements of the privacy laws referred to above and to establish implementing procedures and duties. NOW THEREFORE, for good and valuable consideration,the parties agree as follows: ARTICLE I: PURPOSE AND SCOPE 1. Purpose of DSA:The purpose of this DSA is to describe the duties and responsibilities to protect student data transmitted to City from SAUSD pursuant to the MOU, including compliance with all applicable statues, including the FERPA, PPRA, COPPA, SOPIPA,AB 1584, and other applicable California State laws, all as may be amended from time to time. In performing these services, the SAPL shall be considered a School Official with a legitimate educational interest. 2. Nature of Services Provided: The SAPL has agreed to provide the Student Success Library Card Program described in the MOU and as may be further outlined in Exhibit A. 3. Student Data to Be Provided: SAUSD will provide student data to SAPL's integrated library system via a secure electronic delivery method. Such shared student data shall consist of participating student's name, student ID number, home address, grade, Page Z of 9 school, and the student's parent's/guardian's name, phone number and/or email address. ARTICLE II: DATA OWNERSHIP AND AUTHORIZED ACCESS 1. Student Data Property of SAUSD: All student data transmitted to the SAPL pursuant to the MOU is and will continue to be the property of and under the control of the SAUSD. The parties agree that as between them, all rights, including all intellectual property rights in and to student data contemplated per the MOU shall remain the exclusive property of the SAUSD. For the purpose of FERPA,the SAPL shall be considered a School Official, under the control and direction of the SAUSD as it pertains to the use of Student Data notwithstanding the above. 2. Third Party Access to Student Data: SAUSD allows the SAPL's integrated library system called The Library Corporation(TLC)to access student data in order to establish a library card account for students. Such student data shall consist of participating student's name, student ID number, home address,grade, school, and the student's parent's/guardian's name, phone number and/or email address. Except for TLC, should a third party, including law enforcement and government entities, contact SAPL with a request for data held by the SAPL pursuant to the MOU,the SAPL shall redirect the third party to request the data directly from the SAUSD. SAPL shall notify the SAUSD in advance of a compelled disclosure to a third party. 3. Sub-processors: SAPL shall enter into written agreements with all sub-processors performing functions pursuant to the MOU,whereby the sub-processors agree to protect student data in manner consistent with the terms of this DSA. ARTICLE III: DUTIES OF SAUSD 1, Privacy Compliance: SAUSD shall provide data for the purposes of the MOU in compliance with FERPA, COPPA, PPRA, SOPIPA, AB 1584 and all other California privacy statutes. ARTICLE IV: DUTIES OF SAPL 1. Privacy Compliance:The SAPL shall comply with all applicable state and federal laws and regulations pertaining to data privacy and security, including FERPA,COPPA, PPRA, SOPIPA,AB 1584 and all other California privacy statutes. 2. Authorized Use:The data shared pursuant to the MOU shall be used for no other purpose than the Student Success Library Card Program. Page 2of9 3. Employee Obligation: SAPL shall require all employees who have access to student data to comply with all applicable provisions of this DSA with respect to the data shared under the MOU. 4. Disposition of Data: Upon written request,SAPL shall dispose or delete all student data obtained under the MOU when it is no longer needed for the purpose for which it was obtained. S. Advertising Prohibition: SAPL is prohibited from using or selling student data to market or advertise to students or families/guardians. ARTICLE V: DATA PROVISIONS 1. Data Security:The SAPL agrees to abide by and maintain adequate data security measures,,consistent with industry standards and technology use practices,to protect student data from unauthorized disclosure or acquisition by an unauthorized person. These measures shall include, but not limited to: a. Passwords and Employee Access: SAPL shall secure usernames, passwords, and any other means of gaining access to student data, SAPL shall only provide access to student data to employees or integrated library system provider such as TLC that is performing the services. b. Destruction of Data: SAPL shall destroy or delete all student data obtained under the MOU when it is no longer needed for the purpose for which it was obtained. c. Security Protocols: Both parties agree to maintain security protocols that meet industry standards in the transfer of transmission of any data, including ensuring that data may only be viewed or access by parties legally allowed to do so. 2. Data Breach: In the event that student data is accessed or obtained by an unauthorized individual,SAPL shall provide notification to SAUSD within a reasonable amount of time of the incident, and not exceeding forty-eight (48) hours after the SAPL is aware of the breach. Provider shall follow the following process: a. The security breach notification shall be written in plain language,shall be titled "Notice of Data Breach", and shall present the information described herein under the fallowing headings: "What Happened", "What Information Was Involved", "What We Are Doing", "What You Can Do", and "For More Information". Additional information may be provided as a supplement to the notice. Page 3 of 9 b. The security breach notification-described above in section 2(a) shall include,at a minimum,the following information, if it is available or can be readily provided: I. The name and contact information of the reporting SAPL subject to this section. ii. A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. III. If the information is possible to determine at the time the notice is provided, then either(1)the date of the breach, (2)the estimated date of the breach, or(3)the data range within which the breach occurred. The notification shall also include the date of the notice. iv. Whether the notification was delayed as a result of a law enforcement Investigation, if that Information is possible to determine at the time the notice is provided. v. A general description of the breach incident, if that information is possible to determine at the time the notice is provided. c. At SAUSD's discretion, the security breach notification may also include any of the following: I. Information about what the SAPL has reasonably done to protect individuals whose information has been breached. ii. If feasible, provide basic advice on steps that the person whose information has been breached may take to protect himself or herself. d. SAPI_agrees to adhere to all requirements in applicable State and in federal law with respect to a data breach related to the student data, including,when appropriate or required,the required responsibilities and procedures for notification and mitigation of any such data breach. e. SAPL further acknowledges and agrees to have a written response plan that reflects best practices and is consistent with industry standards and federal and state law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of student data or any portion thereof, including personally identifiable information and agrees to provide SAUSD, upon request, with a copy of said written incident response plan. Page 4 of 9 f. SAPL is prohibited from directly contacting parent, legal guardian or eligible pupil unless expressly requested by SAUSD. If SAUSD requests SAPL's assistance providing notice of unauthorized access, and such assistance is not unduly burdensome to SAPL,SAPL shall notify the affected parent, legal guardian or eligible pupil of the unauthorized access,which shall include the information listed in subsections(b)and (c),above. ARTICLE VI: MISCELLANEOUS 1. Term:The SAPL shall be bound by this DSA for the duration of the MOU or long as the SAPL maintains any student data. 2. Termination: In the event that either party seeks to terminate this DSA,they may do so by mutual written consent so long as the MOU has lapsed or has been terminated. SAUSD shall have the right to terminate the DSA and MOU in the event of a materials breach of the terms of this DSA. 3. Effect of Termination Survival: If the MOU is terminated,the SAPL shall destroy all of SAUSD' data pursuant to Article V, section 1 (b), above. 4. Priority of Agreements: This DSA shall govern the treatment of student data in order to comply with privacy protections, including those found in FERPA and all applicable privacy statutes identified in this DSA. In the event there is conflict between the DSA and the MOU,the DSA shall apply and take precedence. Except as described in this paragraph herein, all other provisions of the MOU shall remain in effect. 5. Notice:All notices or other communication required or permitted to be given hereunder must be in writing and given by personal delivery, or e-mail transmission (if contact information is provided for the specific mode of delivery), or first-class mail, postage prepaid, sent to the designated representatives before: a. Designated Representatives: The designated representative for the SAUSD for this Agreement is: Name: Michael Esparza Title: Director of Purchasing Page 5 of 9 Contact Information: Name:Tamara Davis, SAUSD District Librarian Phone: 714-480-4784 Email: tamara.davis@sausd.us The designated representative for the SAPL for this Agreement is: Name; Alvaro Nunez Title: City Manager Contact Information: Name: Brian Sternberg Phone; 714-647-5296 Email: bsternberg@santa-ana.org {Signature Page Follows? Page 6 of 9 IN WITNESS WHEREOF,the parties have executed this Data Sharing Agreement as of the last day noted below. ATTEST: CITY O ANTA AN ?PROVED ER ALVARO NUKErkCity Manager AS TO FORM: SANTA ANA UNIFIED SCHOOL SONIA R. CARVALHO DISTRICT: City Attorney r / Jonathan T. Marti ez Michael Esparza Assistant City Attorney Director of Purchasing RECOMMENDED FOR APPROVAL: Brian Sternberg(0a 21,202517:20:27 PDT) Brian Sternberg Library Services Director Page 7 of 9 EXHIBIT A SCOPE OF WORK FOR STUDENT SUCCESS LIBRARY CARD A.Student Success Library Card Program 1. Student Success Library Card will use the student's SAU SD issued identification number or Student ID as the Student Success Library Card account number. The SAPL will not issue a physical library card since by default students will use their school issued identification number or Student ID to check out library materials or to access electronic resources. 2.The Student Success Library Card will provide access to all electronic resources offered by SAPL, including online databases and downloadable e-books, audiobooks, magazines, and video streaming. 3.The Student Success Library Card will have limited borrowing privileges of physical materials and will be limited to five(5) books, which must be returned before additional books will be allowed to be checked out. Students may also have and use a regular library card in addition to the Student Success library Card. 4,Overdue fines and other fees will not be charged on any materials checked out with the Student Success Library Card. 5.The SAPL will waive existing fines/fees if students already have a card in order to give them a new library card, and a fresh start. B, Library Operating Responsibilities 1. Work jointly with the SAUSD to develop information that describes the Student Success Library Card program to parents or legal guardians. 2. Work jointly with the SAUSD to provide training and information as needed to SAUSD librarians and administrators regarding the Student Success Library Card program and library services. 3. Provide reasonable sufficient time for SAPL staff to visit local SAUSD schools as needed to provide information on the Student Success Library Card program, 4. Provide student data confidentiality and privacy. 5. Import the data provided by SAUSD into the SAPL's integrated library system after verifying those students are not already in the database. Page 8of9 C. SAUSD Operating Responsibilities 1. Include a letter of introduction to the Student Success Library Card program in all registration packets for students, which allows parents or guardians to opt-out of the program by signing a form and returning it to their child's school main office. 2. Work jointly with the SAPL to develop and distribute information content that describes the Student Success Library Card program to parents or legal guardians. 3. Produce and distribute handouts and website information to parents or legal guardians to create awareness of the program. 4. Work jointly with the SAPL to provide training and information to SAUSD librarians and administrators regarding the program. S. Provide SAUSD student data to the SAPL's integrated library system via a secure electronic delivery method.Such shared student data shall consist of participating student's name,student ID number, home address,grade, school, and the student's parent's/guardian's name, phone number and/or email address. Page 9 of 9 SAUSD - MOU+DSA (2025) Draft Final Audit Report 2025-10-22 Created: 2025-10-21 By: Dylan Dario(ddario@santa-ana.org) Status: Signed Transaction ID: CBJCHBCAABAAy3TgOVxEQK3Q5Ddxytl6BLBEUYGWUWy_ "SAUSD - MOU+DSA (2025) Draft" History Document created by Dylan Dario(ddario@santa-ana.org) 2025-10-21 -11:21:57 PM GMT Py Document emalled to Brian Sternberg (bsternberg@santa-ana.org)for signature 2025-10-21 -11:22:02 PM GMT Email viewed by Brian Sternberg (bsternberg@santa-ana.org) 2025-10-22-0:20:11 AM GMT 6,0 Document e-signed by Brian Sternberg (bsternberg@santa-ana.org) Signature Date:2025-10-22-0:20:27 AM GMT-Time Source:server a Agreement completed. 2025-10-22-0:20:27 AM GMT Adobe Acrobat Sign