HomeMy WebLinkAboutSANTA ANA UNIFIED SCHOOL DISTRICT (30) Ii9JIJ"V\;5i'i4.C%2, [1 QUIREU ..
WORK MAY PI;CCEEO N-2a2s-ax3
CITY CLERK
DATE: FEB 0 4 2026
DATA SHARING AGREEMENT(DSA)
oylc+� D �r►o fDL1 This Data Sharing Agreement ("DSA") is entered into on thisW-r)day of3GylL'OF026 by and
between Santa Ana Unified School District, (hereinafter referred to as "SAUSD" or"District"),
and the City of Santa Ana, a charter city and municipal corporation "City"),on behalf of the
Santa Ana Public Library (hereinafter referred to as "City" or "SAPL").
RECITALS
WHEREAS, in order to provide the Student Success Library Card Program described in
the MOU,the City may receive and the SAUSD may provide documents or data that are covered
by several federal statues, among them, the Family Educational Rights and Privacy Act
("FERPA") at 20 U.S.C.1232g(34 CFR Part 99),Children's Online Privacy Protection Act
("COPPA"), 15 U.S.0 6501-6506; Protection of Pupil Rights Amendment("PPRA) 20 U.S.C. 123h;
and
WHEREAS,the documents and data transferred from SAUSD and created by the SAPL's
Student Success Library Card Program are also subject to California state student privacy laws,
including AB 1584,found at California Education Code Section 49073.1 and the Student Online
Personal Information Protection Act ("SOPIPA") found at California Business and Professions
Code section 22584; and
WHEREAS, for the purposes of this DSA, SAPL is a public library with legitimate
educational interests in accessing students' records pursuant to the MOU conforms to the
requirements of the privacy laws referred to above and to establish implementing procedures
and duties.
NOW THEREFORE, for good and valuable consideration,the parties agree as follows:
ARTICLE I: PURPOSE AND SCOPE
1. Purpose of DSA:The purpose of this DSA is to describe the duties and responsibilities to
protect student data transmitted to City from SAUSD pursuant to the MOU, including
compliance with all applicable statues, including the FERPA, PPRA, COPPA, SOPIPA,AB
1584, and other applicable California State laws, all as may be amended from time to
time. In performing these services, the SAPL shall be considered a School Official with a
legitimate educational interest.
2. Nature of Services Provided: The SAPL has agreed to provide the Student Success
Library Card Program described in the MOU and as may be further outlined in Exhibit A.
3. Student Data to Be Provided: SAUSD will provide student data to SAPL's integrated
library system via a secure electronic delivery method. Such shared student data shall
consist of participating student's name, student ID number, home address, grade,
Page Z of 9
school, and the student's parent's/guardian's name, phone number and/or email
address.
ARTICLE II: DATA OWNERSHIP AND AUTHORIZED ACCESS
1. Student Data Property of SAUSD: All student data transmitted to the SAPL pursuant to
the MOU is and will continue to be the property of and under the control of the SAUSD.
The parties agree that as between them, all rights, including all intellectual property
rights in and to student data contemplated per the MOU shall remain the exclusive
property of the SAUSD. For the purpose of FERPA,the SAPL shall be considered a School
Official, under the control and direction of the SAUSD as it pertains to the use of Student
Data notwithstanding the above.
2. Third Party Access to Student Data: SAUSD allows the SAPL's integrated library system
called The Library Corporation(TLC)to access student data in order to establish a library
card account for students. Such student data shall consist of participating student's
name, student ID number, home address,grade, school, and the student's
parent's/guardian's name, phone number and/or email address. Except for TLC, should a
third party, including law enforcement and government entities, contact SAPL with a
request for data held by the SAPL pursuant to the MOU,the SAPL shall redirect the third
party to request the data directly from the SAUSD. SAPL shall notify the SAUSD in
advance of a compelled disclosure to a third party.
3. Sub-processors: SAPL shall enter into written agreements with all sub-processors
performing functions pursuant to the MOU,whereby the sub-processors agree to
protect student data in manner consistent with the terms of this DSA.
ARTICLE III: DUTIES OF SAUSD
1, Privacy Compliance: SAUSD shall provide data for the purposes of the MOU in
compliance with FERPA, COPPA, PPRA, SOPIPA, AB 1584 and all other California privacy
statutes.
ARTICLE IV: DUTIES OF SAPL
1. Privacy Compliance:The SAPL shall comply with all applicable state and federal laws
and regulations pertaining to data privacy and security, including FERPA,COPPA, PPRA,
SOPIPA,AB 1584 and all other California privacy statutes.
2. Authorized Use:The data shared pursuant to the MOU shall be used for no other
purpose than the Student Success Library Card Program.
Page 2of9
3. Employee Obligation: SAPL shall require all employees who have access to student data
to comply with all applicable provisions of this DSA with respect to the data shared
under the MOU.
4. Disposition of Data: Upon written request,SAPL shall dispose or delete all student data
obtained under the MOU when it is no longer needed for the purpose for which it was
obtained.
S. Advertising Prohibition: SAPL is prohibited from using or selling student data to market
or advertise to students or families/guardians.
ARTICLE V: DATA PROVISIONS
1. Data Security:The SAPL agrees to abide by and maintain adequate data security
measures,,consistent with industry standards and technology use practices,to protect
student data from unauthorized disclosure or acquisition by an unauthorized person.
These measures shall include, but not limited to:
a. Passwords and Employee Access: SAPL shall secure usernames, passwords, and
any other means of gaining access to student data, SAPL shall only provide
access to student data to employees or integrated library system provider such
as TLC that is performing the services.
b. Destruction of Data: SAPL shall destroy or delete all student data obtained under
the MOU when it is no longer needed for the purpose for which it was obtained.
c. Security Protocols: Both parties agree to maintain security protocols that meet
industry standards in the transfer of transmission of any data, including ensuring
that data may only be viewed or access by parties legally allowed to do so.
2. Data Breach: In the event that student data is accessed or obtained by an unauthorized
individual,SAPL shall provide notification to SAUSD within a reasonable amount of time
of the incident, and not exceeding forty-eight (48) hours after the SAPL is aware of the
breach. Provider shall follow the following process:
a. The security breach notification shall be written in plain language,shall be titled
"Notice of Data Breach", and shall present the information described herein
under the fallowing headings: "What Happened", "What Information Was
Involved", "What We Are Doing", "What You Can Do", and "For More
Information". Additional information may be provided as a supplement to the
notice.
Page 3 of 9
b. The security breach notification-described above in section 2(a) shall include,at a
minimum,the following information, if it is available or can be readily provided:
I. The name and contact information of the reporting SAPL subject to this
section.
ii. A list of the types of personal information that were or are reasonably
believed to have been the subject of a breach.
III. If the information is possible to determine at the time the notice is
provided, then either(1)the date of the breach, (2)the estimated date of
the breach, or(3)the data range within which the breach occurred. The
notification shall also include the date of the notice.
iv. Whether the notification was delayed as a result of a law enforcement
Investigation, if that Information is possible to determine at the time the
notice is provided.
v. A general description of the breach incident, if that information is
possible to determine at the time the notice is provided.
c. At SAUSD's discretion, the security breach notification may also include any of
the following:
I. Information about what the SAPL has reasonably done to protect
individuals whose information has been breached.
ii. If feasible, provide basic advice on steps that the person whose
information has been breached may take to protect himself or herself.
d. SAPI_agrees to adhere to all requirements in applicable State and in federal law
with respect to a data breach related to the student data, including,when
appropriate or required,the required responsibilities and procedures for
notification and mitigation of any such data breach.
e. SAPL further acknowledges and agrees to have a written response plan that
reflects best practices and is consistent with industry standards and federal and
state law for responding to a data breach, breach of security, privacy incident or
unauthorized acquisition or use of student data or any portion thereof, including
personally identifiable information and agrees to provide SAUSD, upon request,
with a copy of said written incident response plan.
Page 4 of 9
f. SAPL is prohibited from directly contacting parent, legal guardian or eligible pupil
unless expressly requested by SAUSD. If SAUSD requests SAPL's assistance
providing notice of unauthorized access, and such assistance is not unduly
burdensome to SAPL,SAPL shall notify the affected parent, legal guardian or
eligible pupil of the unauthorized access,which shall include the information
listed in subsections(b)and (c),above.
ARTICLE VI: MISCELLANEOUS
1. Term:The SAPL shall be bound by this DSA for the duration of the MOU or long as the
SAPL maintains any student data.
2. Termination: In the event that either party seeks to terminate this DSA,they may do so
by mutual written consent so long as the MOU has lapsed or has been terminated.
SAUSD shall have the right to terminate the DSA and MOU in the event of a materials
breach of the terms of this DSA.
3. Effect of Termination Survival: If the MOU is terminated,the SAPL shall destroy all of
SAUSD' data pursuant to Article V, section 1 (b), above.
4. Priority of Agreements: This DSA shall govern the treatment of student data in order to
comply with privacy protections, including those found in FERPA and all applicable
privacy statutes identified in this DSA. In the event there is conflict between the DSA
and the MOU,the DSA shall apply and take precedence. Except as described in this
paragraph herein, all other provisions of the MOU shall remain in effect.
5. Notice:All notices or other communication required or permitted to be given hereunder
must be in writing and given by personal delivery, or e-mail transmission (if contact
information is provided for the specific mode of delivery), or first-class mail, postage
prepaid, sent to the designated representatives before:
a. Designated Representatives:
The designated representative for the SAUSD for this Agreement is:
Name: Michael Esparza
Title: Director of Purchasing
Page 5 of 9
Contact Information:
Name:Tamara Davis, SAUSD District Librarian
Phone: 714-480-4784
Email: tamara.davis@sausd.us
The designated representative for the SAPL for this Agreement is:
Name; Alvaro Nunez
Title: City Manager
Contact Information:
Name: Brian Sternberg
Phone; 714-647-5296
Email: bsternberg@santa-ana.org
{Signature Page Follows?
Page 6 of 9
IN WITNESS WHEREOF,the parties have executed this Data Sharing Agreement as of the last
day noted below.
ATTEST: CITY O ANTA AN
?PROVED
ER ALVARO NUKErkCity Manager
AS TO FORM: SANTA ANA UNIFIED SCHOOL
SONIA R. CARVALHO DISTRICT:
City Attorney
r
/ Jonathan T. Marti ez Michael Esparza
Assistant City Attorney Director of Purchasing
RECOMMENDED FOR APPROVAL:
Brian Sternberg(0a 21,202517:20:27 PDT)
Brian Sternberg
Library Services Director
Page 7 of 9
EXHIBIT A
SCOPE OF WORK FOR STUDENT SUCCESS LIBRARY CARD
A.Student Success Library Card Program
1. Student Success Library Card will use the student's SAU SD issued identification
number or Student ID as the Student Success Library Card account number. The SAPL
will not issue a physical library card since by default students will use their school issued
identification number or Student ID to check out library materials or to access electronic
resources.
2.The Student Success Library Card will provide access to all electronic resources
offered by SAPL, including online databases and downloadable e-books, audiobooks,
magazines, and video streaming.
3.The Student Success Library Card will have limited borrowing privileges of physical
materials and will be limited to five(5) books, which must be returned before additional
books will be allowed to be checked out. Students may also have and use a regular
library card in addition to the Student Success library Card.
4,Overdue fines and other fees will not be charged on any materials checked out with
the Student Success Library Card.
5.The SAPL will waive existing fines/fees if students already have a card in order to give
them a new library card, and a fresh start.
B, Library Operating Responsibilities
1. Work jointly with the SAUSD to develop information that describes the Student
Success Library Card program to parents or legal guardians.
2. Work jointly with the SAUSD to provide training and information as needed to SAUSD
librarians and administrators regarding the Student Success Library Card program and
library services.
3. Provide reasonable sufficient time for SAPL staff to visit local SAUSD schools as
needed to provide information on the Student Success Library Card program,
4. Provide student data confidentiality and privacy.
5. Import the data provided by SAUSD into the SAPL's integrated library system after
verifying those students are not already in the database.
Page 8of9
C. SAUSD Operating Responsibilities
1. Include a letter of introduction to the Student Success Library Card program in all
registration packets for students, which allows parents or guardians to opt-out of the
program by signing a form and returning it to their child's school main office.
2. Work jointly with the SAPL to develop and distribute information content that
describes the Student Success Library Card program to parents or legal guardians.
3. Produce and distribute handouts and website information to parents or legal
guardians to create awareness of the program.
4. Work jointly with the SAPL to provide training and information to SAUSD librarians
and administrators regarding the program.
S. Provide SAUSD student data to the SAPL's integrated library system via a secure
electronic delivery method.Such shared student data shall consist of participating
student's name,student ID number, home address,grade, school, and the student's
parent's/guardian's name, phone number and/or email address.
Page 9 of 9
SAUSD - MOU+DSA (2025) Draft
Final Audit Report 2025-10-22
Created: 2025-10-21
By: Dylan Dario(ddario@santa-ana.org)
Status: Signed
Transaction ID: CBJCHBCAABAAy3TgOVxEQK3Q5Ddxytl6BLBEUYGWUWy_
"SAUSD - MOU+DSA (2025) Draft" History
Document created by Dylan Dario(ddario@santa-ana.org)
2025-10-21 -11:21:57 PM GMT
Py Document emalled to Brian Sternberg (bsternberg@santa-ana.org)for signature
2025-10-21 -11:22:02 PM GMT
Email viewed by Brian Sternberg (bsternberg@santa-ana.org)
2025-10-22-0:20:11 AM GMT
6,0 Document e-signed by Brian Sternberg (bsternberg@santa-ana.org)
Signature Date:2025-10-22-0:20:27 AM GMT-Time Source:server
a Agreement completed.
2025-10-22-0:20:27 AM GMT
Adobe Acrobat Sign