Crafting the Prenuptial Agreement - School Districts and GoogleApps for Education

Image Source: http://www.franceinlondon.com/media/pictures/FilUserFiles/prenuptial%20agreement.jpg

Update: 02/08/2010 - Be sure to read the update included at the end of this blog entry!

Henry Thiele (To Learn Twice) posts his comment in response to my response to Brian Crosby (Learning is Messy) what ifs regarding GoogleApps for Education.

The tone of Henry's post is, "Well, duh, it's obvious you have to have an exit strategy!" And, of course, that is a point I make myself in the original blog entry. Yes, you have to have an exit strategy regardless of what vendor you begin an association with...but you also need to have both parties agree to the exit strategy. And, it's worth emphasizing again:

One of the hard lessons of using an outsourced system--whether for student information systems, ePortfolios--districts should learn vicariously is that they should never, ever move their data into a system unless they have a clearly articulated exit strategy.

That exit strategy should not only involve control of the data, but also how to make that data work on their own systems.

Some have suggested--perhaps, in ignorance that waits for the light of enlightenment--that you use GoogleApps for Education on Google's terms. Those terms are generous but there is little contact, no 1-800 number (UPDATE: Read comments; you do get a contact to call) available to call, no face to face meeting with the "shadowy chief executive officer" that runs Google. Should any school district decide to do business with an organization that isn't willing to send a representative to speak and make decisions, shake your hand?

In many ways, This is reminiscent of the prenuptial agreement people sign before getting married. What would such a prenuptial agreement look like?

In the past, I've shared two letters that are signed by both parties--the School District and the Vendor. They are agreements of a sort:

Letter to Vendor from Superintendent: As an authorized agent of the board of trustees for SCHOOL DISTRICT NAME, I authorize release of all current school district data to the VENDOR NAME. VENDORNAME warrants that the confidentiality of data from the school district will be maintained according to all Federal and State laws, and any local policies that are communicated to the responsible parties. VENDORNAME will act as an agent and representative for the school district in the translation, import, and/or use of data. Access to personally identifiable data will not be allowed for anyone other than the staff and sub-contractors directly responsible for the translation, import, and/or use of the data. Data will be provided only to persons or entities authorized by the school district. The data will be physically stored and backed up on servers located at VENDORNAME'S subcontractor's offices or on servers located at Internet Service provider secured sites. If the agreement between SCHOOL DISTRICT and VENDORNAME is terminated, data will be copied to storage media and returned to the district or destroyed upon the request of the District. No backup or other copies of the data will be maintained by VENDORNAME or its sub-contractors. Sincerely,
SUPERINTENDENT
Letter from Vendor to Superintendent
Dear Superintendent: VENDORNAME warrants the confidentiality of student data received from the SCHOOL DISTRICT will be maintained according to all federal and Texas laws, and according to any local policies provided that such local policies are communicated to VENDOR NAME Chief Technology Officer by SCHOOL DISTRICT in written or electronic form. VENDORNAME will act as SCHOOL DISTRICT'S agent and representative in the translation, import, and/or analysis of certain student data. Access to personally identifiable student data will not be granted to anyone other than persons or entities authorized by SCHOOL DISTRICT representatives and VENDORNAME staff and contractors directly responsible for the translation, import, and/or analysis of the data. VENDORNAME will only use student data received from SCHOOL DISTRICT according to the terms of our agreements or addenda. The student data received from SCHOOL DISTRICT will be physically stored and backed up on servers located at a secure site. When the project ends, student data received from SCHOOL DISTRICT will be copied to storage media and delivered to SCHOOL DISTRICT or destroyed upon SCHOOL DISTRICT'S request. No backup or other copies will be maintained by VENDORNAME. Please call either the Chief Technology Officer or I at your convenience with any questions. We look forward to working with SCHOOL DISTRICT. Sincerely, CHIEF EXECUTIVE OFFICER, VENDORNAME

This has only to do with confidential student data, though. Another question I have to consider is, how do you enter into a contractual agreement with GoogleApps for Education? Just because you decide to establish a GoogleApps for Education, does that automatically get you an agreement that covers FERPA?

Simply put, who at GoogleApps for Education would sign off on a letter like the one below? And, should any school district bother to use GoogleApps for Education until the CEO at Google is going to step up and sign?
As an authorized agent of the board of trustees for the NAME OF SCHOOL DISTRICT, I authorize release of all current school district data to the NAME OF VENDOR. NAME OF VENDOR warrants that the confidentiality of data from the school district will be maintained according to all Federal and State laws, and any local policies that are communicated to the responsible parties.

NAME OF VENDOR will act as an agent and representative for the school district in the translation, import, and/or use of data. Access to personally identifiable data will not be allowed for anyone other than the staff and sub-contractors directly responsible for the translation, import, and/or use of the data. Data will be provided only to persons or entities authorized by the school district.

The data will be physically stored and backed up on servers located at NAME OF VENDOR's subcontractor's offices or on servers located at Internet Service provider secured sites. If the agreement between the San Antonio ISD and NAME OF VENDOR is terminated, data will be copied to storage media and returned to the district or destroyed upon the request of the District. No backup or other copies of the data will be maintained by NAME OF VENDOR or its sub-contractors.

Furthermore, NAME OF VENDOR agrees to adhere to the following:

Data Encryption

Confidential data sent outside the District and received from NAME OF VENDOR will be encrypted using industry standard encryption algorithms and technology.

Adherence to FERPA Guidelines

Data requested by NAME OF VENDOR is subject to the Family Educational Rights and Privacy Act (FERPA), 20 USC § 1232g, which generally applies to student records.

All NAME OF VENDOR must make every effort to safeguard confidential staff and student information. Transmission of confidential data, including e-mail, must be done with all due protection.

FERPA standards for students should also be applied to staff data.

Unencrypted confidential staff or student data should not be carried on a laptop, desktop, or hand-held computer, travel drive, or other electronic device outside of the NAME OF VENDOR system(s) or buildings or off their property.

When unattended, data should be left in a locked location.

If a breach of security occurs, SCHOOL DISTRICT must be notified of the incident, and updated when/if the breach is resolved.

Reports and other documents must be shredded or otherwise completely destroyed when no longer needed for educational purposes. Do not discard documents with names and Social Security numbers in wastebaskets or recycle bins.

Obsolete electronic devices must have all confidential data files completely deleted before removal or transport.
Identifiable information to anyone other than representatives of that organization and the information is destroyed when it is no longer needed for the study.

NAME OF VENDOR will act as the NAME OF SCHOOL DISTRICT agent and representative in the translation, import, and/or analysis of certain data.

Access to personally identifiable data will not be granted to anyone other than persons or entities authorized by the NAME OF SCHOOL DISTRICT representatives and NAME OF VENDOR staff and contractors directly responsible for the translation, import, and/or analysis of the data.

NAME OF VENDOR will only use data received from the NAME OF SCHOOL DISTRICT according to the terms of our agreements or addenda. The data received from the

NAME OF SCHOOL DISTRICT will be physically stored and backed up on servers located at a secure site. When the project ends, any data received from the NAME OF SCHOOL DISTRICT will be copied to storage media and delivered to the NAME OF SCHOOL DISTRICT or destroyed upon the NAME OF SCHOOL DISTRICT request. No backup or other copies will be maintained by NAME OF VENDOR.

NAME OF VENDOR will sign and return this letter indicating its acknowledgement and agreement of the terms outlined here.

Please call either the Chief Technology Officer or I with any questions.

Sincerely,

SUPERINTENDENT

___________________________________________________
NAME OF VENDOR Chief Executive Officer Signature
Thoughts?

Update: Comments Via Facebook

  • Barbara Bray
    Interesting! I so agree with what you are writing. I suggest reading the Terms of Use of any company you work with including Google before you invest people, time, or valuable protected information. Having a real person to talk to is important.

Update 02/08/2010 from Henry Thiele:
Google does have a "Migration Checklist" - I have a copy of it here http://spreadsheets.google.com/ccc?key=0AgNjr58arj7ndEl2T3g1dktrcG9LMjBBeTV4YV96Qnc&hl=en

Anyone thinking of moving to Google Apps for Education should read the agreement you are entering into with them here: http://www.google.com/apps/intl/en/terms/education_terms.html

Section 6 talks about confidential information which is defined as:
“Confidential Information” means information disclosed by a party to the other party under this Agreement that is marked as confidential or would normally be considered confidential under the circumstances. Customer Data is Customer’s Confidential Information.
“Customer Data” means data, including email, provided, generated, transmitted or displayed via the Services by Customer or End Users.

and 11.2 talks about how confidential information will be handled if you decide to leave Google.

This is the prenuptial agreement and (IMO) it is as fair as any agreement you will get from any company - especially one that is providing so many services at no cost.




Subscribe to Around the Corner-MGuhlin.org


Everything posted on Miguel Guhlin's blogs/wikis are his personal opinion and do not necessarily represent the views of his employer(s) or its clients. Read Full Disclosure

Comments

Unknown said…
Once you are a subscriber to Google Apps, there is a customer service number you can call. You are provided a service number pin. I have called it on a couple of occassions.
Anonymous said…
Frankly... the constant stream about GoogleApps is getting old... it feels like you are being sarcastic or you are taking a strike against "the man" but in reality it is getting old...
@Anonymous So, unsubscribe! Not to be rude, but I write my blog for me, not you. I'm exploring questions that need to be discussed but aren't anywhere I've seen.
@James thanks, i've included that part as an update in the post.

Is there a migration plan for school districts that Google has laid out? You know, something that answers all these questions districts have?
Google does have a "Migration Checklist" - I have a copy of it here http://spreadsheets.google.com/ccc?key=0AgNjr58arj7ndEl2T3g1dktrcG9LMjBBeTV4YV96Qnc&hl=en

Anyone thinking of moving to Google Apps for Education should read the agreement you are entering into with them here: http://www.google.com/apps/intl/en/terms/education_terms.html

Section 6 talks about confidential information which is defined as:
“Confidential Information” means information disclosed by a party to the other party under this Agreement that is marked as confidential or would normally be considered confidential under the circumstances. Customer Data is Customer’s Confidential Information.
“Customer Data” means data, including email, provided, generated, transmitted or displayed via the Services by Customer or End Users.

and 11.2 talks about how confidential information will be handled if you decide to leave Google.

This is the prenuptial agreement and (IMO) it is as fair as any agreement you will get from any company - especially one that is providing so many services at no cost.
Unknown said…
Privacy is definitely a concern in the cloud. I lost the battle to migrate our email system to gmail because of the sensitive nature of what our school deals with. Honestly, our school has no less sensitive issues, but at this point I am happy with the rest of the suite of products. If Google went full HIPPA then we would have made the switch. For now we are using an old Groupwise 6.5 and will probably move to Kerio.

However if there is new HIPPA compliance then we will switch as I am sure many doctors. I know the LAPD had some of the same privacy concerns when the City of LA made the switch, despite all the security Google has.
Unknown said…
Privacy is definitely a concern in the cloud. I lost the battle to migrate our email system to gmail because of the sensitive nature of what our school deals with. Honestly, our school has no less sensitive issues, but at this point I am happy with the rest of the suite of products. If Google went full HIPPA then we would have made the switch. For now we are using an old Groupwise 6.5 and will probably move to Kerio.

However if there is new HIPPA compliance then we will switch as I am sure many doctors. I know the LAPD had some of the same privacy concerns when the City of LA made the switch, despite all the security Google has.

Popular posts from this blog

Rough and Ready - #iPad Created Narrated Slideshow

Old Made New: Back to Bunsen Labs Linux (Updated)

The Inside Scoop: EdTech 2020 Virtual Conference #edtech #zoom