PRIVACY ADDENDUM
This Privacy
1
Addendum
1-06-2015
(hereinatter "Addenclum")
to the Agreement between the parties
(hereinalter "Agreement")
ano'
Calcasieu Parish School Board (hereinafter "School tsoard )
"Vendor"). This Addendum is efTective us of the
06
day
is
into by and between
entered
Pearson
of November. 20
dated
the
(hereinafter
15
.
the coltection' disclosure and use of students'
The State of Louisiana recently enacted new laws governing
that any contracts berween a school system and a
personally identifiabre informaiion. The new laws require
intb.raiion of any student contain the statutorily
third-party w5o is enrrusted with personally identifiutl"
personally identifiable intbrmation (hereinafter
prescribed minimum elements regarding th! use of student
..Pll"). Vendor agrees to comply with those new laws which are now designated La' R'S' 17:3914' as
"'F" thereto. and to protect the privacy of student data and Pll'
amended. particularly subsection
allows access to student information' including
Vendor agrees to protect student infbrmation in a manner that
information'
pll. only by those individuals who are authorized by the Agreernent or Addendum to access said
including' but not
persorrally identifiable information rnust be protected by appropriatc security measures.
security questions. and other similar
limited to. the use of user names. secllre passwords. encryption.
level of electronic protection to ensure the integrity of
measures. vendor.s network must nraintain a t',igt',
in these systems. The vendor agrees to pertbrm
sensitive intbrrnation and to prevenr unauthorized access
system auditing to maintain protection of its systems'
regular reviews of its protection merhods and perform
access that are patched. up to date' and have all
Vendor agrees to maintain systems secure ttom unauthorized
appropriate security updates instal leci'
an<J/or receive student data are those that have
To ensure that the only individuals and entities who can access
data'
access and/or receive personatly identifiable student
been specit'ically authorized under the Agreement to
identify the specific individual who is accessing or
vendor shall implement various fbrnrs of authentication to
determine the level of security that will provide the
has accessed tlre information. Vend.r must individually
it maintains. Vendor shall not allow any individual
statutorily required level of protection for the student data
identitiable student records or data at any time'
or entity unauthenticated access to confidential personally
of the terms of the Agreement or this
only those individuals whose job duties Ji.ectly involve fult'illment
shall be permitted to access Pll or student data'
Addendurn. and who are in a..need to know"'position.
and positions of those persons who are
Vendor shall provide School Boarc. upon request. with identities
authorizedtoaccessPllundertheAgreementortheAddendum.
the contjdentiality and security of personally
Vendor shall implement appropriate measures to ensure
access or disclosure of information' and prevent any
identitlable infbrnration, protect agairrst any unauthorized
individual identified by the data'
could result in substantial harm to the School Board or any
other action that
and maintained
data will be stored. processed.
Vendor agrees thar any and all personally identiflable student
No School Board data" at any time. will be processed on
in a secure location and solely on designated servers.
portable storage medium' unless that storage medium
or transt'erred to any portable .o*p,,ting device or any
1
processes. All servers' storage. backups' and
is in use as part ofthe vendor's designated backup ancl recovery
witlrin the United states unless
network paths utilized in the delivery of the service shall be contained
specifically agreed to in writing by tire School Board'
shall be used expressly and solely for the
Vendor agrees that any and all data obtained from the School Board
or shared for any other purpose'
purpor"rlnumerated in the Agreemcnt. Data shall not be distributed' used.
any kind shall be revealed'
As required by Federal and State law. Vendor f'urther agrees that no data of
parties. Except as specifically permitted by
transmifted. exchanged. or otherwise passed to other vendors or
process any student data for any
the terms of the Agreement. vendor shall not sell. transf'er. share. or
commercia[. advertising' or marketitl g purpose'
The policy shall require the storing
Vendor shall develop a policy for the protection and storage of audit logs.
the audit trail. Vendor must
of audit logs and records on a ser\er separate from the system that generates
of ar.rdit trails shall be
Retention
data.
restrict access to audit logs to prevcnt tampering or altering of audit
technical. risk management. and legal
based on a schedule determined atter consultation with operational.
staft.
subcontractors. agents'
vendor is permittecl to disclose pll and student data to its employees. authorized
provided that all srrch subcontractors. agents'
consultants and auditors on a need to know basis only,
to Vendor and the School Board consistent
consultants, and auditors have writtcn confidentiality obligations
termination of any agreement
with the terms of this Addendum. The cont.identiality obligations shalt survive
is longer. and will inure to the
with vendor for so long as the infbrmation remains confidential. whichever
benefit ofthe School Board.
protected information may
Vendor acknowledges and agrees that unautlrorized disclosure or use of
could not be obtained solely
irreparably damage ihe schoolboarcl in such a way that adequate compensation
seek injunctive relief restraining
in monetary damages. Accordingly. the School Board shall have the right to
protected intbrrtation. in addition to any other
the actual or threatened unauthorized disclosure or use of any
Vendor hereby waives the posting of a bond
remedy otherwise available (including reasonable attorney fees).
t'urther grants the School Board the
by School Board with respect to anilction for injunctive retiefl. vendor
Parish. Louisiana. in vendor's
,igt r. ur, not the obligation. to enlbrce these provisions by suit in calcasieu
representatives. agents.
owners.
name against any oi vendor's employees. otficers. board members.
contractors. and subcontractors.
thereof. a clear data breach
Vendor shall establish, implement. and provide to School Board evidence
addressing a potential breach. Vendor's
response plan outlining organizational poiicies and procedures lbr
of any further data loss and of any
response plan shall require prompt response for minirnizing the risk
individuals. A data breach is any
negative consequences of the breach. including potential harm to atrected
of personally identifiable information
instance in wlrich there is an unautlrorized or unlawful release or access
of whether vendor
or other infbrmation not suitabte fbr public release. This definition applies regardless
provider'
service
cloud
a
as
stores and manages the data directly or through a contractor, such
seq. (Louisiana Database Breach
Vendor agrees to comply with the requirements of La. R.S. 5l:3071 el
of individuals of data breaches.
notitication
Notification Law) as weli as any other applicable laws regarding
t
rtttilttlhrtrl/ctl :tr"'ucs'
lli{l i1' lrtil\ ill! rl.tltllritltrrtt
ll, ilt(l rl!*rlr rrr lltt' crcltl 'rl
trrcrrtlt' ltt":il.'i:,;'.
;tir'ttlrli;rtrlr-. illlrlltr|.llrr,!t ilt irlltdi .l .i;rr {rurrr lrr rlru ercnr
\lcn.lo, rFrcc'i ltl
'l ;r tlltlrtttn(lct xnp.llci'Il,il;i.
.\'\ ilt tl!, rrhi lt..{t tl ilt\
il(,lrliLillr{rrr
.r.:r r.,.cnl ru(ll]lilnu
cntirlr:d to rlotru..
il.,litttitlCl i,t
ttorlr
1i'1ltl'. !ll( \r..ltrrr,l tili.rttl rrttrrrr..rlllttr ,,,,,i ,,*,,,,,. rc',p,rtr'rl'rlrtr lor ttrhrntttng:ll '"t]i;;',,.
",rpto1'*ti
illirir t .rlrliltL.rlril .rrn ,1111i 1,, ;1111g1.1. ;lr. lrtrltl hrtrtrrlesr ,r,rd tlt:1cn*J tlrr: \chtxrl l-|t[;;rr-unei'.r
rclull\c
Ittti .r,,itrn,l .lt,r. .ulrl ,ril r i;ri:nr. ri:rllr ,L.\. or airll\c\ ttl itctl(ln rr-'lalcrl l(! lhr tlllillltllurl/i
:::'i':,,t:,t;Jl:'il"tiilfil:
il, r, , '11.1.,t,.,. r,,,llr .llrllltL:rlrlt ,.tili
''i'r!' .l'rr,lr'. .t. rr.'11 ,r.. ,r!r.irt,'t" .r
'
'( .rllrir' ll', rr'r ',,t :tr .lllri
l'1 .r,,:,1.
i)('' .{irlir'.. r.,,'1. ',,r'i11 1 rl'
lt{)lrl lln\ *tott' ti'dr"'r't]-'t]r\
\"cnd{tr
tr't t111111111 trr cudil
lltltl illl{lllllt'\ittti lt'rlernl lltu' \'cttrlot 'tgrucr
'iit"'i'titttti-i'ut"
it'\rrlililtc{l l,r
I
t'e sel"""t
llutllt\
trr nrrrlrt'r lllld \uctlnt\
\,",t.(.rirrrL.nr ilNrlr(rrnr hrrl rrrrl lrrnttctl
ltoarul whcn nr:qucstl;ti
h, ,t;ttlu .1\:l.lilhlc ,.r,u"i'i"'l' irnd tlr.j Schtxrl
('()ntfilet cxplrcs' \'CndOr *hlll
I,ltt...tr^i r, lt:r.trrtlr,,:rt rlr tl llW,rr{tttitl
\rldcnduttr to lhc Schrrol
'rr:rnr:u rrl it* rvrtrk lln(lL'r thc '\r:rt:crncnt ttr tlrc
ri ltr'!1'
l
rcndcr
unlltfbtu
ltfllrt'r illlrcr\ to thcrcltltcr crasu' duslrtr)'' ilnd
contracted lirr thc
'\r!\\c\\rrru ol pcrsotls lll'x.l cnllilt:\ rttlh rtlrrur rt hux
thal ptcvcnts tts
lllanncr
ln 3
-. \r:rr:crrrsrtt or ,\tltlctttittlrr. tn rls l;nllrcl\'
Vcntlor shall certif-v in urtltn'J
';tl,,tr- ll ilti :\t' or ;rrllllillrle liL'ru\loritlr()tt utillltc\'
t)l"tlrc ('ontrltct or within sevcn {?)
r....r . lrltlllir -'rl \\rthln .i(l tlavs ol llru lcrntillirlion
rr' \t'ltortl llollrrl. rr l'ttuhcvrr clrttt*s lirrl
I !'ri{t('\l r\
\
ir.
crrtlor
'
,li
I
t'r
':11
(lii,:\riit!'11 .ll;li \ill]plclllll.nli|n(|\u|)cr\edcatrr-U(rnlltgtiltslcnrls()rconditionsoi.thc
t)rl!:lnirl Agrcement shall remain ttr
\r. :cct lt) lllc lilrcuorrr5." rltu lcrtrrr r!l'tlrE
\ r'rrill,
,
\ --ri
\llll""'
( \1.(' \sll'lt l'\ltlsgs('ll()ot'
Itlltll tltitltttrt
<_,{
'-
"''
.
1|lirll! i
!-'l!ittltl-U
\
tr t hr
rii zctl ('
l'Sli I{cprcsclltitlil
BOARI)
c Sisn*turc
(
llNL Pw.(1t4
i
l' !rl !
\
ut
ltuirzctl l(cprc'cntirtlvc Niunc { Printt
5ul*v*ra^.a*d
'i tli'
lrll,;
{ .\l ('\SlUl; l!,\RlSllS('tl(X)L
,,
I
ttrlrt'
I)ltc
i,;t 1r
/
=)=),,
*
4
I