|
personal identifiers such as the student's state -assigned student identifier, social security number, student number or
<br />biometric record; (e) indirect identifiers such as the sttrdenes date of birth, place of birth or mother's maiden name;
<br />and (f) demographic attributes, such as race, socioeconomic information, and gender. To the extent it is not already
<br />included in the definition hereinabove, PH also includes "personal information" as defined in the Colorado Open
<br />Records Act, C.R.S. 24-72-101 et seq.; personally identifiable information contained in student "education records"
<br />as that term is defined in tile Family Educational Rights and Privacy Act, 20 U.S.C. 1232g; "protected health
<br />information" as that term is defined in the Health Insurance Portability and Accountability Act, 45 C.F.R. Part
<br />160.103; "nonpublic personal information" as that term is defined in the Gramm -Leach -Bliley Financial
<br />Modernization Act of 1999, 15 U.S.C. 6809; credit and debit card numbers and/or access codes and other cardholder
<br />data and sensitive authentication data as those terms are defined in the Payment Card Industry Data Security
<br />Standards; other financial account numbers, access codes, and state- or federal -identification numbers such as
<br />driver's license, passport or visa numbers.
<br />1.9 "Record" means any information recorded in any way, including, but not limited to, handwriting,
<br />print, computer media, video or audio tape, film, microfilm, and microfiche.
<br />I.10 "Secure& Destroy" means to remove District Data from Contractor's systems, paper tiles, records, databases,
<br />and any other media regardless of format, in accordance with the standard detailed in National institute of Standards
<br />and Technology ("NIST") SP 800-88 Guidelines for Media Sanitization so that District Data is permanently irretrievable
<br />in Contractor's and its Subcontractor' normal course of business.
<br />1.11 "Security Breach" means an event in which District Data is exposed to unauthorized disclosure, access,
<br />alteration or use or a system configuration that results in a documented unsecured disclosure, access, alteration or use, in
<br />a manner not permitted in this Addendum, which poses a significant risk of financial, reputational or other harm to the
<br />affected End User or the District.
<br />1.12 "Services" means any goods or services acquired by the District from the Contractor, including
<br />computer software, mobile applications (apps), and web -based tools accessed by End Users through the Internet or
<br />installed or run on a computer or electronic device.
<br />1.13 "Subcontractor" means Contractor's employees, subcontractor or agents, identified on Schedule
<br />2 as updated by Contractor from time to time in accordance with the requirements of this Addendum, who
<br />Contractor has engaged to enable Contractor to perform its obligations under the Contract.
<br />1.14 "Student Profile " means a collection of PH data elements relating to a student of the District.
<br />2. Rights and License in and to District Data
<br />District owns all rights, title, and interest in and to District Data and any and all now known or hereafter existing
<br />intellectual property rights associated therewith, and any derivative works thereof or modifications thereto, including
<br />without limitation, De -identified Data. The District hereby grants to Contractor a limited, nonexclusive license to
<br />use District Data and De -identified Data solely for the purpose of performing its obligations specified in the
<br />Contract or as otherwise permitted by the Agreement. Contractor shall have no rights, title, or interest implied or
<br />otherwise, to District Data or De -identified Data, except as expressly stated in the Agreement.
<br />Colorado Council of School Board Attorneys, December I0, 2016
<br />
|