- Data Security.
StoryJumper agrees to abide by and maintain adequate data security measures, consistent with industry standards and technology best practices, to protect Student Data from unauthorized disclosure or acquisition by an unauthorized person. Our general security duties are set forth below. These measures include, but are not limited to:
- Passwords and Employee Access. StoryJumper will secure usernames, passwords, and any other means of gaining access to the Services or to Student Data, at a level suggested by Article 4.3 of NIST 800-63-3. StoryJumper will only provide access to Student Data to employees or contractors that are performing the Services. Employees with access to Student Data will have signed confidentiality agreements regarding said Student Data. All employees with access to Student Records will pass criminal background checks.
- Destruction of Data. StoryJumper will destroy or delete all Personally Identifiable Data contained in Student Data and obtained under the Educational Account Agreement (“EAA”) when it is no longer needed for the purpose for which it was obtained according to a schedule and procedure as the parties may reasonably agree.
- Security Protocols. Both parties agree to maintain security protocols that meet industry best practices in the transfer or transmission of any data, including ensuring that data may only be viewed or accessed by parties legally allowed to do so. StoryJumper will maintain all data obtained or generated pursuant to the EAA in a secure computer environment and not copy, reproduce, or transmit data obtained pursuant to the EAA, except as necessary to fulfill the purpose of data requests by EA Administrator, including request for Services.
- Employee Training. StoryJumper will provide periodic security training to those of its employees who operate or have access to the system. Further, at EA Administrator’s request, StoryJumper will provide EA Administrator with contact information of an employee who they may contact if there are any security concerns or questions.
- Security Technology. When the service is accessed using a supported web browser, Secure Socket Layer (“SSL”), or equivalent technology will be employed to protect data from unauthorized access. The service security measures will include server authentication and data encryption. StoryJumper will host data pursuant to the EAA in an environment using a firewall that is periodically updated according to industry standards.
- Security Coordinator. Upon request, StoryJumper will provide the name and contact information of StoryJumper’s Security Coordinator for the Student Data received pursuant to the EAA.
- Subprocessors Bound. StoryJumper will enter into written agreements whereby Subprocessors agree to secure and protect Student Data in a manner consistent with these terms.
- Periodic Risk Assessment. StoryJumper further acknowledges and agrees to conduct periodic risk assessments and remediate any identified security and privacy vulnerabilities in a timely manner.
- Backups. StoryJumper agrees to maintain backup copies, backed up at least daily, of Student Data in case of StoryJumper’s system failure or any other unforeseen event resulting in loss of Student Data or any portion thereof.
- Audits. Upon receipt of a request from the EA Administrator, StoryJumper will allow the EA Administrator to audit the security and privacy measures that are in place to ensure protection of the Student Record or any portion thereof. StoryJumper will cooperate fully with the EA Administrator and any local, state, or federal agency with oversight authority/jurisdiction in connection with any audit or investigation of StoryJumper and/or delivery of Services to students and/or EA Administrator, and will provide full access to the StoryJumper’s facilities, staff, agents and EA Administrator’s Student Data and all records pertaining to StoryJumper, EA Administrator and delivery of Services to StoryJumper. Failure to cooperate will be deemed a material breach of the Agreement.
- Data Breach.
In the event that Student Data is accessed or obtained by an unauthorized individual, StoryJumper will provide notification to EA Administrator within ten (10) days of the incident. StoryJumper will follow the following process:
- The security breach notification will be written in plain language, will be titled “Notice of Data Breach,” and will present the information described herein under the following headings: “What Happened,” “What Information Was Involved,” “What We Are Doing,” “What You Can Do,” and “For More Information.” Additional information may be provided as a supplement to the notice.
- The security breach notification described above in section 2(a) will include, at a minimum, the following information:
- The name and contact information of the reporting EA Administrator subject to this section.
- A list of the types of personal information that were or are reasonably believed to have been the subject of a breach.
- If the information is possible to determine at the time the notice is provided, then either (1) the date of the breach, (2) the estimated date of the breach, or (3) the date range within which the breach occurred. The notification will also include the date of the notice.
- Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided.
- A general description of the breach incident, if that information is possible to determine at the time the notice is provided.
- At EA Administrator’s discretion, the security breach notification may also include any of the following:
- Information about what the agency has done to protect individuals whose information has been breached.
- Advice on steps that the person whose information has been breached may take to protect himself or herself.
- StoryJumper agrees to adhere to all requirements in federal law with respect to a data breach related to the Student Data, including, when appropriate or required, the required responsibilities and procedures for notification and mitigation of any such data breach.
- StoryJumper further acknowledges and agrees to have a written incident response plan that reflects best practices and is consistent with industry standards and federal law for responding to a data breach, breach of security, privacy incident or unauthorized acquisition or use of Student Data or any portion thereof, including personally identifiable information and agrees to provide EA Administrator, upon request, with a copy of said written incident response plan.
- At the written request and with the assistance of the EA Administrator and/or by the respective school district, StoryJumper will notify the affected parent, legal guardian or eligible pupil of the unauthorized access, which will include the information listed in subsections (b) and (c), above.
We use cookies on this site. By continuing to use this site, we assume you consent for cookies to be used. See our Cookie Policy.
GOT IT