Purpose. Curriculum Associates (“CA”) takes the protection of our customers’ data and information, particularly student data, very seriously. The purpose of this Data Handling and Privacy Statement is to inform our customers about our current data security policies and practices, which are intended to safeguard this sensitive information. CA handles customer data in a manner consistent with applicable laws and regulations, including, without limitation, the Federal Family Educational Rights and Privacy Act (FERPA), the California Student Online Personal Information Protection Act (SOPIPA), the Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Act, and other state student data privacy protection laws.
Scope. This policy covers the collection, use, and storage of data that is obtained through the use of the products and related services accessible through the use of CA’s proprietary i-Ready® platform, i-Ready Connect™. These include i-Ready® Assessment, i-Ready Learning, i-Ready Learning Games, i-Ready Standards Mastery, i-Ready reports and reporting tools, and the eBook versions and digital components of i-Ready Classroom Mathematics. All of these products and services are collectively referred to in this policy as “i-Ready.” Note that there are separate terms applicable only to Teacher Toolbox, an educator-only facing product. These separate terms are described at the end of this privacy statement.
Student Data Obtained and Collected.
CA receives certain information, which we receive pursuant to the school official exception under FERPA, from its school district customers to enable students to use i-Ready. The following information is generally provided to CA for each student user of i-Ready:
Note that some of these data fields (such as ethnicity or race, ELL status, eligibility for free or reduced-price lunch) are not required for the use of i-Ready. However, where districts would like reporting capabilities based on these categories, they may choose to provide this information to CA.
Data We Do Not Collect.
CA never obtains or collects the following categories of information through the use of i-Ready:
When students use i-Ready, certain assessment results and usage metrics are also created. These results and usage metrics are used by CA as described below. While teachers and school administrators are able to access student information and related i-Ready usage data, this information is not made available to other students or the public.
How We Use Student Data. CA only uses student data for education-related purposes and to improve teaching and learning, as described in more detail here. We receive this data under the “school official” exception under FERPA:
How We Use De-identified Data.
No Targeted Advertisements or Marketing.
No User Interactions.
Student Privacy Pledge. To further demonstrate its commitment to protecting the privacy of student information, CA has taken the Student Privacy Pledge StudentPrivacyPledge.org. This means that, among other things, CA has pledged not to sell student information, not to engage in behaviorally targeted advertising, and to use collected data for authorized purposes only. CA only uses collected student data for the purposes described in the “How We Use Student Data” paragraph.
How We Use Educator Data. CA also collects the following information about educators that use the i-Ready platform: name, school or district affiliation, grade-level teaching, IP address, and email address. CA uses this information for account registration and maintenance purposes. CA also records when educator account logins are created, and when educators log in and out of the i-Ready platform. CA utilizes a third-party service provider to host professional-development content for educators in a learning management system (LMS). For any educator who utilizes that content, CA and/or the educator will provide certain i-Ready account information to its third-party service provider, and this information will be used to communicate with educators and district-level administrators more effectively about their specific implementation and to better understand how educators use the i-Ready and LMS platforms. We may also use de-identified educator data to improve our product and service offerings, as described in the “How We Use De-identified Data” section above.
Data Storage Location.
Network-Level Security Measures.
Server-Level Security Measures.
Computer/Laptop/Device Security Measures. Curriculum Associates employs a full IT staff that manages and secures its corporate and employee IT systems. Laptops are encrypted and centrally managed with respect to configuration updates and anti-virus protection. Access to all CA computers and laptops is password-controlled. CA sets up teacher and administrator accounts for i-Ready so that they are also password-controlled. We support customers that use single sign-on (SSO) technology for accessing i-Ready.
Employee and Contractor Policies and Procedures. CA limits access to student-identifiable data and customer data to those employees who need to have such access in order to allow CA to provide quality products and services to its customers. CA requires all employees who have access to CA servers and systems to sign confidentiality agreements. CA requires its employees and contractors who have access to student data to participate in annual training sessions on IT security policies and best practices. Any employee who ceases working at CA is reminded of his or her confidentiality obligations at the time of departure, and network access is terminated at that time.
Third-Party Audits and Monitoring. In addition to internal monitoring and vulnerability assessments, Curriculum Associates contracts with a third party to conduct annual security audits, which includes penetration testing of the i-Ready application. Curriculum Associates reviews the third-party audit findings and implements recommended security program changes and enhancements where practical and appropriate.
Data Retention and Destruction. Student and teacher personal data is used only in the production systems and only for the explicitly identified functions of the
i-Ready application. Student and teacher personal data is de-identified before any testing or research activities may be conducted. Upon the written request of a customer, Curriculum Associates will remove all personally identifiable student and educator data from its production systems when CA will no longer be providing access to i-Ready to that customer. In addition, CA reserves the right, in its sole discretion, to remove a particular customer’s student data from its production servers a reasonable period of time after its relationship with the customer has ended, as demonstrated by the end of contract term or a significant period of iinactivity in all customer accounts. Student data is removed from backups in accordance with CA’s data retention practices. If CA is required to restore any materials from its backups, it will purge all student-identifiable data not currently in use in the production systems from the restored backups.
Correction and Removal of Student Data.
CA follows documented “Security Incident Management Procedures” when investigating any potential security incident. In the event of a data security breach, CA will notify impacted customers as promptly as possible that a breach has occurred, and will inform them (to the extent known) what data has been compromised. CA expects customers to notify individual teachers and parents of any such breach to the extent required, but will provide customers reasonably requested assistance with such notifications and will also reimburse customers for the reasonable costs associated with legally required breach notices.
Data Collection and Handling Practices for All Teacher Toolboxes.
The Teacher Toolbox for i-Ready Classroom Mathematics, Ready Mathematics, Ready Reading, and Ready Writing provides a set of digital resources intended for use by educators. It is not a student-facing product, and therefore no student data is collected through the use of any Teacher Toolboxes. CA collects the following information about educators who use a Teacher Toolbox: name, school or district affiliation, grade-level teaching, and email address. CA uses this information for account registration and maintenance purposes. CA also records when educator account logins are created, and when educators log in and out of Teacher Toolbox. When a teacher uses a Teacher Toolbox, our systems record which resources have been accessed by whom and the frequency of access. We use this information for product development purposes, to ensure that we are providing educators with resources that are useful to them. Our account management, customer service, and tech support teams also use this information to provide more specifically tailored support to our educator customers. Upon request, we may also provide this information to school- or district-level administrators to help them better understand how our Teacher Toolbox resources are used by educators in their school or district. We also use this information to communicate with educators more effectively about their specific implementation. We do not sell this information or otherwise share it with any third parties, nor do we serve advertisements to educators based on this usage data. We do not use this data to create a profile about any of the educators who use our products to provide to anyone outside of CA. We simply use this collected data for internal purposes to make our product and service offerings better.
Opt-In Google Classroom Assignment Feature for Teacher Toolbox for i-Ready.
For districts that use Google Classroom, Curriculum Associates offers educators the ability to easily assign student-facing content from the Teacher Toolbox for
California and Nevada Residents: Visit https://cdn.i-ready.com/instruction/content/systemcheck/iReady_Privacy_Policy_CCPA_Addendum.pdf for additional rights applicable to you.
Google Drive™ is a licensed brand feature of Google, LLC.