Personally Identifiable Information Regulations

Laws Governing Service Providers

This is a summary of NRS 388.281 to 388.296, which is required to be publicly available in accordance with NRS 388.2955.

School Service Providers must provide a written notice of changes in security of data concerning pupil's personal identifiable information.

School Service Providers must remove Personal identifiable information upon request, and may only share the data when the following circumstances are met.

For purposes inherent to the use of a school service by a teacher in a classroom or for the purposes authorized by the board of trustees of the school district in which the school that the pupil attends is located, the governing body of the charter school that the pupil attends or the governing body of the university school for profoundly gifted pupils that the pupil attends, as applicable, so long as it is authorized by federal and state law;

If required by federal or state law;

In response to a subpoena issued by a court of competent jurisdiction;

To protect the safety of a user of the school service; or

With the consent of any person required in a policy of the school district, charter school or university school for profoundly gifted pupils, as applicable, or, if none, with the consent of the pupil, if the pupil is at least 18 years of age, or the parent or legal guardian of the pupil if the pupil is less than 18 years of age.

School Service Providers must provide a detailed plan for the security of any data concerning pupils that is collected or maintained by the provider. The provider must also provide notice of security breach. ECSD shall annually provide professional development regarding the use of service providers, and the security of data concerning pupils.

School Services Providers are authorized to use and disclosed certain aggregated information to develop, improve or demonstrate effectiveness of products or services.

It is the duty of a public school to provide information concerning school service providers and data security. Here is the list of requirements.

ECSD Must post a summary of NRS 388.281 to 388.296

ECSD must post a list of school service providers

ECSD confirms each school service provider has a security plan, which includes notification of a breach

ECSD provide a way to report suspicious behavior from a school service provider

ECSD will provide parents directions on where to find information about the school service providers

A person or governmental entity may not waive or modify any right, obligation or liability set forth in NRS 388.281 to 388.296, inclusive. Any condition, stipulation or provision in a contract which seeks to do so or which in any way conflicts with the provisions of NRS 388.281 to 388.296, inclusive, is against public policy and is void and unenforceable.

Follow this link to access the full NRS laws described in this summary.

NRS 388.281 to NRS 388.296

List of Approved Service Providers and Their Security Policies

The link below will take you to a page that lists out digital service providers that ECSD uses. There you will find service provider names, descriptions, any restrictions for use, and a link to their privacy policy.

Service Providers

School Policy for Service Providers

Service providers that house and transfer student data must keep student data private. Services we use, such as Google Education, Infinite Campus, and Canvas, must agree to follow the ECSD Data Privacy Agreement on top of their own privacy policy for us to use them. A copy of the ECSD Data Privacy Agreement is provided here for public viewing.

ECSD Data Privacy Agreement

Report Misuse of a Service Provider

If anyone notices any suspicious activity relating to a service provider for ECSD, we encourage them to report it with the link below.

Report Misuse of a Service Provider