​Privacy and Security       

Statement for All PBISApps applications, including The SWIS Suite (SWIS, CICO-SWIS, & ISIS-SWIS), PBIS Assessment, PBIS Evaluation, and PBISApps.org

Last updated July 2016 

Privacy and security are among the highest priorities for PBISApps and our applications, including The SWIS Suite (SWIS, CICO-SWIS, & ISIS-SWIS), PBIS Assessment, PBIS Evaluation, and PBISApps.org. We work diligently to maintain student and faculty privacy and treat all sensitive data and personal information with the highest industry standards. This Privacy & Security Statement outline the specific steps that are taken to assure that student and faculty/staff data are treated carefully and appropriately.

Privacy

The protection of student, staff, and family personal information is critical to our work. As such, PBISApps has endorsed the Student Privacy Pledge, a strong set of commitments drafted with the involvement of educational non-profit groups, the Software & Information Industry Association, and public sector educational leaders. PBISApps is run by Educational and Community Supports, a research center in the University of Oregon’s College of Education. As part of a public research university we are ineligible to be a signatory to the pledge but have committed to following each aspect of the pledge completely. This privacy statement outlines our commitments and the steps we take to ensure that personal (i.e., individually identifiable) information remains private.

As per the Student Privacy Pledge, PBISApps commits to:

• Not collect, maintain, use or share student personal information beyond that needed for authorized educational/school purposes, or as authorized by the parent/student.
  
  
• Not sell student personal information.
  
  
• Not use or disclose student information collected through an educational/school service (whether personal information or otherwise) for behavioral targeting of advertisements to students.
  
  
• Not build a personal profile of a student other than for supporting authorized educational/school purposes or as authorized by the parent/student.
  
  
• Not make material changes to school service provider consumer privacy policies without first providing prominent notice to the account holder(s) (i.e., the educational institution/agency, or the parent/student when the information is collected directly from the student with student/parent consent) and allowing them choices before data is used in any manner inconsistent with terms they were initially provided; and not make material changes to other policies or practices governing the use of student personal information that are inconsistent with contractual requirements.
  
  
• Not knowingly retain student personal information beyond the time period required to support the authorized educational/school purposes, or as authorized by the parent/student.
  
  Note: Any information held in secure backup files beyond license expiration will be deleted over time through normal backup procedures.
  
  
• Collect, use, share, and retain student personal information only for purposes for which we were authorized by the educational institution/agency, teacher or the parent/student.
  
  
• Disclose clearly in contracts or privacy policies, including in a manner easy for parents to understand, what types of student personal information we collect, if any, and the purposes for which the information we maintain is used or shared with third parties.
  
  Note: The SWIS Suite license agreement details what personal information we collect and how it is used.
  
  
• Support access to and correction of student personally identifiable information by the student or their authorized parent, either by assisting the educational institution in meeting its requirements or directly when the information is collected directly from the student with student/parent consent. 
  
  Note: Parents, guardians, or students may review and request changes to such data by communicating with their school.
  
  
• Maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks – such as unauthorized access or use, or unintended or inappropriate disclosure – through the use of administrative, technological, and physical safeguards appropriate to the sensitivity of the information. For more information, see our security statement below.
  
  
• Require that our vendors with whom student personal information is shared in order to deliver the educational service, if any, are obligated to implement these same commitments for the given student personal information.
  
  Note: We do not share student personal information with vendors except by specific request and authorization of the licensee.
  
  
• Allow a successor entity to maintain the student personal information, in the case of our merger or acquisition by another entity, provided the successor entity is subject to these same commitments for the previously collected student personal information.
  

 

Security

• Secure Login and Password. Security of data are enhanced through the use of a personal login and password. Logins are available only to a limited number of individuals selected by the site (i.e., specifically designated by a School, District, or State agency). Password are stored encrypted and cannot be accessed by PBISApps staff.
  
  
• Encrypted Connection. Information sent to or from our applications is encry​​pted in route  to minimize the remote chance that the data could be re-routed and interpreted. Data are encrypted using SSL/TLS end-to-end encryption. 
  
  
• Firewall Protection.  PBISApps servers are housed behind the University of Oregon firewall, which is secure, updated regularly, and continuously monitored.
  
  
• Protection of Confidential Data.  The data entered by a school is only accessible by the school’s designated account holders and PBISApps systems administrators.​

​​

Data Property

All information, data, and other content transmitted by the Licensee to PBISApps, or entered or uploaded under Licensee’s user accounts, remain the sole property of the Licensee. The Licensee retains exclusive control over student and staff data, including determining who may access data and how it may be used for legitimate authorized purposes. PBISApps and the Licensee shall establish reasonable procedures by which a parent, legal guardian or eligible student may review personally identifiable information on the pupil's records, correct erroneous information, and procedures for the transfer of pupil-generated content to a personal account.

 

Use of SWIS Suite Data Within the School-wide PBIS Research Database

Most schools using the SWIS Suite have agreed to have their data added to a national research database funded by the U.S. Department of Education. The purpose of this research database is to document large demographic patterns, as well as allow schools to compare their office discipline​ referral (ODR) patterns with similar groups of schools (e.g., elementary, urban). When a school agrees to allow their data to be used in the Research Database the following considerations are important: 

• Only schools that have signed the data sharing agreement for research purposes shall have their data added to the School-wide PBIS Research Database.
  
  
• All personally identifying information are removed before data are added to the research database.
  
  
• The research projects summarizing the information in the SWIS Suite comply with the Family Educational Rights and Privacy Act (FERPA), (34 CFR 99.31(6)).
  
  
• These activities receive continual review and oversight by the University of Oregon Internal Review Board for Protection of Human Subjects. Individuals in these schools are afforded protections under the federal Protection of Human Subjects statute (45 CFR 46).
  
  
• All data in research reports and presentations are shared in aggregate formats that do not allow the identification of individual students, staff, schools, or districts.

We welcome questions and comments related to the privacy and security of information entered into any of our applications. If you have additional questions or suggestions, please contact email PBISApps Support​ or call us at 855-455-8194.

​​​