Rules of the School Board of Palm Beach County, Florida
Title 6Gx50
Chapter 2. General Administration
Prev.   Section 2.50   Next

Policy 2.50Third Party Use of Technology

  1. Purpose. -- The purpose of this Policy is to set forth terms and conditions as well as standards and guidelines for the acceptable uses of Palm Beach County School District technology resources and other technology by third parties when conducting District business and authorized to use District technology. The Policy also provides for third party use of e-signatures and electronic notarizations when authorized. This Policy does not prohibit or restrict public access to inspect data and information on publicly available District technology resources.

  2. Definition-- A third party is a: Volunteer, contractor, vendor, governmental entity, individual or private organization transacting business with or providing products, services or support to the District or other person or entity who is considered part of the School District. Additional definitions appear within the District's Information Technology (IT) User Standards and Guidelines Manual, as described below.

  3. General Standards of Appropriateness. -- When using District technology resources, applications, databases, and supplies, all third parties shall adhere to the standards established by this Policy, all applicable laws, regulations, rules, and the District's Information Technology (IT) User Standards and Guidelines Manual ("Manual" ). This Manual is specifically incorporated by reference into this policy and is located on the District's IT Securityweb site.

  4. Except as permitted above in paragraph 1, third parties shall use District technology resources, including, but not limited to computers, networks, copiers, biometric record readers, and communication devices such as cell and office phones, personal digital assistants (PDAs) and facsimile machines, only for District-related activities and when authorized and allowed by an appropriate District representative.

  5. Third parties using the Internet in any form through the District's non-public network must submit to Superintendent's designee (or, if the form is available and can be transmitted electronically, to the District) a completed and signed Third Party Internet/Intranet Services Acknowledgement and Consent form (PBSD 2359). The third-party shall sign and submit this form before initial use of the Internet through the District's non-public network.

    1. The consent form shall state and the third party shall acknowledge that there is only a limited expectation of privacy to the extent required by law for the third party related to his/her use of District technology resources. The District may monitor a third party's use of District technology for good cause, such asensuring that their use is authorized; for management of the system; to respond to a records request; to facilitate protection against unauthorized access; verifying security procedures, survivability and operational security; investigating misconduct; compliance with School Board policies; a possible security incident, or computer performance.

    2. The consent form shall further state: Before using the District's technology resources, where applicable, users shall become familiar with the Fla. Admin. Code Sections 6B-1.001 and 6B-1.006, including the provisions prohibiting harassment and discrimination, defamation, use of institutional privileges for personal gain, and improper disclosure of confidential information; Fla. Stat. § 112.313, including the duty to avoid improper use or disclosure of "information not available to members of the general public and gained by reason of [their] official position for [their] personal gain or benefit or for the personal gain or benefit of any other person or business entity", and School Board Policy 8.121 on the use of copyrighted materials. All third party users shall abide by these provisions when using the District's technology resources.

    3. Third Parties are advised that many District technology resources, including but not limited to laptops and desktops, may contain input systems such as web cameras and microphones which can be remotely controlled to turn them on and off. The District will not utilize any such input systems remotely unless consistent with the law.

  6. The District authorizes third parties to use District technology resources, applications, and databases for the parties' assigned responsibilities when allowed by an appropriate District representative. Third parties shall use these resources to enhance their performance of District activities. Principals and department heads are to follow District standards to ensure accountability of third party's use of these resources to support academic and business functions.

  7. Third party user account/passwords with the District or with another entity approved by the District can be used as set forth in the Manual to:

    1. Electronically sign District documents by e-signature.

    2. Provide access to the third party's personal information.

    3. Make binding legal obligations.

    4. Access District files or records.

  8. All passwords are to be treated as sensitive and confidential information and shall not be shared with anyone but the third party to whom they were assigned. All users are responsible for all activity that occurs for user accounts that have been assigned to them.

  9. Compliance. -- When using District technology resources, applications, databases, and supplies, in addition to adhering to the standards set forth in the Manual and above in this Policy, all users must observe that:

    1. Any information generated through a computer, stored on hard disks, electronically mailed, or handled as e-mail, if it meets the definition of a public record, is subject to the District's retention schedule and Florida law concerning public records, as explained in Policy 2.041. The District's Retention Schedule can be found at: http://www.palmbeachschools.org/records/RecordsRetention.asp. Third parties, are allowed to communicate by e-mails through services provided by the District but are prohibited from engaging in text messaging, instant messaging, tweeting and other methods of instant electronic communication if the messages must be retained as public records in accordance with the District's Retention Schedule.

    2. Certain District data (including all student and employee data) may be subject to special privacy restrictions and therefore cannot be treated as "public records."  All third party users shall agree to maintain the security and privacy of that data/information as specified by District policy and applicable State and Federal laws with the understanding that District non-public data is the exclusive property of the District and shall be maintained as such.  This data shall not be copied or modified.

    3. Third parties will accept all risks and responsibilities associated with using and/or connecting approved non-District resources or equipment to District technology resources. In regard to such non-District resources or equipment, third party shall agree to the following:

      1. In the event of a security breach, authorize the District to take immediate action to reduce the District's exposure which may include a scan of third party equipment.

      2. Further authorize the District to perform inspection of third party resources as deemed necessary to ensure the safety and security of District data and/or technology resources, and to ensure that any software or other similar intellectual property is duly licensed for use.

      3. Understand the District will require virus-detection software in accordance with its own specifications, and agree to comply with virus protection and scanning requirements.

      4. Indemnify and hold the District harmless from damage incurred as a result of connecting approved non-District resources or equipment.

    4. The willful and knowing unauthorized use, modification, alteration, dissemination, or destruction of District information technology resources or databases is considered a violation of this Policy and the District may impose sanctions, up to and including termination of relationship between the School District and third party or denial or restriction of access to District technology resources. The District procedures may request reimbursement to the District for the actual cost of damages from the third party. If the third party does not make payment, the School Board may institute a civil action for damages to hold the third party liable. Moreover, this conduct may constitute a computer-related crime punishable under Fla. Stat. ch. 815.

    5. All third parties who have access to or may have access to personally identifiable student information shall adhere to all standards included in the Family Educational Rights and Privacy Act (FERPA), 20 U. S.C. § 1232g; the IDEA and its regulations at 20 U. S.C. § 1417(c) and 34 C.F.R. § 300.623; Fla. Stat. §§ 1002.22 and 1002.221; School Board Policy 5.50, and other applicable laws and regulations, as they relate to the release of student information. Third parties shall not use access to student records information for personal gain and shall use and release student information only as authorized by law. Third parties cannot, by any means, take, obtain, receive, acquire, or capture any District data, metadata, or information from any District system for any purpose without written consent from the District.

    6. Intranet and Internet Resources, phones, text messaging, instant messaging, and e-mail, when utilized, shall be used in performance of District business and shall not be used to send abusive, threatening, or harassing messages. Third parties shall not send communications where the meaning of the message, or its transmission or distribution, would be illegal under state or federal statutes, federal regulations, or state rules; or unethical under or violative of Fla. Stat. Ch. 112, Chapter 6B-1 of the State Board of Education rules, or School Board Policies, including Policies 5.001, 5.002, 5.81 and 3.02 (to the extent these are applicable).

    7. All software on computers must be licensed. Third parties are responsible for using software in compliance with restrictions that apply to those licensing agreements.

    8. Users shall not make or facilitate the distribution of unauthorized copies of software.  Modifications cannot be made to any software without the authorization of the copyright holder. The copyright legend or notice shall not be removed from the software or any of its documentation.

  10. Forms: The PBSD forms mentioned in this Policy or within the Manual are incorporated herein by reference, as part of this policy and can be found on the District's Records Management Web site for forms, located at http://www.palmbeachschools.org/Forms/Index.asp.

  11. Implementation. -- The Superintendent or designee is authorized to issue bulletins and administer procedures regarding the use of information technology in the District in accordance with the standards set forth in this Policy including the Manual.

  12. Enforcement. --  Any third party failing to comply with this Policy or its implementing procedures and standards may be subject to consequences up to and including termination of access to District technology resources, requiring reimbursement to the District, and civil or criminal liability. IT has the authority to take reasonably necessary immediate actions to protect District technology resources.

STATUTORY AUTHORITY:Fla. Stat. §§ 1001.32 (2); 1001.41 (2); 1001.42 (26); 1001.43 (1)
LAWS IMPLEMENTED:Fla. Stat. §§ 1001.32 (2); 1001.43 (3); 1001.42 (8) & (9); 1003.31; 1006.28 (1)
HISTORY:7/7/2010