Springboard Collaborative Privacy Policy

Effective date: 05/21/25

 

Introduction

At Springboard Collaborative, we are committed to protecting the privacy, confidentiality, integrity, and availability of the information entrusted to us. This Information Security Policy outlines the framework and principles we follow to secure our information assets and ensure compliance with relevant laws and regulations. Principles of an effective security program include being threat-driven, using automation to scale, and balancing the investment between prevention and response. We regularly align our security practices with the NIST Cybersecurity Framework.

Data Classification and Handling

Purpose

The purpose of this policy is to establish a framework for classifying and protecting data based on its sensitivity and value. This ensures that data is handled appropriately throughout its lifecycle, from collection to disposal, and that access to sensitive data is restricted to authorized employees only.

 

Commitment

Springboard commits to being a trusted steward of personal data. Data received from its partners and employees is to be used solely for the purposes of providing educational services. Such data will not be sold or used for marketing purposes.

 

Data Sensitivity Classification

All data will be classified into one of the following categories based on its sensitivity and importance:

 

  • Public
    • Definition: Data accessible under the Freedom of Information Law for public disclosure. Unauthorized disclosure of this data would not cause harm to Springboard Collaborative, its partners, or any individuals.
    • Examples: Marketing materials, publicly available reports, press releases
  • Internal
    • Definition: Data that is intended for internal use within Springboard Collaborative. Unauthorized disclosure of this data could cause minor harm to the organization, its partners, or individuals.
    • Examples: Internal memos, company policies, internal project documentation.
  • Confidential:
    • Definition: Data that is sensitive, prohibited from disclosure by law, and intended to be accessed only by authorized personnel within Springboard Collaborative who need such information to carry out their duty. Unauthorized disclosure of this data could cause significant harm to the organization, its partners, or individuals.
    • Examples: Employee records, non-public financial information, proprietary business information.
  • Restricted:
    • Definition: Data that is highly sensitive and requires the highest level of protection. Unauthorized disclosure of this data could cause severe harm to the organization, its partners, or individuals.

Data Protection

 

Confidential and restricted information within Springboard Collaborative must be maintained in the safest environment consistent with educational, research, service, or operational needs. All confidential and restricted data must be stored in properly secured locations. Departments and individuals are responsible for ensuring data is backed up to protect against loss due to equipment or technical failures. Consult with the Technical Support Associates (TSAs) if you have questions about how to back up data. Access to the information and/or the information storage equipment or areas must be limited to those with an appropriate business reason for such access. Managers will ensure that authorizations for access to confidential and restricted information are up to date for their departments as employees are hired, change roles, or depart.

 

While this policy focuses mainly on handling of data in electronic formats, handling of data in print formats is equally important.

  • Staff must ensure the confidentiality and security of files, reports, and any other printed documents. Such documents must not be left unattended in public places or common areas.
  • Storage areas, file rooms, and file cabinets with confidential information must be locked at the end of the day or whenever the area will be unattended.
  • When printing confidential documents on shared printers, use secure print release.
  • All printed documentation containing confidential information must be shredded when discarded or no longer needed.

Data Ownership

 

Springboard Collaborative acknowledges that all personal identifiable information (PII) about students, teachers, administrators, and parents is the property of partners served by the Springboard organization.

 

Data Collection, Usage, and Processing

 

We strive to be transparent in our data collection and use practices. This is the type of personal information we may collect. Student Data is used only for educational purposes at the direction of the School.

1. Methods and Categories of Information Collection

 

We collect only what is necessary and required to fulfill program services. The following types of information are collected:

 

Information about Students: Through the course of providing its Service to a School, Springboard Collaborative may have access to personally identifiable information about students (“Student Data“) that is provided by the School or by the parent or guardian. Depending on the features and functionality of the Service selected by the School, a School may authorize Springboard Collaborative to receive Student Data from the application(s) provided by third-party developers that are used by the School. Springboard Collaborative has access to Student Data only as requested by the School and only for the purposes of performing Services on the School’s behalf. The type of Student Data we collect will depend on the applications which the School connects through the Service. In many instances, Springboard Collaborative receives Student Data from the parent or legal guardian, the School or its designated third parties and never interacts with the Student directly.

 

  • IP Addresses of Users: Collected for security and monitoring purposes.
  • Assessment Data: Includes test scores, progress reports, and other measures of student performance.
  • Attendance Rate: Records of student attendance, including days present and absent.
  • Gender: Information on the student’s gender.
  • Race/Ethnicity: Information about the student’s racial or ethnic background.
  • Date of Birth (DOB): Student’s birth date.
  • Individualized Education Program (IEP) Status: Information regarding special education services provided to the student.
  • Home Language: The primary language spoken at the student’s home.
  • Language Proficiency: Assessment of the student’s proficiency in various languages.
  • School: The name of the school the student is enrolled in.
  • Grade Level: The current grade level of the student.
  • Student Name: First and last name of the student.
  • Student ID Number: Unique identifier assigned to a student.
  • Springboard-Assigned ID Number: Unique identifier assigned by Springboard.
  • English Language Learner (ELL) Status: Indicates whether the student is an English language learner.

Information about Parents and Guardians: We may collect personal information about a student’s parent or legal guardian (a “Parent”) that is provided by the School or by the Parent.

 

  • Parent Name: Names of parents or legal guardians.
  • Parent Address: Home address of the parents or guardians.
  • Parent Email: Email address of the parents or guardians.
  • Family Survey Data: Information collected from family surveys regarding student performance and program effectiveness.

Information about Teachers:

 

  • Teacher Name(s): Names of the student’s teachers.
  • Teacher ID Number: Unique identifier assigned to teachers.
  • Teacher Survey Data: Information collected from teacher surveys regarding student performance and program effectiveness.

Information about Customers and Business Partners: In order to provide our services and maintain partnerships, we may collect personally identifiable information about our customers and business partners (referred to as “Partner Data”). This information is provided directly by the partner or collected through authorized channels. The type of Partner Data we collect will depend on the nature of our relationship and the services provided.

 

  • Contact Information: This includes names, phone numbers, and email addresses of contacts within the organization.
  • Organization Information: We gather details about the organization, such as the name, address, and type of organization (e.g., nonprofit, government, corporation).
  • Financial Information: This may include information regarding donation history, payments or funding amounts, and relevant financial commitments.
  • Engagement Data: Information about prior interactions, meetings, and communications with our organization.
  • Demographic Information: We may collect information on the organization’s priorities or initiatives.
  • Feedback and Evaluation Data: We gather feedback from partners on our services, which helps us improve and tailor our offerings.

Information about Employees: We retain employee data as a means of providing essential employment services. This information is collected directly from the employee.

 

  • Race: Race and ethnicity of employee
  • Gender: Gender of employee
  • Name: First and Last name of employee
  • Social Security Number (SSN): Employee Social Security Number
  • DOB: Date of birth
  • Address: Home address fo employee
  • Home/Mobile Phone #: Employee contact number
  • Email Address: Employee email address
  • Emergency contact info (name and number): Emergency contact information

How We Use Collected Information:

 

“Collected Information” includes any data Springboard Collaborative obtains or retains to deliver services, such as personally identifiable information (PII) about students, parents, teachers, and employees; school and program data; partner contact details; and usage or operational data needed to support and improve our services.

 

  • Educational Purposes: Student Data is used only for educational purposes.
  • Communication: We use the collected information to communicate with parents and educators.
  • Service Improvement: The information helps us analyze and improve our service offerings and functionality.
  • Security: Information like IP addresses is used to monitor and improve the security of our systems.

 

Data collected is considered confidential and is used solely to provide Springboard Collaborative services, to maintain, support, evaluate, diagnose, and develop our services in accordance with contractual agreements with Springboard partners. Our collection, use, and disclosure of Student Data comply with relevant laws and regulations, including the Family Educational Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA).

Correction

 

Springboard Collaborative enables partners, Connect users, or authorized parents and guardians to review personal information maintained by Springboard Collaborative and correct erroneous information. Requests to exercise these rights should be submitted to security@springboardcollaborative.org.

 

Disposal of Data

 

At the expiration of the data retention period—as defined by the terms and conditions of the governing Agreement—Springboard will permanently de-identify or destroy any personally identifiable data. Springboard will also do so earlier if requested by the partner or a parent/guardian by contacting security@springboardcollaborative.org.

 

Discovery of a Security Breach That Results in Unauthorized Release of Personal Data

 

Springboard Collaborative shall promptly notify affected partners or employees of such breach, shall conduct an investigation, and shall restore the integrity of its data systems as soon as possible. Springboard Collaborative will fully cooperate and assist with required notices to those individuals affected by such breach.

If you have any questions about our data collection practices, please contact us at security@springboardcollaborative.org