← back to index

PLU%20x%20Bremerton%20DSA%20signed%202-15-24%20(1).pdf

Document typecontract
Date2024-02-01
Source URLhttps://go.boarddocs.com/wa/wabrsd/Board.nsf/files/D2UQ6767B83A/$file/PLU%20x%20Bremerton%20DSA%20signed%202-15-24%20(1).pdf
Entitybremerton_school_district (Kitsap Co., WA)
Entity URLhttps://www.bremertonschools.org
Raw filenamePLU%20x%20Bremerton%20DSA%20signed%202-15-24%20(1).pdf
Stored filename2024-02-01-pluxbremertondsasigned-contract.txt

Parent document: Regular Board Meeting, 5_00 pm-03-07-2024.pdf

Text

DATA SHARING AGREEMENT
between
PACIFIC LUTHERAN UNIVERSITY

and

BREMERTON SCHOOL DISTRICT

This Data Sharing Agreement is entered into by and between PACIFIC LUTHERAN UNIVERSITY, a
Washington nonprofit corporation (the University) and BREMERTON SCHOOL DISTRICT (School District) to
establish the content, use, and protection of data needed by School District to support the contracted service,
whether such data is provided by University or collected by School District on behalf of the University as of the
ist day of February, 2024.

1. Period of Agreement

The period of this Agreement shall be in effect from February 1, 2024 until terminated in writing by either
organization.

2. Intended Use of Data
Data will be used to administer the University Automatic Admission Partnership.
3. Constraints on Use

Data supplied by the School District and shared with the University shall not be sold or used, internally or
externally, for any purpose not directly related to the scope of work defined in this agreement without the
written permission of the School District.

School District recognizes that 34 C.F.R.99,30 requires prior written consent of the data subject prior to the
release of personally identifiable information (PII) from student’s educational records. School District shall
not release PII to the University without prior written consent of the parent/ guardian or student (if student is
at least 18 years old) except in cases that constitute exceptions to the consent requirements of the FERPA.
School Districts are responsible for obtaining a written consent form that specifies the records that may be
disclosed, the purpose of the disclosure, and to whom the disclosures will be made.

Intentionally Left Blank

Revised 9/13/202] Page | of 4



4. Data Security

School District and University shall employ industry best practices, both technically and procedurally, to
protect the School District data from unauthorized physical and electronic access. Methods employed are
subject to annual review and approval by the University.

4.1, Data Elements

Data shared with the University shall be limited to the data elements specifically defined and authorized
by the School District.

Data to be shared or collected shall be limited to the following elements: See Exhibit A.
4.2. Data Categories
The following definitions shall be used to classify data for security purposes:

Public: The least restrictive class of data. Although it must be protected from unauthorized disclosure
and/or modification, it is often public information or generally releasable under the University
procedures for processing public records requests. Examples of this class of data are: class schedules,
course catalogs, general ledger data, and employee demographic statistics.

Private: This class includes data for which specific protections are required by law or for which
agencies are obligated to prevent identity theft or similar crimes or abuses. Examples of this class are:
peoples’ names in combination with any of the following: birth date, student or employee ID number,
address, e-mail addresses, telephone numbers. Also included are: education records including papers,
grades, and test results, or information identifiable to an individual that relates to any of these types of
information.

Restricted: This class includes those data elements that are either passwords in the traditional sense of
function in the role of an access control such as a credit card number, expiration date, PIN, and card
security code. All data classified as Restricted shall be encrypted in storage and in transit. Access to
these elements are tightly controlled and audited, Examples of these data are: Social Security Numbers
(SSN), driver’s license number, credit card numbers, expiration dates, PINs, card security codes,
financial profiles, bank routing numbers, medical data, and law enforcement records.

4.3. Data Handling Requirements

Data handling requirements may vary depending on the classification of data shared with the
University. However, it is anticipated that most data shared with the University will involve a mix of
data classes including Private and possibly Restricted information. Therefore, whenever data elements
are aggregated for collection, transmission, or storage, the aggregate data shall be handled using the
protocols that apply to the most sensitive data element.

Intentionaily Left Blank
Page 2 of 5



5. Network Security

5.1. Internet Access

Connections to University computers utilizing the Intemet, whether from client access or remote
administration, must be protected using any of the following industry standard cryptographic

technologies: TLS, IPSec, SSH/SCP, PGP.

3.2. Data Storage

Regardless of the media employed (i.c., disk, tape, etc.), Restricted data must be stored in an encrypted
format. Encryption algorithms shall be AES-128 or better, or Triple-DES (TDEA). The use of other
encryption algorithms for data storage must be approved in writing by the University.

6. Compliance with Applicable Laws and Regulations

School District shall comply with all applicable federal Jaws and regulations protecting the privacy of
citizens including the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability

and Accountability Act (HIPAA), Gramm Leach Blile

(GDPR).

7. Amendments and Alterations to this Agreement

y Act (GLBA) and General Data Protection Regulation

The University and School District may amend this Agreement by mutual consent, in writing at any time.

THIS AGREEMENT, consisting of pages, and

exhibit(s), is executed by the persons signing below

who certify that they have the authority to execute this Agreement.

Address: 134 Marion Avenue N.,
Bremerton, WA 98312

Contact: Iva Scott

Title: Assistant Superintendent
Telephone: 360.473.1006

Fax: 360.473.1040

E-mail: iva.scott@bremertonschools.org

Signature: War Sel -
Bate: 2/S3S2-Y

PACIFIC LUTHERAN UNIVERSITY, a
Washington nonprofit corporation

12180 Park Avenue South
Tacoma, WA 98447

Contact: Patrick D. Gehring
Title: Associate Vice President for Finance
Telephone: (253) 535-7121

Fax: (253) 536-5047

Address:

E-mail: fadmin@plu.edu

Signature:

Date: “a uy By enna

Page 3 of 5



Page 4 of 5



EXBIBIT A

School District Eligible Student Data File:

Student First Name

Student Last Name

Student Date of Birth

Student Street Address

Student City

Student State

Student Postal Code

Student Phone Number

Student Email Address

Parent or Guardian First Name

Parent or Guardian Last Name

Parent or Guardian Phone Number

Parent or Guardian Email Address

High School Unweighted, Cumulative GPA
Official Transcripts (sent separately from data)