Measured Progress’s Commitment to Privacy
Measured Progress understands that privacy is critically important to the schools, districts, and states who use our Services (“Clients”), and to students whose information we may access on behalf of a Clients. Measured Progress provides content and testing solutions that enable schools to securely assess students and facilitate student learning. As we describe below, Clients dictate through contractual agreements; the data that is shared with Measured Progress and the terms and conditions for use of that data.
1. TYPICAL INFORMATION , METHOD OF COLLECTION, AND POSSIBLE USE
School Data: School name, school district, school email address and/or reference account, phone number, and information relating to the School’s information systems. We use this information to properly maintain and provide our contracted Services and communicate to authorized parties.
Student Data: Through the course of providing services to a Client, Measured Progress may have access to personally identifiable information about students (“Student Data”) that is provided by the Client. We consider Student Data to be confidential and do not use such data for any purpose other than to provide the services on the Client’s behalf, in accordance with contractual agreements with the Client. Measured Progress has access to Student Data only as authorized by the Client and only for the purposes of performing services on the Client’s behalf. Measured Progress receives Student Data from the Client during test administration, which is conducted online or is paper-based. The Client ensures that it has obtained appropriate parental consent and that all data are shared securely with Measured Progress.
Our collection, use, and disclosure of Student Data are governed by our Clients’ terms and conditions as well as by the provision of the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and applicable state laws that relate to the collection of Student Data. If you are a student, parent, or guardian, please contact your school if you have questions about the specific data Measured Progress is authorized to collect.
Method of Collection Possible Use: We share information internally as needed to perform the contracted services at the direction of the Client. For example, information including Student Data will be shared between and among authorized users such as teachers, school administrators, and authorized staff and contractors.
We may share information with authorized third-party service providers who perform technology services (e.g. web hosting, test delivery platform, and secure storage; in the US only). Measured Progress retains data in accordance with the terms of the Client contract. Contractors and service providers who may have authorized access to Student Data in the course of performing their services are subject to confidentiality and strict data security requirements.
We may share information in an aggregated and/or anonymous form that does not reasonably identify an individual or school for the purpose of aggregate or anonymized data studies and to improve our services to the Client.
How Student Data is shared: In addition to the information shared above, Measured Progress may facilitate the sharing of Student Data with third parties, though only when instructed and authorized to do so, on behalf of the Client. Some elements of our services enable schools to interact with other third-party applications, for the benefit of students’ education.
2. KEEPING INFORMATION SAFE
Measured Progress maintains strict administrative, technical, and physical procedures to protect information stored in our servers. Access to information is limited (through user/password credentials and permissions) to those employees who require it to perform their job functions. We use secure-file transfer protocols (SFTP) and hyper-text transfer protocol over secure socket layer (HTTPS) to provide confidentiality and integrity of data during use of the Internet. Student data contained within our systems or environments reside on encrypted storage media in an environment within the United States that provides an industry-standard set of security controls. These include network protections such as firewall, secure server configuration, access controls, user management, authentication, remote VPN, logging and auditing, antivirus protections, physically secured data center, and company policies and procedures. Other security safeguards include but are not limited to data encryption, firewalls, and control of physical access to building and files.