Cushing Public Schools (CPS) is committed to protecting the privacy, security, and integrity of all student and staff data. In compliance with state and federal laws, the district ensures that personally identifiable information (PII) is collected, used, and shared responsibly, and only for legitimate educational purposes.

Data Transparency

Pursuant to Oklahoma law 74 O.S. § 3106.4, any public body that collects personally identifiable information (PII) must disclose:

• What data is being stored

• How that data is being stored

• With whom that data is shared

Cushing Public Schools follows these requirements by evaluating and documenting all electronic resources that utilize students’ PII.

Students’ personally identifiable information (PII) may be used to access online educational resources provided that:

• The application does not request more than directory information as defined by FERPA, and

• The student’s legal guardian has not opted out of sharing directory information or using online resources.

CPS carefully reviews all electronic and digital resources that rely on PII. A list of approved applications and their privacy evaluations is available below, along with an explanation of the district’s evaluation rubric.

Electronic & Digital Communication Requirements

Effective July 1, 2024, Section 6-401 of Title 70 introduces new state guidelines for communication between school personnel and students.

Key Provisions:

• Definitions: “Electronic or digital communication” includes email, text, social media, and other digital platforms. “School personnel” includes teachers, administrators, support staff, coaches, and bus drivers—both full-time and part-time.

• Parent/Guardian Inclusion: Staff must include a student’s parent or guardian in all digital communications unless messages are sent through a school-approved platform intended for academic or school-related purposes.

• Emergency Exceptions: Direct communication without including parents/guardians is permitted during emergencies, but the parent/guardian must be notified afterward. CPS encourages the use of systems that automatically include parents or guardians.

• Training: CPS provides mandatory training to all school personnel on these communication requirements, following guidance from the Oklahoma State Department of Education.

• Violations & Consequences: If a violation is reported, the employee will be placed on administrative leave during investigation. Outcomes range from reinstatement with documentation (if no misconduct is found) to dismissal and law enforcement notification (if misconduct is confirmed).

These rules are designed to promote transparency, accountability, and the safety of all student communications.

Commitment to Data Security

CPS uses a combination of administrative, technical, and physical safeguards to protect sensitive data. These measures include:

• Secure data storage and access controls

• Encryption and authentication systems

• Regular monitoring and compliance reviews

• Vendor vetting and contracts that meet data privacy standards

Questions or Concerns

If you have questions about student data privacy, digital communications, or the district’s data security practices, please contact:

Office of Technology & Information Services (OTIS)
📧 Email
📞 Phone: (918) 223-9616

Teacher & Administrator Procedures for Online Resources and Educational Apps

When selecting an online resource to support student learning or use in any school, district, program, event, or extracurricular activity, please follow the procedures below to ensure protection of student data and compliance with district, state, and federal privacy requirements.

All online resources, applications, extensions, and digital tools must be reviewed and approved by the Office of Technology & Information Services (OTIS) prior to use.
Supplemental resources used alongside district-adopted curriculum materials must also be reviewed and approved by OTIS in collaboration with district administration.

If the resource you’ve identified is on the approved list:

• Review the rating and rubric to confirm data privacy and security compliance.

• Use approved tools following the guidance provided in the approved applications list.

• If parent or guardian permission is required, verify with your school office that all students have permission on file in Infinite Campus.

• If a separate consent form is required, use the Educational App Guardian Consent Form (linked below) to collect permission before use.

• All communication or messaging applications are evaluated against additional criteria beyond the standard rubric to comply with Oklahoma law.

If the resource you’ve identified is not on the approved list:

• Submit a New Software or Online Resource Request through ClassLink.
  This form must be completed for all new online tools, websites, apps, or Chromebook extensions prior to classroom use.

• Purchased resources and partnerships with outside organizations must meet CPS’s data security and privacy requirements, including a review of terms of service and data sharing agreements.

• Purchase contracts must be signed by an authorized district administrator.

The installation, upgrades, or data integration of these resources require a project support request through the Office of Technology & Information Services.

Educational App Guardian Consent Form

Some instructional applications may collect limited student information—such as name, grade level, or school email address—to create accounts and provide access.
When an application collects more than directory information as defined by FERPA, or requires additional consent under Oklahoma law 74 O.S. § 3106.4, teachers and staff must use the Educational App Guardian Consent Form to obtain written permission before students use the application.

Teachers and administrators can download and print the form below or access it through ClassLink under Technology Resources → Data Privacy & Security.

For assistance, contact:
Office of Technology & Information Services (OTIS)
📧 Email
📞 (918) 223-9616

Data Security Rubric for Review of Tools and Applications

Cushing Public Schools (CPS) evaluates every instructional tool, software, application, and website used within the district to ensure compliance with FERPA, COPPA, and all current and future applicable state and federal data privacy, cybersecurity, and communication laws, including but not limited to:

• Oklahoma House Bill 3702 – Establishes requirements for the protection and handling of student data in digital educational tools.

• Oklahoma House Bill 3092 – Expands and clarifies data governance and cybersecurity expectations for public schools.

• Oklahoma House Bill 3958 – Regulates electronic and digital communication between school personnel and students to ensure transparency and parent inclusion.

• 74 O.S. § 3106.4 – Requires public entities to disclose how personally identifiable information (PII) is collected, stored, and shared.

The Office of Technology & Information Services (OTIS) uses the rubric below to evaluate instructional technology tools in accordance with these and any future legislative requirements, district policies, and data protection best practices.

Each reviewed resource receives one of the approval categories listed below, which are displayed on the Approved Applications List in ClassLink to help staff select secure and compliant tools.

Approved

Clear educational purpose. Student data collected is limited to directory information as defined by FERPA.

Criteria:

• Tool or product function is clearly stated.

• No implied or hidden agreements.

• Complies with all applicable current and future state and federal regulations, including HB 3702, HB 3092, HB 3958, and 74 O.S. § 3106.4.

• Cites FERPA compliance when student data is accessed.

• Meets PCI compliance standards if used for financial transactions.

• Data use is limited to providing services; no advertising or marketing.

• Any additional data use must be de-identified.

• Agreement specifies that data remains the exclusive property of Cushing Public Schools.

• Provider uses industry-standard security practices.

Approved (Guidance)

Approved for use, but user error could create vulnerabilities or compliance issues.

All Approved criteria are met, but caution or special procedures are required.
Examples include tools that can inadvertently expose student information if used incorrectly (e.g., uploading PII to shared documents).

Follow all district guidance and the notes included in the approved applications list before use.

Approved (Warning)

The tool meets compliance requirements but includes minor risks or unclear privacy practices that should be monitored.

Indicators:

• Privacy policy is vague, difficult to locate, or may change without notice.

• The developer provides incomplete disclosures about data collection or sharing.

• Some use of de-identified analytics or marketing data is present.

Use with caution and report any concerns to OTIS if terms or behavior of the app change.

Denied

Tool or service has one or more non-negotiable data privacy or security concerns and is not permitted for use with students or district data.

Indicators:

• No available or incomplete Terms of Service or Privacy Policy.

• Unclear purpose, scope, or data use.

• No secure data management or encryption.

• Publicly displays or sells student information.

• Vendor retains ownership of identifiable PII after use.

• Violates FERPA, COPPA, HB 3702, HB 3092, HB 3958, 74 O.S. § 3106.4, or any future applicable privacy legislation.

Denied: Superintendent

Tool rejected due to policy, contractual, or legal conflicts.

Examples:

• Vendor refuses to meet CPS data protection standards.

• Denial issued by the Superintendent or designee based on legal or risk review following additional review request by Superintendent after evaluations are completed by Curriculum & Instruction or Office of Technology & Information Services.

Pending

Tool or application is under review by the Office of Technology & Information Services (OTIS).
Pending requests are submitted through ClassLink and may not be used until an official approval status is issued.

For questions regarding this rubric or data privacy compliance:
Office of Technology & Information Services (OTIS)
📧 Email
📞 (918) 223-9616

Compliance Statement:
Cushing Public Schools continuously reviews and updates its data privacy and security practices to align with newly enacted state and federal legislation, emerging technologies, and best practices for protecting student information. Future amendments to Oklahoma or federal law impacting data governance, cybersecurity, or digital communication will be incorporated into district policy and this rubric as required.