Addendum to Order Form for California Assembly Bill 1584 Compliance

This Addendum (“Addendum”) is entered into between the client name listed on the signed order form (“LEA”) and Enome, Inc. (Goalbook) (“Service Provider”) on the date the Order Form was executed (“Effective Date”).


WHEREAS, the LEA and the Service Provider entered into an agreement to provide certain services as specified in the signed Order Form (“Services Agreement”).

WHEREAS, the LEA is a California public entity subject to all state and federal laws governing education, including but not limited to California Assembly Bill 1584 (“AB 1584”), the California Education Code, the Children’s Online Privacy and Protection Act (“COPPA”), and the Family Educational Rights and Privacy Act (“FERPA”);

WHEREAS, AB 1584 requires, in part, that any agreement entered into, renewed or amended after January 1, 2015 between a local education agency and a third-party service provider must include certain terms; and

WHEREAS, the LEA and the Service Provider desire to have the Services Agreement and the services provided comply with AB 1584.

NOW, THEREFORE, the Parties agree as follows:

  1. The terms and conditions of the Services Agreement and any addenda are incorporated herein by reference.
  2. The term of this Addendum shall expire on the termination date stated in the Technology Services Agreement or in any addenda to such Services Agreement, whichever controls.
  3. Pupil records obtained by Service Provider from LEA continue to be the property of and under the control of the LEA.
  4. Pupil records include any information directly related to a pupil that is maintained by the LEA or acquired directly from the pupil through the use of instructional software or applications assigned to the pupil by a teacher or other LEA employees. Pupil records does not include de-identified information (information that cannot be used to identify an individual pupil) used by the third party (1) to improve educational products for adaptive learning purposes and for customized pupil learning; (2) to demonstrate the effectiveness of the operator’s products in the marketing of those products; or (3) for the development and improvement of educational sites, services, or applications.
  5. The procedures by which pupils may retain possession and control of their own pupil-generated content or transfer pupil-generated content are outlined as follows:  Users can log in to their account to access and control their content.
  6. Parents, legal guardians, or eligible pupils may review personally identifiable information in the pupil’s records and correct erroneous information by the following protocol:  If a parent, legal guardian, or eligible pupil believes there may be erroneous personally identifiable information in the pupil’s records, they can submit a written request to to review the specific information believed erroneous, and then request a correction if necessary.
  7. Service Provider shall take actions to ensure the security and confidentiality of pupil records, including but not limited to designating and training responsible individuals on ensuring the security and confidentiality of pupil records, by making sure that only the appropriate staff members who must view the data in order to adequately support our school partners have access to the data.  The appropriate staff members who have access to pupil records will be formally trained on the best practices of security and confidentiality in order to prevent unauthorized disclosure of the records.
  8. In the event of an unauthorized disclosure of a pupil’s records, Service Provider shall report to an affected parent, legal guardian, or eligible pupil pursuant to the following procedure: If we believe there has been an unauthorized disclosure of the pupil’s records, we will contact and notify the school immediately through our designated implementation point of contact at the school to communicate the details.
  9. Service Provider shall not use any information in a pupil record for any purpose other than those required or specifically permitted by the Services Agreement.
  10. Service Provider certifies that a pupil’s records shall not be retained or available to the Service Provider upon completion of the terms of the Services Agreement, except for a case where a pupil chooses to establish or maintain an account with Service Provider for the purpose of storing pupil-generated content, either by retaining possession and control of their own pupil-generated content, or by transferring pupil-generated content to a personal account. Such certification will be enforced through written confirmation provided to the LEA upon request.
  11. LEA agrees to work with Service Provider to ensure compliance with FERPA and the Parties will ensure compliance by each notifying the other of relevant provision and establishing protocols necessary to comply.