These definitions are intended to assist those who may be unfamiliar with several technical terms used in CZI’s Education Privacy Principles and provide users with an understanding of how CZI understands these terms.
Educational or School Purposes
Consistent with the Student Privacy Pledge, ‘educational or school purposes’ are services or functions that customarily take place at the direction of the educational institution/agency or their teacher/employee, for which the institutions or agency would otherwise use its own employees, and that aid in the administration or improvement of educational and school activities (e.g., instruction, administration, and development and improvement of products/services (including new products) intended for educational/school use). Additionally, consistent with both the Student Online Personal Information Protection Act (SOPIPA) and the Student Privacy Pledge, this does not preclude the use of student personal information for adaptive learning or customized student learning or education purposes.
Every device connected to the Internet is assigned an identifying number known as an Internet Protocol (IP) address. These numbers are usually assigned in geographic blocks and are typically controlled by your Internet Service Provider (ISP), your company, or your school or university. Like the street address for your home, an IP address identifies network computers. It helps traffic flow between computers because each one has its own IP address. IP addresses can be formatted in either IPv4 which is numeric or IPv6 which is alphanumeric (ex: 192.168.0.1 or fe80::1ff:fe23:4567:890a). IP is often prefixed by the acronym TCP, as in TCP/IP. IP is often prefixed by the acronym TCP, as in TCP/IP. The TCP part stands for Transfer Control Protocol: It’s simply a set of rules for transmitting information on a network. Technically, TCP/IP refers to the methods and engineering as opposed to a specific address or value.
An IP address can often be used to identify the location from which a device is connecting to the Internet. Please note that third parties have mapped the assignments of IP addresses by ISPs with specificity to postal code and exact city for broadband IP addresses and are also often mapped to college campuses, specific businesses, hotels, airports or conference centers. Mobile IP addresses can often be mapped only to a specific carrier’s gateway. However, most of the Wi-Fi routers in the world have been mapped by third parties to precise latitude and longitude and many Wi-Fi routers correspond to home addresses. IP addresses can be used to combat fraud and compliance with geographical legal restrictions.
Non-personal information is information that on its own does not permit direct association with any specific individual. For example, we consider the following to be non-personal information: your zip code, approximate location (e.g region, city, or zip code), your browser type, non-unique device identifiers and websites you have visited. We also consider aggregated, de-identified and/or anonymized data to be non-personal information. Anything that is personal information is excluded from the definition of non-personal information. Additionally, not all jurisdictions have the same definition for personal information and non-personal information.
Persistent identifiers are persistent and unique identifiers that can be used to recognize a user over time and across different websites or online services. For example, persistent identifiers can be an IP address, a unique device identifier or a device serial number. We consider persistent identifiers that are not anonymized, de-identified or aggregated to be personal information.
Personal information (sometimes called personally identifiable information) is data that can be used to identify or contact a particular individual, such as the individual’s name, email address, physical address, phone number, or other data which can be reasonably linked to that data or to that individual’s specific computer or device. When anonymous or non-personal information is directly or indirectly linked with personal information, this anonymous or non-personal information is also treated as personal information. We will consider persistent identifiers that are not anonymized, de-identified or aggregated as personal information. Not all jurisdictions have the same definition for personal information and non-personal information. Additionally, we apply the definition of personal information under the Children’s Online Privacy Protection Act (COPPA) for any personal information collected from children under 13. For additional information regarding COPPA, please also see these FAQs.
We will never sell or rent user personal information. Sell means the selling of the personal information of an individual to third parties. We will only share personal information to comply with legal requirements or with a limited set of partners and service providers necessary to provide our education services (such as database management services and database hosting services), and we will be transparent about who these partners and service providers are. We will require that these partners and service providers process information in accordance with our instructions, these Education Privacy Principles, and any other appropriate confidentiality, security, or other requirements.
Sell, consistent with the Student Online Personal Information Protection Act (SOPIPA) and the Student Privacy Pledge, does not include or apply to the purchase, merger or other type of acquisition of a company by another entity, provided that the company or successor entity continues to treat the personal information in a manner consistent with the Education Privacy Principles with respect to the previously