Incomplete Keystone Oaks Policy Leaves Student Data Vendors Unnamed | The Locally Times

A district student privacy notice ends mid-sentence, failing to identify third-party apps authorized to access student accounts.

The Keystone Oaks School District’s efforts to increase transparency around student data are undermined by an incomplete public record that leaves key questions about third-party software access unanswered. An April 22, 2026, district notice outlines a plan to comply with new federal privacy rules but fails to identify all the external applications students are authorized to use. The district set a deadline of April 22, 2026, to meet the updated requirements. As part of this effort, the district stated it would publish a searchable online list of all approved digital tools, complete with links to each company’s privacy policy. The document notes that because schools select and require these tools, they have a responsibility to be transparent about how student data is handled. ## Google Tools and Unlisted Third-Party Apps The April 22 district record details student use of Google Workspace for Education accounts. Through these accounts, students access Google’s “Core Services,” which include Gmail, Calendar, and Google Drive. Beyond the Google-provided tools, the notice states that the district permits students to access other applications using their Google accounts. The document explains that a school administrator enables access to these third-party services and authorizes them, but the public text cuts off mid-sentence, leaving the description of the process incomplete. The record does not name any of these additional services, nor does it describe the criteria by which they are selected or what data they are authorized to access from student accounts. Federal COPPA regulations require that services for children under 13 are clear about what information is collected and that they obtain parental consent. Without a list of vendors, the public record does not show how the district ensures this consent and oversight for the unspecified third-party services. While the April 22 notice details a plan to achieve compliance and publish a vendor list by that same date, the available documentation does not confirm whether the district met its own deadline or if the promised list was ever published. As a result, the full scope of student data sharing with external applications remains undefined in the district's public policy.