From the Schools and Libraries New Brief – May 7, 2021
Children’s Internet Protection Act Reminders
In last week’s SL News Brief, we discussed the certifications on the FCC Form 486 (Receipt of Service Confirmation and Children’s Internet Protection Act (CIPA) Certification Form).
Several of the certifications refer to compliance with CIPA. We are providing the following reminders of the requirements for CIPA compliance so you can make the appropriate certification(s).
Requirements of CIPA
CIPA has three basic requirements:
1. Internet safety policy: Schools and libraries must adopt and enforce an internet safety policy that includes five specific elements and a technology protection measure or filter (see Item 2 below). If you already have an internet safety policy or acceptable use policy, you can amend your existing policy to include the required elements. The policy must address the following:
- Access by minors to inappropriate matter on the internet or World Wide Web;
- Safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications;
- Unauthorized access including “hacking” and other unlawful activities by minors online;
- Unauthorized disclosure, use, dissemination of personal information regarding minors; and
- Measures designed to restrict minors’ access to materials harmful to minors.
“Minor” is defined as any individual who has not attained the age of 17 years.
For schools, the policy must include monitoring the online activities of minors. Schools also certify that their internet safety policies have been updated to provide for educating minors about appropriate online behavior, including interacting with other individuals on social networking websites and in chat rooms, cyberbullying awareness, and response.
2. Technology protection measure: Schools and libraries must enforce the use of a technology protection measure (i.e., a filter or a technology that blocks or filters internet access) on all of their computers with internet access. The filter must protect against access by adults and minors to visual depictions that are obscene, child pornography, or – with respect to the use of computers with internet access by minors – harmful to minors. The filter can be disabled during use by an adult to enable access for bona fide research or other lawful purpose.
3. Public notice and public hearing or meeting: Schools and libraries must provide reasonable public notice and hold at least one public hearing or meeting to address the proposed filter and the internet safety policy. Additional hearings or meetings are not necessary – even if the policy is amended – unless required by state or local rules or by the policy itself.
Certifying compliance with CIPA
The administrative authority for the school or library must certify compliance with CIPA.
- For a school, the administrative authority may be the school, school board, school district, local educational agency, or other authority responsible for administration of a school.
- For a library, the administrative authority may be the library, library board, or other authority with responsibility for administration of the library.
The administrative authority can certify the status of its compliance with CIPA on the FCC Form 486 if it is applying for E-Rate discounts directly (in other words, if it is the billed entity).
If the administrative authority is not applying directly – for example, if it is a member of a consortium that applies on its behalf – the administrative authority certifies its compliance on the FCC Form 479 (Certification by Administrative Authority to Billed Entity of Compliance with the Children’s Internet Protection Act Form). The administrative authority then provides a copy of the completed FCC Form 479 to the entity applying on its behalf. That entity can then accurately make the appropriate CIPA certification(s) on its FCC Form 486.
Timing of compliance with CIPA
In the first year a school or library receives E-Rate funding for internet access and/or Category Two services, the school or library can certify that it is undertaking actions to be compliant with CIPA for the next funding year. In the second (next) funding year, the school or library must certify that it is compliant with CIPA, unless state or local procurement rules or regulations or competitive bidding requirements prevent the making of the certification. In the third funding year, the school or library must be compliant with CIPA.
Documentation of compliance with CIPA
Below are some examples of documentation that may be requested to demonstrate CIPA compliance during an audit. The school or library should retain copies of the documentation for each funding year where a CIPA certification is required. Note that documents must be retained for at least 10 years after the latter of the last day of the applicable funding year or the service delivery deadline for the funding request.
- A copy of the internet safety policy.
- A description of the filter and a report or other documentation on the use of the filter. The documentation should show that the filter was installed and working during the funding year.
- Documentation that the school or library gave public notice and held a public hearing or meeting on the policy – for example, an advertisement of the meeting and a copy of the meeting minutes.
- Documentation of the adoption of the policy.
- Copies of the FCC Form(s) 479 and/or FCC Form(s) 486, as applicable.
If you have questions about this information or for additional help, you can contact USAC’s Client Service Bureau (CSB) at (888) 203-8100. You can also refer to the CIPA guidance document on the USAC website.