An “on the ground and real world” set of privacy tools allowing schools to manage and communicate on the software solutions impacting learning. The SDPC Resource Registry allows schools, districts, divisions, states, territories, and vendors to find resources, adapt them to their unique context and implement needed protections.
The NDPA streamlines application contracting and sets common expectations between schools/districts and marketplace providers in addressing legal obligations on student privacy. Thousands of schools are using the SAME privacy agreement with thousands of vendors - what could be easier?
GEPS is designed to simplify, and in some cases automate, the software on-boarding process by aligning contract clauses to technical obligations to security standards It is designed to set common expectations between vendors and their customers.
The SDPC has been extremely successful in bringing the educational technology (EdTech) marketplace and school districts together in addressing student data privacy obligations. As the SDPC continues to expand, the ability to audit and/or certify that providers, and schools, are meeting their security obligations to safeguard data is critical. Currently, there are very few mandated requirements for providers to adhere to specific security benchmarks. Some states have legislated their own set of security requirements. In the absence of any framework or identified benchmarks to audit providers against, it is impossible to certify any application is meeting privacy and security obligations.
The new Global Education Security Standard (GESS) Project Team has been working diligently to develop a matrix/crosswalk of all existing security frameworks and identify a core set of controls applicable to PK-20 data. The group is at a point now that they would like to share this work with industry experts to obtain feedback to further guide their work.
“While I commend the various legislative and organizations beginning to address the issue of student data privacy, the “high level” recommendations, guidance, certifications, etc. are difficult if not impossible to keep organized and more importantly implement at the district level. In my role as the CIO of Cambridge Schools in Massachusetts, I and my peers at the school level, need on the ground tactics and tools that help us reach the high bar set for us as student data stewards”
Steve SmithCIO, Cambridge Public Schools MA
“The California IT in Educational (CITE) Association, representing over 1,000 districts, has joined the Student Data Privacy Consortium. The Consortium has a mature process for establishing a statewide contract and a database for posting vetted applications and provides transparency to staff and community. Collaboratively working with our partners, we expect to build clear steps that will streamline the process in protecting our student’s data by having a state-wide contract demonstrating compliance with CA legislation.”