Global Education Privacy & Security Standard (GEPS/GESS)
The Data Privacy Agreements (DPAs) are the first step in getting common expectations around safeguarding student privacy – but only the first step. What if you could automatically communicate between end users and vendors?
Simply what you can and can't do with data
Stipulates purpose - why you are being supplied with the data
Legal obligations and technical benchmarks
A green list of data elements you can access
Data conditions (subsets of data e.g. senior years only)
What you should do with the data if the data is no longer required
Details of recipient of the data, who to contact if there are issues, who is handling the data, countries impacted
Global Education Privacy & Security Standards (GEPS / GESS)
The Global Education Privacy Standard (GEPS)
The Global Education Security Standard (GESS)
The Student Data Privacy Consortium (SDPC) has been extremely successful in bringing the educational technology (EdTech) marketplace and school districts together in addressing student data privacy obligations. As the SDPC continues to expand, the ability to audit and/or certify that providers, and schools, are meeting their security obligations to safeguard data is critical. Currently, there are very few mandated requirements for providers to adhere to specific security benchmarks. Some states have legislated their own set of security requirements. In the absence of any framework or identified benchmarks to audit providers against, it is impossible to certify any application is meeting privacy and security obligations.
The new Global Education Security Standard (GESS) Project Team has been working diligently to develop a matrix/crosswalk of all existing security frameworks and identify a core set of controls applicable to PK-20 data. The group is at a point now that they would like to share this work with industry experts to obtain feedback to further guide their work.
Unity Enabling Privacy Expectations
The POD is a machine readable “meta-data” document that contains detailed contract expectations. Enable its transport by utilizing the newest ‘Unity’ SIF Specification, developed by the A4L Community