National Data Privacy Agreement
The Student Data Privacy Consortium (SDPC) is proud to announce the release of the first National Data Privacy Agreement (NDPA) to streamline application contracting and set common expectations between schools/districts and marketplace providers.
National Data Privacy Clause Set Areas
Purpose of DPA
Student Data to be provided
Parent Access
Third Party Request
Privacy Compliance
Employee Obligation
Disposition of Data
Data Security
Destruction of Data
Employee Training
Security Coordinator
Period Risk Assessment
Privacy Compliance
Reasonable Precautions
Nature of Series Provided
Student Data Property of LEA
Separate Account
Sub-processors
Authorized Use
Non-Disclosure
Advertising Prohibition
Passwords and Employee Access
Security Protocols
Security Technology
Sub-processors Bound
Data Breach
Annual Notification of Rights
Unauthorized Access Notification
The SDPC started with a grand vision that all schools could use the initial Cambridge Schools Data Privacy Agreement (DPA) clause set in use with more than 50 districts. After a great amount of growth and feedback, schools and states indicated they needed their own state-specific version of the DPA for larger adoption. Twenty-eight State Alliances and five years later the conversation has come full circle – now 13 states are using a very similar DPA.
The Alliance leaders determined in 2019 that there was enough commonality between their DPAs that a national DPA Project Team be formed and explore the viability of developing a draft that could be used by any school/district across the US. Two years later, the Community is proud to release the first version of the NDPA.
The NDPA has been developed with extensive review and comments from schools, districts, state organizations, marketplace providers and their legal representatives. It is designed to address common student data privacy concerns and streamline the educational application contracting processes for schools/districts who do not have the legal or fiscal resources and vendors who previously had to sign “one off” contracts with each of the over 13,000 US school districts. While the NPDA allows for any state specific legislative requirements, the majority of the privacy expectations are standardized and can be used by any entity as part of their Terms of Service Agreements.
To find out more and get your needs addressed, please join in the conversations by being part of the Consortium.
