National Privacy Clause Set

The Student Data Privacy Consortium (SDPC) started with a grand vision that all schools could use the initial Cambridge Schools Data Privacy Agreement (DPA) clause set in use with more than 50 districts.  After a great amount of growth and feedback, schools and states indicated they needed their own state-specific version of the DPA for larger adoption.  Twenty-eight State Alliances and 3 years later the conversation has come full circle – now 13 states are using a very similar DPA. 

So, the work began on a National DPA Clause Set!

A Legal Project Team was established representing schools, states and marketplace providers and their legal councils to generate a DPA that could be leveraged across states, streamlining the contracting processes for both end users and vendors.  Currently, 28 clauses have been identified and wording is being drafted for broad adoption.  The first draft will ideally be provided for SDPC Membership Review by late spring 2020!

National Data Privacy Clause Set Areas

Purpose of DPA

Student Data to be provided

Parent Access

Third Party Request

Privacy Compliance

Employee Obligation

Disposition of Data

Data Security

Destruction of Data

Employee Training

Security Coordinator

Period Risk Assessment

Privacy Compliance

Reasonable Precautions

Nature of Series Provided

Student Data Property of LEA

Separate Account


Authorized Use


Advertising Prohibition

Passwords and Employee Access

Security Protocols

Security Technology

Sub-processors Bound

Data Breach

Annual Notification of Rights

Unauthorized Access Notification 

To find out more and get your needs addressed, please join in the conversations by being part of the Consortium. 

Much more to come!