EdTech CCS: What is a Data Privacy Agreement (DPA)?

By Press release submission

Jul 21, 2022

A data privacy agreement is a legally binding contract between a data controller and a data processor, which defines how data will be used. In this case, the data controller is Carmel Clay Schools, while the data processor is any third-party vendor with whom data are shared.

For schools, a data privacy agreement establishes several key parameters that govern what a third-party vendor can do with data, including:

Defining student data
Designating the vendor as a school official under FERPA
Establishing CCS ownership of the data
Limiting the use of data to only services defined by the contract
Requiring compliance with all applicable laws and regulations
Prohibiting disclosure of the data
Forbidding the use of data for advertising purposes
Determining the data destruction process

Depending on the vendor, it may take days or weeks to negotiate a DPA that works for both parties. Most vendors are willing to work with schools to come to an understanding, and data privacy laws in states such as California, Illinois, New York, and Connecticut are helping to push the conversation forward.

The pivot to virtual learning during the pandemic accelerated the already rapidly growing number of EdTech tools in use nationwide. To help us navigate the thousands of tools available, CCS has a new partnership with Learn Platform, an EdTech effectiveness assessment service. We’ll be sharing more about Learn Platform in future posts.

Original source can be found here.

ORGANIZATIONS IN THIS STORY

Carmel High School