Student Data Privacy Contract Framework Getting Started

Student Data Privacy Contract Framework “Getting Started”

This is for you! • This slideshow is designed to be used by your organization (with staff, Boards, parents, public, etc. ) to successfully implement the “Privacy Contract Framework” Project! • It is designed to provide you with strategies, resources, and effective practices in making your project successful! • Feel free to personalize the slideshow with your content, logos, etc.

A Data Stewardship Role Local education organizations (or their equivalents) act as the data “steward” for all information relating to one or more of the schools / institutions under its jurisdiction. Different types of information may have different ownership restrictions (ex: a staff member may own some of the information concerning their personal assessment and attendance records, but as an employee, may have a different set of ownership rights than a student or parent over that data). There may be more than one data steward for a given student (ex: a student has attended schools in multiple districts). Each has an equivalent responsibility to the owner for the data under its control.

A Data Stewardship Role The Data Steward’s role is to: Ensure Data Security Data is secure only when it inaccessible to unauthorized 3 rd parties. Only secure data can be made private. Ensure Data Privacy Secure data is private only when its access and use by authorized 3 rd parties is restricted and fully controlled by the Data Steward, in accordance with (where possible) the stated wishes of the Data Owner.

A Data Stewardship Role Steward/Supplier Interrelationship The assumption is made that the marketplace suppliers are treated as using the information to provide a service for the Data Steward. In this case, a Steward maintains control over who can view the information it supplies, and for what purposes. The definition of “control” varies but might include: • A Data Steward gives the personal information to the supplier to use for a limited purpose that assists/benefits the Data Owner; • A Data Steward/supplier agreement binds the supplier not to use or disclose any personal information except for the specified limited purpose. If any data is exposed to its subcontractors, at a minimum these sub-contractors must also agree to the same obligations, and be specified by name in any contracts or agreements with the Data Steward. • A Data Steward/supplier agreement gives the Steward the right to be notified of and preapprove any additional 3 rd party accessing the data, or alternatively a reasonable opportunity to retrieve all information and request it be scrubbed from supplier storage.

Privacy Impact Factors Modern Technology Use Cases to Address Action Items Policy Implementation

Our Student Data Privacy Philosophy (Your Content Here) (link to your organization’s official policies here) My Privacy Matters

What the Project Can Mean to Us

The Realities • • • Privacy and Security are Hot Button Items Transparency is Being Demanded By All LEAs have limited Legal Bandwidth/Expertise School App Ecosystems Expanding Exponentially Each App Needs Specific “Rule-Making” Lots of Great Policy Resources Out There – But Not Much in the Way of Implementable Info

About the Student Data Privacy Consortium A bevy of great organizations provide guidance to schools and states regarding student data privacy. The Student Data Privacy Consortium (SDPC) leverages this work while focusing “onthe ground” with practitioners. A non-profit collaborative of schools, districts, regional and state agencies, policy makers, trade organizations and marketplace providers addressing today’s issues with adaptable, implementable solutions to growing data privacy concerns. Develops public access materials, hosts events, provides membership artifacts, generates template & tools, and delivers effective practices, all through the most unique collaborative: end users and marketplace providers working together!

SDPC Project #1 Privacy Contract Framework The first project of the SDPC, the Privacy Contract Framework, leverages work done by the Massachusetts Student Privacy Alliance (MSPA) around a “common contract” for usage across 40 districts. Districts and vendors alike benefit from having clear expectations around privacy contract terms and clauses. The project further expands this work at scale and offers a variety of tools to examine, model, and build privacy language and sample and common contracts. The Privacy Contract Framework resources and tools can be found in the SDPC Application.

“Win-Win” Benefits End Users Marketplace Providers • Streamlining and clarity of expectations with providers • Limits the need for legal resource contract support • Allows for a better organized picture of the organization’s application ecosystem • Provides a streamline communications path to parents, public, etc. • Reduces or eliminates lengthy vendor negotiations • Streamlining and clarity of expectations with LEAs & SEAs • Limits the numerous “one off” agreements with customers • Allows for the identification of partnerships • Enables faster application adoption • Promotes company as privacy aware and proactive • Reduces or eliminates lengthy customer negotiations

Readiness Status

Internal IT Capacity Place staffing model, budget information, or specific infrastructure information here or provide linkages. (ex: ) Resources:

Current Usage Agreements Place actual agreement information or links to usage agreements here. PTAC Resources: Data Sharing Agreement Checklist http: //bit. ly/2 boip 84 Data Sharing Webinar http: //bit. ly/2 bog. Jf 3

Application Vetting Process Place actual process information or links to process communicated. Pearson Resources: Vetting New Technology for the Classroom http: //bit. ly/2 b. G 0 Bp. D

Applications with Agreements Application Insert your ecosystem here. Application

Applications without Agreements Application Insert your ecosystem here. Application

Change Management Areas to Consider Addressing with Contract Framework. Project Impact Description Governance New governance model to include application vetting Contract Renewal Needed adoption of privacy clauses and understanding by all parties involved in contract approval Application vetting Procedures needed to ensure only approved online applications are used by staff regardless of cost Staff buy-in Training and awareness building around the need to vet all on line applications must be embedded into all aspects of the environment Application inventory Must develop an accurate and up to date application inventory and system for maintain Communication Must develop effective communication strategy to all stakeholders; staff, students, parents, and community

End Game Look

Toolkit Components Located here: https: //secure 2. cpsd. us/a 4 l/track 1. php • Contract Tool Tutorial Contract Development Support, Considerations, etc. • Checklists Benefits Summary, Process Documentation, etc. • Communication Tools Awareness Letters, Press Info, etc. • Vendor Engagement Strategies Correspondence, Questions to Ask, Resources, etc. • Resources Sample Contracts, Privacy Resources, etc.

Project Information • • • Detailed Consortium Information Project 1: Contract Framework Detail and Tools Membership Information What’s Next Conversations Resources to Support Your Work! Privacy. A 4 L. org