SACRAMENTO, Calif. — A common student data privacy agreement could soon be the gold standard for California school district contracts with vendors.
The California Educational Technology Professionals Association (CETPA) represents more than 1,000 school districts in the state and created the California Student Privacy Alliance this year, setting its first goal to finalize a common agreement that districts could use and modify. The association gave an update on its progress at its annual membership conference on Wednesday, Nov. 9. Lawyers at Fagen Friedman & Fulfrost LLP have been working with the Ventura County Office of Education, the Internet Keep Safe Coalition; and Oxnard Elementary, Ventura Unified, San Ramon Valley Unified and Irvine Unified school districts over the past four to six months to settle on a first version of the document so that ed tech leaders can provide feedback.
This agreement is designed to save time for school districts so they're not having to renegotiate privacy provisions in every contract, provide them a legally vetted standard that they can use and override any provisions in vendor service agreements that don't match the standard. Some of the areas it covers include describing the categories of data transferred to vendors, extending the agreement to sub-contractors that vendors use and establishing minimum security standards. And it's designed to fulfill California's 2014 legislation governing local education agency contracts with third parties while also allowing vendors to pre-sign the contract in what's called a joinder so that other districts can simply sign off on the privacy portions of a contract without renegotiating them.
"What we're trying to do with his model is to get buy-in from vendors and to move past AB 1584's original intent, which looks a little punitive," said Mark S. Williams, a partner and co-chair of the eMatters and Higher Education Practice Groups at Fagen Friedman & Fulfrost LLP. "We're entering into a new phase of maturity now with tech companies, and that's, 'Let's build a partnership — a partnership for data management.'"
Along with the common agreement, the California alliance is taking a page from Massachusetts' alliance by building a repository of these privacy contract agreements that's publicly searchable. Both state alliances are members of the Student Data Privacy Consortium run by the nonprofit Access 4 Learning Community.
With a public database of privacy contracts, California school districts can search by school district or application names to find out whether any agreements are on file or whether the vendor refused to sign the agreement. They can also download a PDF of the contract that shows any changes the school district made.
"Our big problem is how to scale up — how do we spread these privacy contracts and the language out as quickly as possible," Williams said.
The registry is one way to do that.
So far, three school districts and one county office of education have input contracts into the database that they have vetted, but are not based on the common agreement. Moving forward, school districts that are interested in using the agreements and uploading their own can fill out an online form to do so. And they can contact CETPA to share feedback on the provisions in its model contract, particularly under the security requirements.
Ultimately these efforts could help districts tackle a major problem of not knowing where their data goes and what happens to it. And it could prevent every school district from repeating each other's contractual work.
"They’re saving people millions of hours," Marsali Hancock, former founding president of the Internet Keep Safe Coalition and current commissioner at the Global Infrastructure Information Coalition, told the Center for Digital Education," and these are people who are already stretched to the max with time.”