Finding the best educational technology tools to serve student needs can be a daunting process, and ensuring that student information is handled responsibly and securely is a vital part of that process. Working with edtech suppliers on data privacy and security can help ensure your district has access to innovative and impactful tools without sacrificing security.
“In my years of vetting data privacy practices, I’ve noticed that start-ups and smaller companies have great ideas for teaching and learning but haven’t necessarily put much thought into privacy and security. Not because they have malicious intentions or don’t care, they just have limited resources and didn’t think about it,” explained Kevin Lewis, 1EdTech’s Data Privacy Officer. “That doesn’t mean a school district shouldn’t work with them; they may have a great product, but it does put the responsibility on the district to ensure their edtech suppliers are following best practices.”
That can be a big ask of school district IT departments, which are often made up of just a few already overworked people.
The National Research Data Privacy Agreement (NRDPA) and the National Data Privacy Agreement (NDPA), established by the Student Data Privacy Consortium (SDPC), are significant steps forward for data privacy in education and streamlining data-sharing agreements. Their commitment to safeguarding sensitive information is commendable and sets a strong foundation for secure data exchange within the K-12 sector.
A motivated group of 1EdTech members saw the need to create a complementary resource that builds on the great work of the NDSA through closer collaboration between institutions and suppliers. The goal was to create an additional resource to further streamline the procurement process while prioritizing data privacy and security. The result is the new 1EdTech Data Privacy and Security Agreement (DPSA) Template.
The template was created by a task force of 33 data privacy and security experts from K-12 districts, state departments of education, and edtech suppliers. The 1EdTech community said that type of collaboration between all stakeholders was needed to ensure all interests were considered and to help make the procurement process easier for everyone. It also allows for customization when needed for individual partnerships and state and federal laws.
"As a vendor, having a trusted and respectful Data Privacy and Security Agreement, designed and validated by both districts and vendors from the hugely respected 1EdTech community, provides a tremendous advantage. It ensures any U.S. district can confidently sign it, greatly simplifying the procurement process," said Gauthier Philipart, Actionaly CEO.
"The 1EdTech Data Privacy and Security Agreement empowers K-12 school members by streamlining access to educational resources, fostering collaboration, and enhancing data privacy and security between vendors and institutions, reducing onboarding time and ultimately enriching the learning experience for all,” said Nicholas Carroll, Columbia County School District’s Director of Data Governance and Instructional Technology.
“This is the type of collaborative effort we strive for at 1EdTech,” explained Curtiss Barnes, 1EdTech CEO. “Bringing educators and suppliers to the table, outside of a sales pitch, solves problems that will support the entire community. The NDPA and NRDPA are valuable resources to help identify what is important to school districts when it comes to data privacy and security. The 1EdTech community’s hope for our DPSA Template is to expand on that great work, with the collaboration of our individual and mutual stakeholders to provide an additional resource designed to help educators and edtech suppliers partner together for solutions that will power learner potential.”
Access the DPSA Template
1EdTech members can use the DPSA Template to ease the procurement process and consider all privacy and security considerations, but it should not be used to replace legal expertise or advice. The template also allows for addendums to meet the individual needs of districts or suppliers.
1EdTech members can download the template and instructions for using it with customers or supplier partners to simplify and expedite RFIs, RFPs, contracts, purchasing procedures, and implementations.
As we work to power learner potential, we need to eliminate as many redundancies and burdensome tasks as possible without sacrificing security. This template is just one more resource, in addition to the TrustEd Apps Rubrics and TrustEd Apps Management Suite (TAMS), that 1EdTech member districts, institutions, and suppliers can use to ease the process.
About the Authors
Daisy Bennett
Daisy Bennett, Instructure Associate General Counsel and Data Protection Officer, is passionate about privacy, education, and technology. Her focus is bridging the gap between compliance, customers, and business needs to develop robust and transparent privacy practices at Instructure. Over the past 20 years, Daisy has helped various technology companies achieve meaningful and effective privacy programs. She’s a Certified Information Privacy Professional (CIPP-US & CIPP-E) and a Certified Information Privacy Manager (CIPM) through the International Association of Privacy Professionals. She has a Bachelor’s Degree in History from the University of California Davis, a Master’s of Public Policy from the University of Utah, and a J.D. from the SJ Quinney College of Law at the University of Utah.
Frankey Goss
As Accelerate Learning’s Director of Information Security and Data Privacy, Frankey Goss is passionate about security, privacy, and digital accessibility, focusing on balancing compliance, risk, and innovation to develop transparent AI governance, security, and privacy practices. Over the past 20 years, she’s had the opportunity to lead Secure by Default and Privacy by Design programs at various edtech, nonprofit, and commercial companies to achieve meaningful and effective SaaS product development and business transformation.