SDPC Update, January 2018
Thursday, January 25, 2018
Posted by: Penny Murray
Over the past 2 years there have been more than 100 student data privacy legislation efforts crafted in more than 35 states. During that same time the have been a few organizations created to address the same issue or established organizations have pivoted to make student privacy a priority for their work.
Most state and territory education agencies voice that they want to support their districts and schools but cannot legally support some of the tactical privacy support being requested. All agree that student data privacy, while a national and even global conversation, needs to be addressed locally by practitioners who are most vested in keeping student data secure and private.
In 2015 the non-profit Student Data Privacy Consortium (SDPC) was established to address these “tactical” and “on the ground” needs. Formed after a year of research, outreach
surveys, and one-on-one conversations, the SDPC is now made up of schools, regional and state/territory education agencies and marketplace providers identifying common privacy issues and developing solutions that can be put in place at all levels of the education data continuum. Two years later, the SDPC continues its exponential growth including the kick off of a third project!
- Establish a community of stakeholders who have various needs addressed through policy, technology and/or effective practice sharing around effective privacy management,
- Identify projects that have on-the-ground and real-world impact on student data privacy enabling schools, districts, state and vendors find resources, adapt them to their unique context and implement needed protections,
- Development of tools and resources to address operational issues not currently being addressed,
- Leverage partnership organizations working in the privacy space to have their good work utilized and no reinvention of existing work,
- Development of a clearinghouse of student data privacy operational issues and resources to support schools, districts, states and vendors in managing those issues – no matter where the resources originate.
Welcome new members!
- Fauquier County Public Schools
- Findlay City Schools
- Lamoille South Supervisory Unit
Estimated number of schools served by the SDPC: 1500+
Pipeline members: Virginia, Ohio, Utah, Mississippi, Colorado
Total Applications: 815 vendor products
The Massachusetts Student Privacy Alliance (MSPA), the original alliance, is maturing from grass roots district organized and managed to a more formal organization. Leveraging the work in Cambridge Public Schools, for the last 3 years the MSPA has grown by word of mouth and was based upon district collaboration.
Last spring talks emerged between MSPA members and The Education Cooperative (TEC) focused on the possibility of TEC taking over the management of the MSPA. Over 6 months the IT Directors from TEC member districts as well as TEC staff developed the organization and resources to manage the MSPA. With an influx of resources from the TEC the new MSPA organization includes:
- Governance Board
- MSPA On Board Training
- Contracts Management Support (shared position)
- Legal Support
Through the TEC resources MSPA members will have access to staff in the above positions to assist with onboarding, daily management and legal advising. IN addition to the obvious advantage of having these staff to assist each district, having one statewide point of contact for contract/DPA execution representing all districts is a huge boost to the alliance.
Once these processes are established and well tested for all TEC member districts, all MA districts will be invited to join the TEC/MSPA for a small fee and receive the same services. This is a great example of alliances learning from each other and replicating best practices.
Funding Proposals: A white paper/funding proposal has been developed and currently is being put in front of some possible funders. It is an opportunity to acknowledge the great work of the Consortium in an all-volunteer mode and how some additional resources could speed projects delivery to continue to create tactical win-wins for end users and marketplace players.
Website Changes: Check the changes to the SDPC website! As the project matures and the interest continues to grow exponentially, we hope the changes made will help you explore more about the work, promote it to others and be the “go-to” place for you to start the support for your privacy data stewardship needs. https://privacy.A4L.org
Marketplace: In Q1 there will be a “Vendor Marketplace” for product and service providers in the SDPC to promote their information and products. This marketplace will also showcase various badges, certification, and promotional materials to point end users to those companies committed to support privacy issues seen by end users each day!
Project 1: Privacy Contract Framework
The Privacy Contract Framework project is focused on the development a framework for identifying solutions that have on-the-ground and real-world impact on student data privacy enabling schools, districts, state and vendors find resources, adapt them to their unique context and implement needed protections.
- Australia’s first meeting of the Contract for Australian Privacy in Education (CAPE) Reference group (with representation from States and Territories in Australia, and Catholic and Independent school sectors) occurred in December last year. A discussion paper has been distributed and feedback template provided to determine:
- Local State/Territory comfort in promoting national vendor obligations regarding privacy
- Approach - the development of a single national privacy contract versus individual State/Territory contracts
- Number of vendors impacted
- Details of existing procurement frameworks/contracts and processes impacted by the introduction of a privacy contract
- Preferred method of publication of signed vendor privacy contracts
- Vendors will soon be engaged via the A4L Community AU Management Board (SIFAAMB) and further CAPE Reference group workshops will occur from February 1.
- 118 have been trained as Participating LEAs with 54 additional LEAs awaiting training (averaging 3 trainings per month).
- 199 providers have signed the CSDPA with Exhibit E, and there are currently 366 CSDPAs with Exhibit E in place.
- Support for the CSPA has moved from Ventura County Of Education to CETPA with the hiring of Dana Greenspan as a part time consultant for CETPA.
- Working with A4L’s Penny Murray and Erik Erickson, MSPA, to create videos (based on the CSPA Onboarding Guide) on how to use the Alliance sites. These videos will be both generic (how to login,
- change a password, etc.) as well as state specific (e.g., how to use and add Exhibit E of the CSDPA)
- Active: 125 (not including Vendors)
- The Education Collaborative (TEC) has taken over promotion & training for MSPA. This is a transition away from Cambridge Public Schools as lead.
- TEC has hired both an attorney and a "Contracts Manager" to represent their member school
- After several months of operation these services will be expanded to other non-TEC member districts for a fee.
- A new MA model DPA has been drafted aligned to the CA model DPA. We are hopeful for a late winter launch of the new DPA.
- 3/23/18 MSPA Presentation at METAA, MA CoSN affiliate.
- The Instructional Tech folks have been working in various capacities with the Maryland SDE to promote our contracting and approval processes.
- A small group trained on the SDPC tool in late November with Scarborough entering several vendors/contracts
- Presentation at the Maine Educational Technology Directors Association meeting in January – giving an overview of the project and walking everyone through the tool.
- We have had 12 districts in total join to-date.
- Attorneys with Drummond & Woodsum are working on drafting the common Privacy Agreement for Maine.
- Looking to recruit a few volunteers from fellow tech directors to conduct additional training sessions around the state as needed, and get the word out.
- Will be assembling and on-boarding package, much like the CA sample.
- Jan meeting including legal representatives from participating districts, Texas Association of School Business Officials and Texas Association of School Boards. Steve Smith will be with us to provide an update on the National organization as well as provide a copy of the proposed National Student Data Privacy Agreement.
- Draft SDPA underway / link to HB 2087
- The newest Alliance in the process of joining, underwritten by the VA Department of Education!
- The talking head video for 2018 including how to request to use Google extensions
- Presentations at CIO clinic in Minnesota at the TIES conference - Presentation
- SLATE - Wisconsin technology conference - Presentation
- Continuing to have dialogue with vendors regarding student data privacy asking them to sign our FERPA non-disclosure agreement
- Working on our TLE application and have officially registered at the CoSN site.
- Just acquired a security consulting company to do threat assessments, do social engineering, and other things to help us prioritize next steps
- Working on public facing web pages for community and staff with data privacy resources
Project 2: Digital Governance Tool
The Digital Tools Governance project centers around developing a comprehensive framework for aligning a school system’s policy landscape, strategic programming, tactical processes, and accountability mechanisms to support the system’s vision of how its digital tool ecosystem will advance its overall mission and goals while minimizing its risks of data privacy and security incidents.
- First four use cases addressed
- Work underway to create a Project web application for tool usage and use case collection. Functional requirements being reviewed to add this functionality to the SDPC App structure – expect a demo in the next month!
Project 3: PRIVACY Connect
The “Privacy Connect Project” will leverage the collaborative strength of the SDPC to develop a freely available open privacy technical standard that would help identify the “right data to the right application” in a standard transport manner identified in the various Alliance developed shared privacy contract frameworks.
- Three Project Case Studies under development
- Technical work around a privacy specification/certification underway with deliverable Q1 2018
Interested in joining the SDPC?
Why not review our latest presentations? We’d love to talk you through it and get you up-to-speed with all the great work currently being developed by the marketplace. Contact us to discuss this further.
Alternatively, why not come along to the A4L Community 2018 Annual Meeting – one whole day dedicated to the work of the Student Data Privacy Consortium – everyone welcome! Find out more…
Download SDPC Update, January 2018 (PDF) >>