Student Data Privacy

Why Student Data Privacy Matters

Dedham Public Schools (DPS) privacy and data policies ensure that the District is ethically and legally protecting student safety and student information, including student work. Protecting students from harm--identity theft, harassment, and unauthorized data collection-- are critical concerns. As educators, it is our job to ensure our students are protected in this manner. DPS seeks to ensure the protection of the privacy of students. This is in support of the Federal Family Educational Rights and Privacy Act (FERPA), the Massachusetts student record regulations, the Children’s Online Privacy Protection Rule (COPPA), etcetera . We have been working diligently to implement effective practices to ensure that student privacy is protected.

Data privacy, however, isn't possible without having the proper controls in place to ensure data security. To ensure the proper security measures are in place, we have developed a Written Information Security Policy (WISP). Anyone who is employed by or works on behalf of the district is expected to adhere to this policy. This is our operational protocol for the WISP. To access all of the Dedham Public Schools District policies, please click on this link for more informaiton.

As part of our committment to student data privacy and security, the district has established a Data Privacy Team (DPT) which consistents of Central Office Administrators. This team meets twice a month and annually reviews data privacy as outlined in section VII of the Student Data Privacy Policy.

In addition, employees must follow the district's resource request process when using any data management platforms, digital tools, websites, applications and any form of digital media. These processes are in place to ensure that DPS is in compliance with FERPA, COPPA, PPRA, CIPA, state regulation and school system rules. Prior to using third party vendor online services the vendor must have signed an Data Privacy Agreement (DRA) with Dedham Public Schools.

MSPA- Massachusetts Student Privacy Alliance

Dedham Public Schools has worked closely with the Massachusetts Student Privacy Alliance (MSPA) and with The Education Cooperative (TEC) to facilitate the execution of data privacy agreements with all third-party software vendors. MSPA represents a number of school districts across Massachusetts concerned with student data privacy. Utilizing the MSPA and TEC's partnership with other school districts puts us in a stronger position when negotiating contract terms. The collaborative force sends vendors a strong message that data privacy is an important issue we need to work on together to solve. In cooperation with the Massachusetts Student Privacy Alliance we have an established and comprehensive list of applications that have signed third party vendor contracts.

Dedham Public Schools has been working with the Massachusetts Student Privacy Alliance (MSPA) and our legal counsel since 2015 to develop a standardized data privacy agreement (DPA) for all vendors that store any student information with personally identifiable information (PII).

The Data Privacy Agreement requires all vendors to:

- Follow the laws protecting students rights for data privacy - CIPA, COPPA, FERPA and PPRA.
- Ensure the school district retains ownership of all student data regardless of where the data resides.
- Provide the school district notification of a data breach, if one should occur, within a specific time frame.
- Not resell or use student information for any other purpose than the service it was intended.
- Provide the school district the right to audit the vendor for compliance.
- Ensure industry best practices are being followed with respect to data privacy and data security.

National Data Privacy Agreement

The SDPC started with a grand vision that all schools could use the initial Cambridge Schools Data Privacy Agreement (DPA) clause set in use with more than 50 districts. After a great amount of growth and feedback, schools and states indicated they needed their own state-specific version of the DPA for larger adoption. Twenty-eight State Alliances and five years later the conversation has come full circle – now 13 states are using a very similar DPA.

The Alliance leaders determined in 2019 that there was enough commonality between their DPAs that a national DPA Project Team be formed and explore the viability of developing a draft that could be used by any school/district across the US. Two years later, the Community is proud to release the first version of the NDPA.

The NDPA has been developed with extensive review and comments from schools, districts, state organizations, marketplace providers and their legal representatives. It is designed to address common student data privacy concerns and streamline the educational application contracting processes for schools/districts who do not have the legal or fiscal resources and vendors who previously had to sign “one off” contracts with each of the over 13,000 US school districts. While the NPDA allows for any state specific legislative requirements, the majority of the privacy expectations are standardized and can be used by any entity as part of their Terms of Service Agreements." (National Data Privacy Agreement. (2020, October). Privacy A4I. Retrieved October 26, 2020, from https://privacy.a4l.org/national-dpa/ ).