Allowing third parties access to IT systems and personal information can potentially render a LEA’s privacy and information security compliance efforts ineffective if a vendor is deficient in those areas. Using third parties can also increase the risk of data breaches or other cyber incidents, potentially damaging operations, souring customer relations, or exposing the business to liability.
LEAs should have a signed 3rd party data privacy agreement with all vendors with access to the LEA’s network or data. In an effort to assist Texas LEAs in this area, TETL (Texas Education Technology Leaders) worked to create the Common Student Data Privacy Agreement. If your LEA does not have agreements in place, this would be a great place to start.
Download the TX STANDARD STUDENT DATA PRIVACY AGREEMENT, TX-NDPA v1r6