TEC Student Data Privacy Alliance FAQ

1. What is the difference between a Privacy Pledge and a Data Privacy Agreement?

TEC’s Student Data Privacy Agreements are legally enforceable documents and vendors agree to compliance with with all applicable state privacy statutes, including the FERPA, PPRA, COPPA, IDEA, 603 C.M.R. 23.00, 603 CMR 28.00, and state specific laws.

A “Pledge is not intended as a comprehensive privacy policy nor to be inclusive of all requirements to achieve compliance with all applicable federal or state laws.”

2. What is “PII”?

Personally Identifiable Information

3. What is a standard Data Privacy Agreement (DPA)?

A short but informative video from the state of Utah.

4. Where can I learn more about protecting student data?

U.S. Department of Education Protecting Student Privacy Guidance Video

5. Where can I learn more about this topic?

The Education Privacy Resource Center site is a great resource: FERPA|Sherpa – named after the core federal law that governs education privacy – is the education privacy resource center website. FERPA|Sherpa is an initiative of the the Future of Privacy Forum. Answers to Some Common Questions about Student Data Privacy

6. Why do I need to join the TEC Student Data Privacy Alliance (SDPA) and not just the Student Data Privacy Consortium (SDPC)?

Our member districts launched the TEC SDPA because of the time, energy and expense required for each of them to contact every software vendor to negotiate a DPA.

TEC is a member of the SDPC and works on your behalf. We save your district time and money and accelerate the protection of your students’ data because we do all the work for you. When you join our alliance and upload your list of apps to us we send you a signature page for any DPAs we have already negotiated (over 1000!) and contact other vendors on your behalf to negotiate any new DPAs.


7. What protections does a signed DPA provide to districts?

  • The DPA makes the vendor a "School Official" of your district under the FERPA School Official Exception. Without this, you cannot share student information with a vendor without written parent/guardian consent.
  • Districts that sign a DPA must be notified within 10 days of a data breach and be provided with specific information and assistance regarding the breach.
  • The DPA gives your district ownership and control. Without a signed DPA, the vendor may claim that "they" own and control your student data, and even sell it!
  • If you do not have a signed DPA, a vendor may notify the police or other authority about a student's post or work WITHOUT notifying the district first.
  • With a signed DPA, the district can audit the vendor if needed. Without it, the vendor can refuse.
  • Vendors that use "targeted advertising" must turn this off for districts with a signed DPA.
Scroll to Top