Privacy Services Included for ETLA District Member
ETLA District Members receive a full suite of data privacy services. Here are just a few of the privacy services benefits available.
The Student Data Privacy Consortium (SDPC) Registry is freely available to all Ohio schools thanks to the Ohio Department of Education and Workforce. An ETLA District Membership is not required to access this services. Schools and districts that access the SDPC without an ETLA District Membership will need to consult with their school legal counsel to create an Exhibit G that is compliant with SB29.
Full Suite of DPA Services
From start to finish, the ETLA Privacy Services team will work on your behalf to negotiate and execute data privacy agreements.
SB29 Compliant Exhibit G
All DPAs approved and executed on behalf of ETLA District Members are compliant with SB29.
Piggyback with Ease
Only ETLA District Members are able to "piggyback" on DPAs from other ETLA District Members. This streamlines the DPA process and keeps schools and districts compliant with this SB29 component.
Communication and Advocacy
The ETLA Privacy Services team communicates on your behalf with vendors who refuse to sign a DPA and advises members immediately of any concerns. The team also monitors and evaluates all agreements for any red flags and addresses those on behalf of our members.
Procuring DPAs & Using the SDPC Webinar
Panelists Bill Fritz, Ramah Hawley, and Amy Tudor explore into the intricacies of procuring Data Privacy Agreements (DPAs) and utilizing the Student Data Privacy Consortium (SDPC) registry tool. The session highlights essential practices for managing vendor relationships, ensuring compliance with both FERPA and Ohio's Senate Bill 29, and navigating the challenges of data privacy in K-12 education. Key insights include the importance of contractual agreements for data security, the role of DPAs in establishing vendors as school officials, and operational strategies for pre-vetting vendors during procurement processes. Watch now to gain practical knowledge on leveraging tools like the SDPC registry and understanding nuances such as the Exhibit E efficiency clause to enhance your district’s data privacy culture.
FAQs
We are gathering new questions daily and will continue to add them here. If you don't see your question answered, use the link at the bottom to submit your question.
What’s the relationship between Learn21, ETLA, CoSN, ISTE, SDPC, and SETDA?
Learn21 created the EdTech Leaders Alliance (ETLA) so that there was one source for educational, technology, and edtech leaders to mingle and grow. ETLA is home to the Ohio CoSN Chapter, ISTE Affiliate (through December 2024 when the ISTE Affiliate program is sunset), SDPC Alliance, and SETDA Affiliate. ETLA is made up of volunteer members and supported by Learn21 employees. At this time, the majority of the financial support for ETLA is provided by Learn21. ETLA holds an annual conference each fall. It’s the go to place for leaders in Ohio and beyond.
Will Microsoft sign a DPA?
Microsoft has been signing DPAs with Exhibit H language included for its Core Services. Please request a DPA through your ETLA District Members services.
Is Microsoft Copilot covered under the Microsoft DPA?
No! Even though Microsoft includes Copilot as a "Core Service" it is NOT covered under the DPA. Microsoft has told us "students under the age of 18 are not permitted to use Copilot,” even with a signed DPA. They also noted that it is the only product listed under their Core Online Services that is not covered under the DPA.
Will Google sign a DPA?
Google has not signed a DPA. A review of Google Workspace TOS by ETLA-SPDA legal has certified that Google Workspace Education Core Educational Services “Core Services” comply with the requirements of the Ohio NDPA as per FERPA, and comply with deletion 90 days for "Core Services” only. Additional services do not meet NDPA. For example, YouTube is not covered. LEAs will need to obtain a parent's permission or comply with those services that are not classified as "Core Services." Other Google products do not comply with the DPA and are not approved for use without permission.
What are Google “Core Services”?
Google “Core Services” are Assignments, Calendar, Classroom, Cloud Search, Drive and Docs, Gmail, Google Chat, Google Chrome Sync, Google Meet, Google Vault, Groups for Business, Jamboard, Keep, Migrate, Sites, Tasks. Only Workspace "Core Services" are approved for use: https://workspace.google.com/intl/en/terms/user_features.html. We recommend that all LEAs sign the Google Data Processing Amendment.
Can you clarify what services ETLA is offering and what happens to any existing SDPC DPAs we have in place via the blanket Ohio DPA agreement?
ETLA District Membership includes DPA management services in collaboration with 10 state SDPC affiliates. Expanded access to an in depth database of DPAs and legal counsel. ETLA procures DPAs for the LEA with updated Exhibit G state language. All the current Ohio DPAs will need to be amended with an Exhibit G. They are not in compliance with SB29. ETLA has two options for district membership. Contact privacyservices@learn21.org for more information.
Will Adobe sign a DPA?
In 2022, a crosswalk of Adobe TOS and NDPA was completed and Adobe was not compliant with NDPA. However, recently Adobe has signed an NDPA with California with Exhibit H. ETLA-SDPC will be providing future updates as this relationship progresses.
Will Apple sign a DPA?
No, Apple states they do not collect data unless a district is using Apple Data Manager.
Should I use Google Forms for parental consent?
You should not create parental consent forms through Google Forms because you cannot verify the identity of the person consenting. ETLA-SDPC can provide examples of appropriate parental consent forms.
Still have a question?
Email us and let us know. We're happy to connect.
