1. What is the California Student Privacy Alliance?

Since the passage of AB 1584, (now found at California Education Code section 49073.1), school districts have struggled to incorporate its required provisions in their contracts with digital providers. Many vendors are unaware of the law and are reluctant to renegotiate existing contracts. New contracts can be complex and time consuming. Smaller LEAs don’t have legal resources available for complex negotiations.

At the same time, teachers are increasing their use of apps in the classroom. The LEA must put processes in place to 1) vet apps to be sure they comply with the law, 2) make sure the contract with the app vendor includes the required components, and 3) Is able to notify teachers which apps are approved and which apps are not allowed.

CETPA created the California Student Privacy Alliance (CSPA) , a partnership with the Access 4 Learning Community's Student Data Privacy Consortium and the Massachusetts Student Privacy Alliance (MSPA) to help with these challenges.


2. I am an LEA, why would I want to use the CSP

There are four main reasons to use the CSPA:

  1. Transparency: to openly share LEA resources with all stakeholders.

  2. Inventory: to identify resources used and track the contractual status of privacy agreements

  3. Calibration: to search the database to see what resources are used by neighboring/like LEAs, plus search LEAs/resources throughout CA and Alliances in other states.

  4. Workflow: to automate review of resources for educational alignment and facilitate the contractual data privacy process

 

3. What is the CSDPA and how it is different than CSPA?

The California Student Privacy Alliance (CSPA) is the California registry site of digital resources displaying the contractual status of these resources for privacy compliance.  The CSPA is part of the Student Data Privacy Consortium (SDPC), an international group of LEAs and providers working together to address K-20 data privacy issues.

The California Student Data Privacy Agreement (CSDPA) is the legal document that can be used by LEAs and vendors to ensure the software is compliant with California’s privacy laws.

Please see Question 4 for more information.

4. How was the California Student Data Privacy Agreement (CSDPA) created?

The current version of the CA Student Data Privacy Agreement (CSDPA) was created through an extensive collaborative process including Fagen Friedman & Fulfrost, LEAs in-house legal counsel, and vendors.  We solicited vendor feedback from over 75 vendors and incorporated that feedback before sharing the CSDPA with, and receiving endorsement from, PTAC, the CA Attorney General’s office and the US Department of Education’s Chief Privacy Officer.   As such, the CSDPA V1 is the de-facto statewide agreement and has been signed over hundreds of vendors and CA LEAs. Additionally, the CSDPA is on its way to become a national agreement.  Numerous other states are adopting a statewide DPA based on the CSDPA.

5. Do I still need to consult with legal counsel or my Board of Education before using the CSDPA?

We highly recommend that you use your organization’s legal procedures for any contract. The agreement may need to be updated or changed before it is ratified.  Refer to inhouse Admin Regulations to determine if Board approval is needed.

6. Do we need to get a CSDPA for ongoing or existing contracts?

Again, we highly recommend that you use your organization’s legal procedures for any contract.  Ed Code 49073.1 (e)(incorporating AB 1584) states:

“(e) If the provisions of this section are in conflict with the terms of a contract in effect before January 1, 2015, the provisions of this section shall not apply to the local educational agency or the third party subject to that agreement until the expiration, amendment, or renewal of the agreement.”

 

7. I am an LEA but I don’t yet have a login to the CA Student Privacy Alliance (CSPA), can I still see the resources?

Yes, simply go to http://cetpa.net/privacy to review the information. To get to the portal, click the Search for CSPA Approved Resources button. We do encourage you to create a login so you can begin loading your LEA’s resources.

8. I am an LEA, how to I get an account to the CSPA?

 Go to http://cetpa.net/privacy and review the information. Go to the portal (https://secure2.cpsd.us/cspa/login.php) and click Join Us!  Complete the requested information to request your account. A CETPA representative will contact you and provide you with training resources. Your account will only be activated after training has taken place.

 
9. I am an LEA, how do I post resources to the CSPA?

To post resources to the CSPA, we ask you attend training first to fully understand how to use the registry and how to successfully use the CSDPA.  The trainings are delivered via webinar and are typically offered three times per month. Once you request an account (see Question 8 on how to request an account), you will be notified via email of upcoming training opportunities.

10. I am a vendor, how can I get involved in the Student Data Privacy Consortium (SDPC)?

Since the passage of AB 1584, (now found at California Education Code section 49073.1), school districts have struggled to incorporate its required provisions in their contracts with digital providers. Many vendors are unaware of the law and are reluctant to renegotiate existing contracts. New contracts can be complex and time consuming. Smaller LEAs don’t have legal resources available for complex negotiations.

At the same time, teachers are increasing their use of apps in the classroom. The LEA must put processes in place to 1) vet apps to be sure they comply with the law, 2) make sure the contract with the app vendor includes the required components, and 3) Is able to notify teachers which apps are approved and which apps are not allowed.

CETPA created the California Student Privacy Alliance (CSPA) , a partnership with the Access 4 Learning Community's Student Data Privacy Consortium and the Massachusetts Student Privacy Alliance (MSPA) to help with these challenges.


The SDPC welcomes vendor participation and offers membership. Membership in SDPC will give you a seat at the table and input into future SDPC projects and agreements. Soon there will be new tools available to member vendors that will include the ability to sign and push  DPAs to LEAs.

11. I am a vendor, how do I sign the agreement?

Vendors work through an LEA client to sign the CSDPA. The LEA is responsible for uploading the document to the  CSPA site registry.  Those LEAs who have undergone training in order to add their resources can be found by Searching for Participating Districts. The LEA has the option to get the CSDPA signed as is or retain the right to enter into any agreement they wish as a District Modified Agreement, which is reflected as such on the CSPA.   If you do not see any client LEAs listed, please contact privacy@cetpa.net for help.

12. I am a vendor who signed the CSDPA with an LEA, however I do not see my DPA on the CSPA.How do I get my signed DPA posted to the CSPA?

The LEA with whom you signed is responsible for posting the CSDPA to the CSPA. That said, we are slowly adding access for LEAs to post resources, as we want the CSPA data to be credible. 

In order to post resources, LEAs must attend a webinar on how to use the CSPA. Please check the Participating Districts list to see if this client LEA is listed.  If they are, you may reach out to them, cc: privacy@ctpa.net, and ask they post the agreement.  If they are not listed, please contact the LEA and have them get in touch with us @ privacy@cetpa.net, so we can arrange training.

13. I am LEA, what is a vendor refuses to sign the CSDPA?

When a vendor declines to sign, an LEA may contact privacy@cetpa.net.  The consortium may be able to provides additional resources to help the vendor understand the value of the agreement. 


14. What if the vendor wants to make changes to the CSDPA?

We highly recommend that you use your organization’s legal procedures for any contract changes. If you need additional resources, you may contact privacy@cetpa.net.

15. I see there is a CSDPA V2, do I need to replace all my V1 agreements?

A current CSDPA V1 does not need to be replaced, however moving forward, we recommend you use V2 of the CSDPA.


16. How can I learn the differences between CSDPA V1 and CSDPA V2?

Please see the comparison document on this page.

Download the FAQs
(Adobe PDF File)

Thank You to our Sponsors

Exabyte Level

F3

Aeries

Petabyte Level

  • infinity
  • cisco
  • Palo Alto
  • Fortinet