Useful Guidance on Data Privacy Terms of Service from DOE’s Privacy Technical Assistance Center (PTAC)
PTAC (ptac.ed.gov) has followed up its February 2014 guidance on protecting student privacy while using online educational services with Model Terms of Service (full text available here) for data privacy related provisions in contracts with vendors, contractors, and other service providers. The Model Terms relating to data use and privacy (e.g., definition of data, its license and use, transfer, and destruction, and security controls) are in the form of a chart comparing sample recommended best practice contract terms with terms that represent poor privacy policy and/or may violate FERPA and should be avoided. The chart includes an explanation of the rationale behind the recommended or warned against terms. Although initially prepared for review of “Click-Wrap” terms of services by elementary and secondary schools, the Model Terms chart does a good job of identifying many of the key data privacy provisions in an agreement.
Client Tip: The Model Terms, while limited to data privacy provisions, serve as a useful component of a checklist of contract provisions to look for when reviewing the Click-Wrap terms of service and other vendor forms; however keep in mind that the terms do not address privacy regulations other than FERPA, such as the Massachusetts requirements for the protection of personal information set forth in the “Standards for The Protection of Personal Information of Residents of the Commonwealth” (201 CMR 17.00). However, as DOE has offered up a “best practice” provision for the data security controls contract term that is required by FERPA, you will want to be sure that your standard contract form provision is in line with that.
Categorized: Uncategorized
