Data Privacy Agreement (DPA)
DPA stands for Data Privacy Agreement, a contract between a school district and vendor governing student data collection, use, storage, and protection.
What Does DPA Stand For?
DPA stands for Data Privacy Agreement. In K-12 education procurement, a DPA is a contract between a school district and a vendor that governs how student data will be handled.
For a complete guide on DPAs including what they cover, state requirements, and how to prepare, see our full Data Privacy Agreement glossary entry.
Key DPA Facts
- Required in most states for EdTech vendors handling student data
- The SDPC National DPA provides a standardized template adopted by many states
- Having pre-signed DPA templates accelerates the sales process
- DPAs cover data collection, use, security, retention, deletion, and breach notification
- Both FERPA and COPPA compliance are typically addressed within the DPA
Frequently Asked Questions
What does DPA stand for?
DPA stands for Data Privacy Agreement. It is a contract between a school district and a vendor that governs how student data will be collected, used, stored, and protected.
Do all EdTech vendors need a DPA?
If your product accesses student data, most states require a signed DPA. Even states without a mandate see districts increasingly requiring them.
What is the SDPC National DPA?
A standardized DPA template from the Student Data Privacy Consortium, adopted by many states. Pre-signing it speeds up the process with districts in participating states.
How does a DPA relate to FERPA?
The DPA is the legal mechanism that implements FERPA's school official exception. It documents how the vendor will handle student records in compliance with federal privacy law.
How long does it take to sign a DPA?
With a pre-signed SDPC template, days. Custom DPA negotiations can take weeks to months. Having templates ready is a competitive advantage.