Current Agreements and Contracts
CDE has instituted its data privacy and security contract review process. As part of that process, we ensure that all contracts that involve the access to or transfer of Personally Identifiable Information (PII) contain the appropriate privacy and security contract terms.
You can review our current contract template (DOC). This new contract template includes the terms required by the Student Data Transparency and Security Act (C.R.S. 22-16-101 et. al.), and any contract entered into or renewed after August 10, 2016 that involves PII will contain this new privacy and security language.
As required by the Student Data Transparency and Security Act, we are providing additional information on each of our contracts signed after August 10, 2016. As new contracts are signed, we will add them to the document below. The spreadsheet is divided into two tabs, one for current contracts and the other for expired contracts.
CDE's Current and Expired Contracts involving PII (Link) (Updated August 2018)
CDE contracts with some vendors who also provide services to Local Education Providers (LEPs). These contractors, including some of our assessment vendors, are required to comply with the data privacy and security terms in CDE's contracts. These terms comply with the Student Data Transparency and Security Act and FERPA. These terms protect the PII that both CDE and LEPs enter into these systems or provide to these contractors. Because all the PII is protected by terms that comply with state and federal law, LEPs do not need to enter into separate contracts with these vendors. If LEPs contract with these vendors for other services not covered by CDE contracts, LEPs will be required to ensure that their contracts comply with state and federal laws.
These contracts are indicated in the above link by a check stating that LEP requirements are covered. If LEPs have any questions or concerns about these contracts, please reach out to the data privacy office at email@example.com.
Notice to CDE's Contractors
Colorado’s Student Data Transparency and Security Act (C.R.S. 22-16-101 et.seq.) requires CDE to put in place a policy approved by the State Board of Education (“State Board”) to respond to any material breach of the contract that results in the loss or unauthorized use of student personally identifiable information. This policy applies to any individual or entity that receives student personally identifiable information from CDE. The policy was approved by the State Board on April 12, 2018.
If you have questions or to request an agreement in an alternate format, please contact the Data Privacy Office at firstname.lastname@example.org.