Arizona Student Data Privacy Legal Compliance Guide

The following chart provides a brief overview of the laws of the state of Arizona addressing privacy and security of student data, and the corresponding provisions of Microsoft’s standard operating documents that demonstrate compliance with those laws and regulations.

Arizona’s Student Accountability Information System (“SAIS”) is codified at A.R.S. §§ 15-1041 – 15-1046.  The student accountability information system was established to enable school districts, career technical education districts and charter schools to transmit student level data and school finance data electronically through the internet to the department of education for the purposes of complying with the statutory obligations of the department of education and the state board of education.  As an entity that provides online services, Microsoft is an “operator” under Arizona’s SAIS.

Microsoft’s standard Online Services Data Protection Addendum (“DPA”) addresses the requirements imposed on operators by Arizona’s statutory framework.  The DPA sets forth Microsoft’s standard obligations with respect to the processing and security of customer data and personal data in connection with Microsoft’s provision of online services. 

The reference chart below briefly identifies those provisions of Arizona law that are applicable to operators such as Microsoft, and the relevant provision(s) from Microsoft’s DPA that addresses Microsoft’s compliance with that requirement.

The following chart provides a brief overview of the laws of the state of Illinois addressing privacy and security of student and teacher data, and the corresponding provisions of Microsoft’s standard operating documents that demonstrate compliance with those laws and regulations.

Illinois Public Act 101-0516 (HB3606) will become effective July 1, 2021.  As an entity that provides online services, Microsoft is an “operator” within the meaning of the Public Act.  Sections 10 and 15 of the Act address operator prohibitions and duties. 

Microsoft’s standard January 2020 Online Services Data Protection Addendum (“DPA”) addresses the requirements imposed on operators by Illinois’ statutory framework.  The DPA sets forth Microsoft’s standard obligations with respect to the processing and security of customer data and personal data in connection with Microsoft’s provision of online services. 

The reference chart below briefly identifies those provisions of Illinois law that are applicable to operators such as Microsoft, and the relevant provision(s) from Microsoft’s DPA that addresses Microsoft’s compliance with that requirement.

Arizona Law ProvisionCompliant Microsoft Provision(s)
A.R.S. § 15-1046(A)(1)
Targeted advertising based on student information, including covered information
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership
->Processing to Provide Customer the Online Services
A.R.S. § 15-1046(A)(2)
Use of information to amass a profile about a student
Microsoft Online Services Data Protection Addendum -> Data Protection Terms
->Nature of Data Processing; Ownership -> Processing to Provide Customer the Online Services
A.R.S. § 15-1046(A)(3)
Selling or renting student information, including covered information
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing to Provide Customer the Online Services
A.R.S. § 15-1046(A)(4)
No disclosure of covered information unless based on defined exceptions
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Disclosure of Processed Data

See also Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership > Processing for Microsoft’s Legitimate Business Operations
A.R.S. § 15-1046(C)(1)
Operator’s duty to implement and maintain reasonable security procedures and practices
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Data Security -> Security Practices and Policies

See also Microsoft Online Services Data Protection Addendum -> Appendix A – Security Measures
A.R.S. § 15-1046(C)(2)
Deletion of a student’s data within a reasonable time
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Data Retention and Deletion
A.R.S. § 15-1046(C)(3)
Prominent notice before making material changes to its privacy policies
Microsoft Online Services Data Protection Addendum -> Notices