California Student Data Privacy Legal Compliance Guide

California Law ProvisionCompliant Microsoft Provision(s)
Cal. Bus. & Prof. Code §22584 (b)(1)
Restriction on targeted advertising
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing to Provide Customer the Online Services

Cal. Bus. & Prof. Code §22584 (b)(2)
Restriction on amassing user profile
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing to Provide Customer the Online Services
Cal. Bus. & Prof. Code §22584 (b)(3)
Restriction on sale of personal data for marketing or advertising purposes
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing to Provide Customer the Online Services

Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> California Consumer Privacy Act (CCPA)
Cal. Bus. & Prof. Code §22584 (b)(4)
Restriction on disclosure of personal data
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Disclosure of Processed Data

Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing for Microsoft’s Legitimate Business Operations
Cal. Bus. & Prof. Code §22584 (d)(1)
Security procedures and practices
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Data Security -> Security Practices and Policies

See also Microsoft Online Services Data Protection Addendum -> Appendix A – Security Measure
Cal. Bus. & Prof. Code §22584 (d)(2)
Deletion of covered information
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Data Retention and Deletion
Cal. Bus. & Prof. Code §22584 (e)
Circumstances under which disclosure of covered information is permissible
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Disclosure of Processed Data
Cal. Bus. & Prof. Code §22586(b)(1)1
Restriction on targeted advertising
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing to Provide Customer the Online Services
Cal. Bus. & Prof. Code §22586(b)(2)
Restriction on amassing user profile
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing to Provide Customer the Online Services
Cal. Bus. & Prof. Code §22586(b)(3)
Restriction on sale of personal data for marketing or advertising purposes
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing to Provide Customer the Online Services
Cal. Bus. & Prof. Code §22586(b)(4)
Restriction on disclosure of personal data
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Disclosure of Processed Data

Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing for Microsoft’s Legitimate Business Operations
Cal. Bus. & Prof. Code §22586(d)(1)
Security procedures and practices
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Data Security -> Security Practices and Policies

See also Microsoft Online Services Data Protection Addendum -> Appendix A – Security Measures
Cal. Bus. & Prof. Code §22586(d)(2)
Deletion of covered information
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Data Retention and Deletion
Cal. Bus. & Prof. Code §22586(e)
Circumstances under which disclosure of covered information is permissible
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Disclosure of Processed Data
Cal. Ed. Code §49073.1(b)(1)
Requirement that contract state: records continue to be the property of/under the control of local educational agency
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership
Cal. Ed. Code §49073.1(b)(3)
Restrictions on use of information
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing -> Processing for Microsoft’s Legitimate Business Operations
Cal. Ed. Code §49073.1(b)(5)
Steps taken to ensure security and confidentiality of pupil records
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Processor Confidentiality Commitment

See also Microsoft Online Services Data Protection Addendum -> Appendix A – Security Measures

Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Data Security -> Security Practices and Policies
Cal. Ed. Code §49073.1(b)(7)
Certification that records shall not be retained upon termination of contract
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Data Retention and Deletion
Cal. Ed. Code §49073.1(b)(8)
Compliance with FERPA
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Educational Institutions
Cal. Ed. Code §49073.1(b)(9)
Prohibition against targeted advertising
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing to Provide Customer the Online Services
Cal. Ed. Code §49073.6(c)(3)(C)(i)
Restriction on use of information
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership

Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing for Microsoft’s Legitimate Business Operations
Cal. Ed. Code §49073.6(c)(3)(C)(ii)
Restriction on sale or sharing of information
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing for Microsoft’s Legitimate Business Operations
Cal. Ed. Code §49073.6(c)(3)(C)(iii)
Destruction of information upon termination of contract
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Data Retention and Deletion
Cal. Ed. Code §49073.6(c)(3)(C)(iv)
Destruction of information under particular circumstances
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Data Retention and Deletion
1 The following provisions of §22586 are substantially similar to the provisions of §22584, above; §22586 is applicable in the context of early learning (preschool and prekindergarten), while §22586 is applicable in the K-12 context.