The following chart provides a brief overview of the laws of the state of Missouri addressing privacy and security of student data, and the corresponding provisions of Microsoft’s standard operating documents that demonstrate compliance with those laws and regulations.
Microsoft’s standard Online Services Data Protection Addendum (“DPA”) addresses the requirements imposed on private vendors by Missouri’s statutory framework. The DPA sets forth Microsoft’s standard obligations with respect to the processing and security of customer data and personal data in connection with Microsoft’s provision of online services.
The reference chart below briefly identifies those provisions of Missouri law that are applicable to private vendors such as Microsoft, and the relevant provision(s) from Microsoft’s DPA that addresses Microsoft’s compliance with that requirement.
|Missouri Law Provision||Compliant Microsoft Provision(s)|
|RSMo § 161.096 (6)|
The department of elementary and secondary education shall ensure that any contracts that govern databases, assessments, or instructional supports that include student or redacted data and are outsourced to private vendors include express provisions that safeguard privacy and security, including provisions that prohibit private vendors from selling student data or from using student data in furtherance of advertising, with penalties for noncompliance, except to a local service provider for the limited purpose authorized by the school or district whose access to student data, if any, is limited to “directory information” as that term is defined in the federal regulations implementing the federal Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. Section 1232g
|Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing to Provide Customer the Online Services|
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Data Security -> Security Practices and Policies
See also Microsoft Online Services Data Protection Addendum -> Appendix A – Security Measures