The following chart provides a brief overview of the laws of the state of Oklahoma addressing privacy and security of student data, and the corresponding provisions of Microsoft’s standard operating documents that demonstrate compliance with those laws and regulations.
Oklahoma’s Student Data Accessibility, Transparency and Accountability Act of 2013 is codified at O.S. tit. 70, § 3-168.
Microsoft’s standard Online Services Data Protection Addendum (“DPA”) addresses the requirements imposed by Oklahoma’s statutory framework. The DPA sets forth Microsoft’s standard obligations with respect to the processing and security of customer data and personal data in connection with Microsoft’s provision of online services.
The reference chart below briefly identifies those provisions of Oklahoma law that are applicable to contracts with Microsoft, and the relevant provision(s) from Microsoft’s DPA that addresses Microsoft’s compliance with that requirement.
|Oklahoma Law Provision||Compliant Microsoft Provision(s)|
|O.S. tit. 70, § 3-168(6)|
Any contracts that govern databases, assessments or instructional supports that include student or de-identified data and are outsourced to private vendors include express provisions that safeguard privacy and security and include penalties for noncompliance
Microsoft Online Services Data Protection Addendum
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing to Provide Customer the Online Services
Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Data Security -> Security Practices and Policies
Microsoft Online Services Data Protection Addendum -> Appendix A – Security Measures