The following chart provides a brief overview of the laws of the state of Rhode Island addressing privacy and security of student data, and the corresponding provisions of Microsoft’s standard operating documents that demonstrate compliance with those laws.
Rhode Island law provides that, as an entity that provides cloud computing services, Microsoft is a “cloud computing service provider.”
Under 16 R.I. Gen. Laws § 16-104-1(c), each cloud computing service that enters into a contract to provide such services shall certify, in writing, that it shall comply with the provision below.
Microsoft’s standard Online Services Data Protection Addendum (“DPA”) addresses the requirements imposed on cloud computing service providers by Rhode Island’s statutory framework. The DPA sets forth Microsoft’s standard obligations with respect to the processing and security of customer data and personal data in connection with Microsoft’s provision of online services.
The reference chart below briefly identifies those provisions of Rhode Island law that are applicable to cloud computing service providers such as Microsoft, and the relevant provision(s) from Microsoft’s DPA that addresses Microsoft’s compliance with that requirement.
|Rhode Island Law Provision||Compliant Microsoft Provision(s)|
|16 R.I. Gen. Laws § 16-104-1(b)|
Prohibition against use of information for purposes other than providing the cloud computing service to the educational institution
|Microsoft Online Services Data Protection Addendum -> Data Protection Terms -> Nature of Data Processing; Ownership -> Processing to Provide Customer the Online Services|