Project Brief: Privacy Operations & GRC Specialist (K-12 EdTech)
Target: Part-time/Project-based Consultant Estimated Commitment: 5–10 hours per month The Goal: To manage the "Slog Work" of K-12 compliance artifacts and district-level contracting for Stage Management Group (SMG).
Core Responsibilities:
•SDPC Registry Management: Act as the primary operator for the Student Data Privacy Consortium (SDPC) Resource Registry.
• NDPA Workflow: Handle the intake and signing of National Data Privacy Agreements (NDPAs) with school districts, ensuring state-specific exhibits are correctly applied.
• Artifact Development: Using our SMG K-12 Compliance Master v2 spreadsheet as a roadmap, draft and maintain the necessary "Universal Artifacts," including:
• K-12 Privacy Policy (FERPA/COPPA compliant).
• Data Map/Inventory (Incidental vs. PII).
• VPAT (Accessibility) summary.
• Framework Mapping: Periodically audit our progress against the CoSN K-12CVAT and A4L interoperability standards.
• Liaison: Serve as the first point of contact for school district IT/Privacy officers to clear technical "Beta Gates".
Required Expertise:
• Proven track record with A4L/SDPC standards and the NDPA.
• Deep knowledge of FERPA, COPPA, and state-level privacy laws (SOPPA, SOPIPA, etc.).
• Experience with GRC (Governance, Risk, and Compliance) workflows.
• Bonus: Experience with AI-specific privacy regulations (e.g., Colorado AI Act).