Skip to main content
North Dakota

North Dakota Student Data Privacy

Requires Signed Agreement
Does not require signed agreement

North Dakota requires districts to maintain a student data protection policy with defined access, sharing rules, and vendor governance for student data.

North Dakota Student Data Protection and District Policy Guide

Primary Law
School district student data protection policy requirements

Citation
North Dakota Century Code 15.1-07-25.3 (Protection of student data - School district policy)

Official Text
https://ndlegis.gov/cencode/t15-1c07.pdf

Overview

North Dakota directs school districts to adopt a student data protection policy that supports transparency and controlled access to student data. The statute focuses on governance: documenting who can access student data, specifying how student data may be shared with non-employees, and keeping the district's practices aligned with federal student privacy requirements.

For districts, the practical compliance posture is to treat data privacy as a repeatable operating system: clear policies, defined roles and permissions, and consistent vendor oversight for tools that handle student information.

Applicability and Scope

This guidance is relevant when districts collect, store, or share student data through district systems or through vendors providing instructional or operational services.

District teams commonly treat student data protection policy requirements as in-scope for:

  • Student information systems, assessment tools, and learning platforms
  • Roster exports and data integrations with vendors
  • Any external request to access or receive student data outside district employees

Policy, Transparency, and Controlled Sharing

North Dakota's approach emphasizes district-level policy. Districts should be prepared to document and make available the rules that govern access and sharing of student data, including how data is shared with entities outside the district and what approvals are required.

Operationally, districts often implement this by:

  • Maintaining a role-based list of staff positions with student data access
  • Using written agreements or documented authorization when sharing with non-employees
  • Applying a minimum-necessary approach to data fields shared with vendors

Vendor Oversight and Practical Implementation

Because edtech products frequently receive student rosters or identifiers, districts benefit from a standard vendor review process that ties back to the district policy: permitted purpose, disclosure limits, security safeguards, and data lifecycle controls.

How Can EdPrivacy Help North Dakota Schools

North Dakota districts need to demonstrate consistent governance: who has access, what is shared, why it is shared, and how vendors are controlled. EdPrivacy helps districts centralize app inventory, documentation, and approval decisions so policy requirements are easier to implement at scale.

The platform helps districts:

  • Maintain an inventory of tools that touch student data and note which systems involve vendor sharing
  • Store vendor privacy terms, security documentation, and data-sharing artifacts for quick reference
  • Record approval notes tied to district policy (who can access, what fields are shared, and what limitations apply)
  • Track vendor term changes and prompt periodic re-reviews to keep documentation current

Summary

North Dakota districts should be prepared to:

  • Adopt and maintain a student data protection policy with clear access and sharing rules
  • Document which roles can access student data and how non-employee sharing is authorized
  • Apply vendor oversight that enforces purpose limitation and security expectations
  • Keep records current as tools, integrations, and vendor policies change

NDCC 15.1-07-25.3 supports a governance-driven approach where policy, documentation, and controlled sharing are central to protecting student data.