Is Your School
MODPA Ready?

MODPA Scope Note: Maryland's Online Data Privacy Act (effective October 1, 2025) directly regulates controllers and processors of Maryland consumer data — and your EdTech vendors are directly in scope. Vendors processing student data at scale meet MODPA's thresholds regardless of your school's size. This assessment measures whether your school has the contractual protections, operational controls, and governance structures in place to enforce your vendors' MODPA obligations — and to fulfill your relevant obligations under FERPA (where applicable), COPPA, PPRA, and Maryland Education Article §4-131 (approved digital tools lists). A vendor out of compliance is a school exposed.

This tool is for educational and informational purposes only; it does not constitute legal advice or create an attorney-client relationship. Results are based on your self-reported answers and should not be relied upon as a compliance determination. Consult qualified privacy counsel for your organization. ERMITS LLC is a privacy and compliance technology company and does not provide this tool as legal counsel.