We’re now about two months into most states’ 2015 legislative sessions (and already nearing the end of the session in several states). So it seems like the perfect time to take a mid-season look at states’ legislative activities around student data privacy. And there’s a lot to cover!
Although 2014 saw the introduction and passage of an unprecedented number of student data privacy bills (110 bills were introduced in 36 states; 21 states ended up passing legislation), 2015 has already exceeded those numbers! As of today, 39 states have introduced 138 bills addressing student data privacy.
What approaches have these bills taken to safeguard student privacy? Like last year, states are introducing a mix of prohibitive and governance bills. Bills that take a prohibitive approach seek to reduce privacy risks by limiting data collection and use. Bills with a governance focus seek to build proactive governance structures and procedures that guide data collection and use. Since all states collect education data to inform decisionmaking, provide critical services and resources to students and schools, ensure transparency, and fulfill reporting requirements, establishing data governance procedures can help guarantee that these activities happen responsibly, consistently, and purposefully.
One state building one some of the strongest data governance work from last year is Georgia. The state’s HB 414 combines elements of two data governance models that were first developed last year, one governing state and district data activities and one directly governing the data activities of online service providers. Together, these provisions help ensure that data are used to support excellent education opportunities for all of the state’s students while safeguarding the privacy of their data.
States are also building on the work started last year by focusing on supports, services, and trainings that the state can provide to its districts and educators:
North Dakota introduced a bill that would require the development of privacy and data use training for any state or local staff with access to the state’s data system.
Virginia introduced a bill that would direct the state department of education (VDOE) and the Virginia Information Technologies Agency to develop a model data security plan for districts and would require VDOE to designate a chief data security officer to assist local school divisions with the development or implementation of policies around data security and data use.
Minnesota introduced a bill to create a student achievement backpack, which would put quality information into the hands of parents by allowing them to easily access their child’s information and also control who else sees it.
With so many innovative approaches to safeguarding student privacy being considered across the country, the rest of the legislative season is bound to be interesting. We’ll bring you more updates as the sessions progress!