EdData Privacy Update: 7/2/2015

EdData Privacy Update: 7/2/2015

With rising temperatures and summer vacations, this time of year can feel pretty lazy. But state legislatures must be immune to this feeling—there have been a host of new student data privacy bills and laws since my last update!

So far in 2015, 46 states have considered 182 bills addressing student data privacy. And 12 states have so far passed 24 new laws.

The states that have passed laws so far this year—ranging from Maine to Texas to Maryland to Nevada—represent a diverse array of regions, political environments, and demographics. And there’s been variety in the specific topics states are looking at as well, with new laws addressing topics ranging from breach notification to data security plans to using data for advertising. But some important themes are also emerging that shed some light on the national student data privacy conversation:

  • States continue to think a lot about the data that is collected from students based on their use of an online website or application. Five states (Arkansas, Georgia, Maryland, New Hampshire, and Oregon have now passed a law based on California’s SOPIPA language from 2014 to prohibit online service providers from using student data for commercial or secondary purposes while allowing data use for program improvement. In addition, four states (Maine, Nevada, Virginia, and Washington) have passed new laws based on a similar model that Microsoft put together with the principles from industry’s Student Privacy Pledge.
  • In 2014, nine states passed laws that gave school districts new or expanded responsibilities around student data privacy and security. This year, many states are thinking about the supports and guidance districts will need from the state in order to fulfill their new roles.
    • North Dakota now requires data sharing approval by the school board and implements data governance, transparency, and supports including data use training.
    • Virginia has a new law to direct the state to develop a model data security plan for districts and to designate a chief data security officer to assist local school divisions with the development or implementation of data use and security policies.
    • Nevada passed a law that instructs the state to develop a security policy for districts to follow.
  • A critical part of states’ work to safeguard student data is to provide transparency and build trust with educators and the public that education data are being used to support students and improve education in the state. States are looking at lots of ways to make education data useful! For example, this year Minnesota considered a bill to create student data backpacks to give families more control of their student’s data, Florida looked at early warning systems that help keep students on track for success, and Washington introduced a bill to support collaboration between educators by looking at multiple data sources to help identify student needs.

Although protecting privacy is not a onetime task that can be completed with a single law, states are doing incredible work in making sure they are using education data to support students’ learning while safeguarding student privacy. In addressing different aspects of data privacy and use in their legislation this year, these states are constructing a powerful foundation on which they can continue to build.