In addition to understanding and complying with FERPA, states also have the responsibility to understand and comply with state data privacy and security laws, as well as other federal privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA) to the extent that data subject to those laws are incorporated in the state educational data system.
Finally, understanding federal privacy laws is only one step for state policymakers as they must not only understand privacy laws in their own states but also play a leadership role to ensure that the state is effectively protecting student information. While state policymakers bear the responsibility for protecting student privacy, they need not do so at the sake of restricting the use of quality, longitudinal education data in support of their ultimate goal: improving student achievement.