Legislative Update: Safeguarding Student Data

Legislative Update: Safeguarding Student Data

Since 2014, student data privacy has been an education data priority for state legislatures. This remains true in 2021: so far this year, with 28 states having already adjourned their regular sessions, DQC has tracked 40 education privacy bills in 17 states. Of the 17 states, six have adjourned and five more are expected to adjourn by July 1. 

When it comes to student data privacy legislation in 2021, states are in different places regarding state policies that govern student data—and we’re seeing states introduce bills and make amendments to existing law to reflect their unique needs and circumstances. So far, this year’s student data privacy bills have addressed familiar policy approaches including governing third party service provider activities, parameters for parental consent, and the responsibilities of state education agencies regarding governance of student information. While these are familiar issues in safeguarding data, the 2021 landscape for state student data privacy legislation is much more complex compared to years past.

When states were first considering student data privacy legislation, they tended to borrow language from one another. Now, we are seeing more diversity in state-specific approaches, even if the issues are the same. Compared to privacy legislation we saw from 2014–2016, fewer bills are carbon copies of one another across states. It’s clear that states have unique needs and circumstances that are driving individual pieces of legislation.

Notable highlights from our tracking so far:

  • Creating policies to govern the activities of service providers continues to be front of mind, especially as learning moved online during the pandemic. Bills were introduced in Missouri, Maryland, Texas, Minnesota, Rhode Island, and Massachusetts that address the privacy issues by regulating operators of online tools and technology, and identifying how student-level information can be used.
  • While some states are considering more targeted policy solutions to address discreet issues, two states are considering comprehensive data privacy policies. Massachusetts and Pennsylvania are considering bills that would establish data governance policies at the state level, including establishing a chief privacy officer and codifying policies that govern the activities of service providers. Data governance is the most sustainable way to address student data privacy, especially as practices change over time. States must consider establishing data governance if they truly wish to be able to quickly adapt to the changing data and technology environment in education. It is promising that states are beginning to consider measures that will allow them to be responsive to the changing needs required to continue safeguarding student data.
  • States continue to grapple with the state role in student data privacy. Current Louisiana privacy law prohibits state agencies from connecting data across systems and resulted in the state being unable to provide resources to families at the height of the pandemic. Bipartisan legislation has been introduced that would allow the state to safeguard student data while collecting the data that matters for students. Privacy laws should be aimed at better serving students and should not get in the way of state agencies providing much needed resources.

The work of privacy is never done and we will likely continue to see states revisit state privacy policies as data practices and needs evolve. As we track legislation throughout the 2021 session, we’ll share any additional updates on privacy and other pressing topics.