Clickability tracking pixel

States Broaden the Student Data Privacy Conversation with 2016 Legislation

While legislators introduced fewer bills this year, they're going deeper into different ways to protect student data.

by Tanya Roscorla / March 25, 2016
Educators agree that technology has a place in the classroom, but does existing legislation adequately protect student information? David Kidd

For a third straight year, state legislators are hammering out student data privacy protection, this time with a deeper and broader focus.

After just one state passed a student data privacy law in 2013, states spent the next two years sprinting to get ahead of problems with student data privacy at the school district, state and online service provider levels. Overall, 33 states added laws to their books that dealt with student data privacy, said Rachel Anderson, senior associate for policy and advocacy at the Data Quality Campaign, a Washington, D.C.-based advocacy group.  

This year, legislators slowed their pace to a jog while concentrating their efforts on other types of data collection, including social media, non-academic and school-provided device data, Anderson said. Legislators have introduced 69 student data privacy bills so far in 2016, down from a high of 138 the previous year.

"In one way, I think it's just a continuation of the conversation that we've seen in the last year," Anderson said.

That conversation includes what to do about third-party service providers that access student data. Twelve states introduced 20 bills this year that have adapted language from California's 2014 Student Online Personal Information Protection Act (SOPIPA) — widely hailed as one of the strongest student data privacy laws in the country. SOPIPA prohibits online service providers from selling or disclosing protected student information; creating student profiles based on the data; and targeting advertising to students based on the data they collect. It also requires online service providers to take appropriate security measures and honor school data deletion requests.

Two bills stood out in particular that trace their roots back to SOPIPA, Anderson said. Both of them are waiting for committee hearings. 

In California, Rep. Ed Chau introduced AB 2799 this year to extend SOPIPA's protections to preschool and pre-kindergarten students. In New Jersey, Sen. Paul A. Sarlo wrote S 794, which includes privacy protections loosely based on SOPIPA. The New Jersey bill would also require the state's commissioner of education to issue guidance and provide technical assistance to schools as they try to prepare for security breaches that could compromise student data. 

A third major bill tackles data governance in Utah and covers plenty of ground in other areas as well. H.B. 358 from Rep. Jacob L. Anderegg is waiting for Gov. Gary Herbert's signature.

This bill would require the Utah State Board of Education to oversee the creation of a statewide data governance plan and a state-level metadata dictionary. The board would also appoint a student data officer and create two advisory groups. At the regional level, local education agencies would hire student data managers to create data governance plans and metadata dictionaries for their service areas.

"It's encouraging to see states continue to think about data governance and how to make good decisions with data while also serving students," Anderson said. 

Does Dyslexia Hold the Key to the Future of Learning?

Studies have long argued that there are three types of learners: audible, visual, or kinetic. The trick? To work out what type of learner you were, then harness it.

Distance Learning

Connected North: Distance Learning, Virtual Field Trips, and a World of Opportunity

This week, join us as we travel to the far north of Canada, where distance learning is nothing new to the schools of Connected North and virtual field trips transport students to distant places and spaces.

St. Petersburg College Achieves Security and Resiliency with Cloud Solutions

Like many industries today, higher education has largely embraced BYOD programs for the myriad benefits they provide. However, the implementation of BYOD also means a network that contains many untrusted and potentially infected devices at any time, each generating traffic that requires granular visibility and monitoring, and the timely identification of potential threats.

Platforms & Programs