Now in its ninth year, the program has been expanding both its reach and accessibility, including free TLE Seal applications, resources and privacy-focused benchmarking reports to districts in North Carolina, South Carolina, Illinois, and most recently Indiana.
According to Linnette Attai, project director for CoSN’s Student Privacy Initiative and TLE Program, TLEs don't require government mandates or high-dollar technology investments, focusing instead on shared frameworks, benchmarking and peer-to-peer collaboration.
“It is not the job of one person. This is not a technology job. This is not machines. This is a whole new discipline,” Attai said. “We have the resources, we have the guidance, we have the structure, we have the mechanism. We just need you to get it to your districts.”
IMPETUS FOR THE TLE PARTNERSHIP PROGRAM
The TLE Seal Program itself originally launched in 2016. According to Attai, the initiative began as a privacy rubric for school districts to follow, inviting districts to apply for a seal to show maturity in all of five disciplines: leadership, business practices, data security, professional development and classroom practices.
However, Attai said recent data illuminated the need to support more districts in their privacy infrastructure.
A two-part report by CoSN in 2024 provided a detailed look at how districts were structuring — and struggling with — the fundamentals of data privacy. The study asked 401 district ed-tech leaders across 39 states and Washington, D.C., to evaluate their training, policies, leadership support and resources.
Despite evident concern regarding data protection — 88 percent of respondents listed privacy among their top two priorities — districts showed widespread weaknesses:
- 73 percent of school leaders responsible for student privacy had no mention of “privacy” in their job description
- 17 percent had not received any privacy training, and among those trained, a quarter paid out-of-pocket
- 89 percent cited employee-related concerns as “extremely” or “very” concerning. Some challenges included controlling the influx of free or low-cost classroom technology, mandating training and lacking sufficient district policies
The concepts that underpin privacy have been around for decades, Attai said. But CoSN’s report revealed that schools have been struggling to adapt to emerging technology largely because they lack fundamental cyber safety practices.
“When you’re not solid in your fundamentals, then every new piece of technology sort of throws you off balance … we saw it with video conferencing. We’re seeing it with AI,” Attai said. “It’s that if you get really good at the fundamentals, technology can bring whatever it’s going to bring, and you will know how to address it.”
THE TLE PARTNERSHIP PROGRAM
The new component of the initiative, which began in 2024, is the TLE State Partnership Program. Attai said through the extension of the original TLE initiative, CoSN, state education agencies or districts themselves collaborate to share knowledge and best security practices.
“We do some benchmarking of districts in the state to assess how they’re doing on their privacy practices,” she said. “Then we form district cohorts, and we support them, like providing them with guidance on how to run a cohort, providing with a TLE Seal recipient as a peer mentor, and generally helping support them through the work that districts then do together.”
Recognizing that obtaining a full seal can be daunting, Attai noted that CoSN also offers “mini seals” through the partnership program, allowing districts to focus on one domain at a time. She added that mini seals are especially useful for smaller or rural districts that may lack the staff or resources to overhaul their programs all at once.
“The mini seal was something we designed to make it easier for districts to start doing the work and to get some traction, and to get feedback sooner in the process,” she said. “It helps and gives structure to the cohort, and also allows this whole program to be of improving your student data privacy practices to be more digestible and less overwhelming.”
Once a district earns their mini seal, they can serve as a mentor or partner for other school leaders in need of support in a specific domain.
The application process begins with a self-assessment by a district’s superintendent, determining their readiness to be an effective technology leader. The assessment works on a five-point scale, with statements like “I take every opportunity to showcase innovative technology in my work with my staff and community” and “my district is exploring how to use learning analytics to make better use of data.”
“This is just a gut test,” Attai stated. “Where do you feel confident? Where do you not feel confident? That’s how you know where to start your work around the TLE program.”
Most importantly, according to Attai, the program operates under a maturity model, meaning that CoSN encourages constant and ongoing improvement by offering feedback, assessment and scores regardless of whether a district earns a seal after submitting their application.
CASE STUDY: INDIANA’S MENTORSHIP MODEL
According to CoSN CEO Keith Krueger, districts have historically managed data privacy by looking at federal Family Educational Rights and Privacy Act (FERPA) requirements, which date back to the '70s and do not cover all areas of the modern data protection needed today.
Until recently, Indiana had no comprehensive state-level student data privacy laws, according to a recent case study by CoSN. Without clear mandates, districts deprioritized privacy due to complexity and limited resources.
In 2024, the Indiana Department of Education joined CoSN’s TLE State Partnership Program, providing all districts with free access to the TLE Seal applications, benchmarking data and customized guidance on addressing gaps.
Pete Just, a former chief technology officer who helped develop the original TLE framework, supports Indiana schools through the program as executive director of the Indiana CTO Council. He said that CoSN’s creation of mini-seal certifications made the process more accessible.
“Instead of trying to do everything at once, you can focus on one area, create momentum, and build from there,” Just said.
Since the partnership component of the initiative is relatively new, both Attai and Krueger said CoSN has not yet conducted surveys to gauge program satisfaction in Indiana, nor in other participating states like Illinois or South Carolina.
According to CoSN’s case study, though, participation in Indiana exceeded expectations. The initial plan was to form a two-year cohort of 10 to 15 districts across the state working toward TLE certification, yet within six months of the program's launch, 45 districts had joined, indicating high demand for tools to improve schools’ privacy infrastructure.
“It’s really about finding the thought leaders in different areas and scaling your resources,” Attai said. “This scale is not only supportive in keeping you accountable but also in making you feel less alone.”
Despite lacking formal survey data, Attai said part two of CoSN’s report shows that districts that have gone through the TLE program have much stronger privacy practices than those that have not.
LOOKING AHEAD
Attai said districts have not demonstrated pushback when encouraged to prioritize strong privacy practices through TLE, but she has seen significant gaps in awareness regarding cybersecurity.
Namely, she said the main challenge is that school leadership is pulled in so many directions, and privacy is only one of many issues superintendents navigate on a day-to-day basis.
“Districts are often microcosms of society. [Privacy] is one of the societal issues that superintendents need to deal with,” she said. “But they’re also making sure kids are fed and healthy and safe and all the other things that need resources.”
While both Attai and Krueger described substantive, tangible improvements through the partnership program, they emphasized that the “secret ingredient” to forging effective privacy work in a district is leadership in the form of the superintendent supporting and championing the work.
“[Superintendents] need to support their technology leader. They need to break down silos. They need to understand that all employees are going to need to be trained in fundamental privacy requirements,” Attai said. “They need to know that technology that’s brought into the classroom needs to be assessed for privacy and security, and a determination made before student data is provided.”
