NASBE Policy Update Tracks Trends in State Legislative Action on Student Data Privacy
Alexandria, Va. – A surge in state legislation on student data privacy this year has continued to empower state boards of education with authority over student privacy. So far this year, 47 state legislatures have introduced more than 180 bills in total, 16 of which have become law. In a third of those states, legislators are considering or have succeeded in expanding the already-substantial authority of state boards of education in this arena. A new NASBE Policy Update details the ways in which state legislatures across the country have enhanced protections for student data and expanded the role of state boards in protecting that data.
In Trends in State Legislation on Student Data Privacy, NASBE Director of Education Data and Technology Amelia Vance describes key elements in legislation introduced or passed this year and notes exemplary states:
- Safeguarding data: Of the 182 bills introduced this session, 111 were aimed at establishing better safeguards for student data collection, use, and disclosure. Arkansas, Georgia, Maryland, Utah, and Virginia are among states that now prohibit third party-vendors from selling personal student data for commercial use.
- Oversight: Five states introduced legislation creating a chief privacy officer (CPO) to manage statewide education data privacy. In two states, Utah and Virginia, CPOs are responsible for keeping the public informed about data privacy policies and programs.
- Transparency: Twenty-eight states introduced bills to create public, online lists of the data elements they collect and use. North Dakota and Virginia’s data transparency laws go a step further to ensure educators, parents, and others understand their rights to access and amend student data and how that data will be used and protected.
- Monitoring and enforcement: Eight bills create fines for privacy violations. Illinois and Connecticut, for example, considered penalties for data misuse and breaches. Kansas legislation would empower the state board of education to notify school districts that are noncompliant, provide support to correct the infraction, and impose penalties on chronic noncompliance. States like New Hampshire and Utah require parental notice of data breaches as a more public means of accountability.
- Empowering state boards of education: Thirty-seven state boards of education have at least some authority over education data privacy. Fifteen states considered 25 bills addressing their state boards’ roles in protecting student data. States should look to Utah, Georgia, and Alaska for modeling the role that boards can play.
“State legislators have made great strides in resolving questions related to student data privacy without hampering the effective use of online services in the classroom,” Vance writes. “Even in those states that did not directly address the role of state boards, the ongoing legislative push reflects the importance that student, parents, educators, and policymakers throughout the country attach to education data privacy.”
Download and read Trends in State Legislation on Student Data Privacy.
Join us for a webinar later today at 2:00 p.m. EDT as NASBE’s Amelia Vance and Data Quality Campaign’s Rachel Anderson discuss the latest trends in student data privacy legislation.
Learn more about NASBE’s education data privacy project, and read our most recent policy updates and legislative guides on recent federal legislation.
The National Association of State Boards of Education represents America’s state and territorial boards of education. Our principal objectives are to strengthen state leadership in education policymaking, advocate equality of access to educational opportunity, promote excellence in the education of all students, and ensure responsible lay governance of education. Learn more at www.nasbe.org.