Rapid Developments in State Student Privacy Laws

Locke Lord LLP
Contact

In 2014, at least 16 states enacted laws regulating the privacy of student information. The trend is continuing in 2015, as at least 165 state student privacy bills have been introduced thus far, six of which have already been enacted in Virginia and Utah. As new state laws continue to be layered upon existing federal obligations such as the Family Educational Rights and Privacy Act (“FERPA”) and the Children’s Online Privacy Protection Act (“COPPA”), schools, districts, ed tech companies, and other service providers face an increasingly complex regulatory regime.

The new state requirements vary, in some cases restricting the type of information that may be collected from students, while in other cases strictly limiting the ways in which student data may be used or disclosed, or requiring transparency regarding data collection, use, and disclosure practices, notification to parents in the event of a data breach, certain levels of security for student information, vendor contract terms imposing such requirements, or some combination of these and other requirements. Many but not all of the new laws apply only to data stored in the statewide longitudinal data system (“SLDS”).

In most cases, the new requirements apply to schools and school districts. However, many laws also require that schools and school districts include specific privacy and data protection terms in their contracts with ed tech companies and other service providers that may have access to student data. In addition, California’s Student Online Personal Information Protection Act, which was enacted in 2014 and becomes effective January 1, 2016, extends directly to operators of websites, online services, or online or mobile applications with actual knowledge that the site, service, or application is used primarily for K-12 school purposes and was designed and marketed for K-12 school purposes. The California Act restricts such operators from knowingly engaging in targeted advertising, amassing a profile about a K-12 student except in furtherance of K-12 school purposes, selling a student’s information, or disclosing student information other than for certain specified purposes.

Schools, districts, ed tech companies, and other service providers should monitor the new requirements, as well as relevant contractual obligations, to ensure that their privacy and data protection policies, procedures, and practices comply with the increasingly complex statutory and regulatory requirements applicable to student data.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Locke Lord LLP | Attorney Advertising

Written by:

Locke Lord LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Locke Lord LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide