State Legislatures Protect Student Data and Mandate Greater Transparency


Public schools have generated and maintained massive amounts of student information for decades. Standardized test scores, grades, conduct records, psychological and medical information, student assessments, child and parent personal information, and teacher evaluations of children’s performance are all essential to providing and improving educational services.  But with such massive amounts of data comes great risk that it will be misused.

Congress recognized the sensitivity of this information in the early 1970’s and passed the Family and Education Records Protection Act (FERPA) in 1974.  FERPA guarantees families access to their child’s educational records, and also protects against disclosure of student data for non-educational purposes.  However, the rapid technology advances of the past decade far outstripped the ability of FERPA to provide risk solutions, so individual states have begun to fill the regulatory gap with their own laws and requirements.  These state laws address both data privacy and data security and continue the emphasis on transparency and accountability begun by FERPA.

Technology has rapidly enhanced the ability of schools to assess a student’s strengths, isolate learning deficits, and deliver learning systems that are individualized to maximize educational gains and teaching efficiency.  The aggregate of individuals’ microdata creates vast amounts of macrodata that allow schools to determine which learning systems are most effective, which should be modified or discarded, and which provide value platforms that are consistent with school boards’ limited financial resources.  Data collection, sharing and analysis are powerful tools in the modern educational product market.  But all of that data is sensitive and private to individuals, and its use needs to be thoughtfully regulated and protected.

The Data Quality Campaign has released a Summary of 2016 State Legislation that analyzes the growth and content of state bills and laws governing school-based data.  The DQC Report states that 15 states passed 18 new data privacy laws in 2016, with particular emphasis on three concerns:

  1. regulating the data use and privacy activities of online service providers;
  2. enhancing transparency around how student data is managed and used; and
  3. mandating greater responsibility for safeguarding data both internally and from cyber-threats.

Schools and educational technology providers will be well-advised to work together collaboratively to maximize learning opportunities for students while minimizing the risks of data compromise or inappropriate use of personal data. Only where the integrity of technology systems is assured will parents and the general public trust schools and learning product vendors with the data of our children. And experience teaches that every time a breach or abuse occurs, the response will be greater and more onerous legislation.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McGuireWoods LLP | Attorney Advertising

Written by:


McGuireWoods LLP on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.