Student Data Privacy

Nonprofit Surveys Student Privacy Laws for All 50 States

• By Sri Ravipati
• 10/05/16

A nonprofit organization today released a state-by-state survey of student privacy laws in the United States. The Center for Democracy & Technology (CDT), with help from law firm BakerHostetler, collected information from all 50 states to create the State Student Privacy Law Compendium.

Organized by each state, CDT’s compendium offers insights into key issues under the following categories:

• Definitions – Looks at how the state defines “education record” and “student data” (if at all) in legislation;
• Limitations – Examines the use of limitations, including third party sharing of student information, as well as the exceptions to these limitations;
• Data Minimizations – Identifies any data retention, de-identification or aggregation limits;
• Security – Lists any mandates for specific security practices or any data security programs within the state;
• Auditing and Accountability – Identifies whether the state requires school districts or companies to have a chief privacy officer (CPO) or not, and if there is a compliant process for students and parents when the state law has been violated; and
• Individual Participation – Reveals whether the state allows parents and students to opt-out of certain data collection or sharing.

In 2015, states introduced more than 180 bills, of which 28 passed to become laws. So far this year, 36 states have introduced 112 bills, of which 16 passed in 14 states, according to an analysis from the Data Quality Campaign. “CDT expects the number of student data privacy laws to increase exponentially over the next decade,” according to the compendium.

Further information is available in the State Student Privacy Law Compendium.