DQC: States making progress on data privacy but need to address educator access

Legislatures also need to look at more data protection training for teachers, report says.

State legislatures have made enormous progress in implementing student data privacy and security protections, but they should give more attention to ensuring that parents and educators have access to the data they need to help students succeed, according to a new analysis from the Data Quality Campaign (DQC).

In its 2017 “Education Data Legislation Review,” issued Wednesday, the education nonprofit reported that 26 states passed 53 new laws focused on student data during the 2017 legislative session — with most legislative activity focusing on privacy concerns.

However, among the 2017 legislation related to data and privacy, only six bills and one new law dealt with providing parents and educators with meaningful access to student data, DQC found.

“Now that many states have established a baseline of privacy protections, legislators must do more to ensure that the people closest to students have the data needed to support student learning,” the report urged.


Paige Kowalski, executive vice president of DQC, said that “legislators have made protecting student data privacy front and center and should be commended for building on previous efforts to make data use safer. State legislators, however, must do more to provide educators and families access to the data they need to help students succeed in school and life.”

As examples of 2017 legislation in this area, DQC noted that Minnesota considered but did not pass a bill to create a “student data backpack” that would have given parents and educators secure, portable access to their students’ data, and that Virginia passed a law requiring education service providers to give parents access to an electronic copy of their students’ personal information.

According to DQC, 93 privacy bills were introduced this year, 11 of which were based on California’s Student Online Personal Information Protection Act (SOPIPA) from 2014. Five of the bills became law in Arizona, Illinois, Maine, Nebraska and Texas. These laws ban service providers from selling student data or using it to conduct targeted advertising. Twenty-one states now have SOPIPA-inspired laws on the books, reflecting a trend toward adopting model laws from other states, DQC said.

Another sphere where state legislatures were deficient this year was in training teachers to use and protect student data, according to the report. Only nine bills from this year’s legislative sessions addressed privacy training for teachers, and just seven bills accounted for educator training on data use.

Legislators in Utah, however, bucked the trend, passing a law that requires each public school to make sure that every employee with access to student data has been trained on state and federal privacy laws.


Over the last decade, student data privacy has been a significant focus for lawmakers. Since 2013, they have collectively introduced 504 bills and passed 94 laws to improve how states and districts safeguard the privacy, security and confidentiality of student data.

Latest Podcasts