The National Association of State Boards of Education has issued a new report, Policymaking on Education Data Privacy: Lessons Learned. The report outlines key lessons policymakers should contemplate before taking action to implement new interventions or policies impacting data privacy. Here’s a summary of the key lessons NASBE wants everyone to consider:
- Stating the value of data is essential. If parents do not understand how data can help their children, they will not care how the state is protecting the privacy or security of that data. Policymakers must be proactive in explaining the value of student data to the public.
- More transparency = More trust. Building support for quality data use is not possible without transparency. States ought to go above what is required by most current laws to build trust between parents and schools on data privacy. State boards, for example, can ensure the accessibility of resources and information on data privacy.
- Early adopters can shape second generation laws. Most states that passed student data privacy laws in the last two years based their legislation on Oklahoma’s Student DATA Act or California’s Student Online Personal Information Protection Act (SOPIPA). These early adopters are models for other states, and states should pay close attention to any bills that raise new privacy issues, such as model legislation the ACLU introduced earlier this year.
- Clarify, revisit, and revise existing laws. Laws can and should be improved and enhanced. Policymakers should continue to examine and revise laws to ensure they adequately balance privacy and data use in education and ensure implementers fully understand policymakers’ intent.
- Student data privacy legislation can cause unintended harms. It is essential for all data privacy legislation to be vetted with a fine-toothed comb for vague or problematic language that may unnecessarily restrict the positive use of data. State boards are ideally placed to review bills before they pass.
- Training on data use and privacy is essential. Anyone who handles data should know how to protect those data. Although more than 300 bills have been introduced over the past two years on data privacy, few mention training. Policymakers must ensure that each state has training laws and policies and identify resources to make training feasible.
The full report can be found on NASBE’s website, www.nasbe.org.
The report will be presented at NASBE’s annual Legislative Conference in Washington, DC, today at 2:00 PM (EDT) during a session titled “Student Data Privacy: Lessons Learned and Federal Implications.” NASBE Director of Education Data and Technology Amelia Vance will be joined on the panel by Paige Kowalski (Data Quality Campaign), Elana Zeide (NYU Information Law Institute), and Ben Herold (Education Week).
For more information, or to attend this session, contact Renée Rybak Lang at [email protected].