National Law Review: “Amid a year filled with high-profile data breaches and a focus on privacy concerns, a number of states have enacted enhanced privacy and data security laws that apply specifically to students, including, in the case of California, new rules that may potentially apply to a broad class of technology services directed at K–12 students. The new laws enacted in many states include enhanced privacy requirements for school districts that are relevant to education technology companies that provide services to school districts. These laws address student data privacy in a number of ways, including restricting with whom student data may be shared, restricting which data may be collected, requiring school districts to adopt data-retention and security standards, and requiring the publication of data collection indices that explain each element of student data that school districts collect. Several new state laws also require specific provisions regarding student data privacy to be included in any contract between a school district and a third-party service provider. For example, in Louisiana, agreements with contractors must include, among other matters, provisions for privacy and security audits by the district as well as data breach planning, notification, and remediation procedures. In California, such agreements must include, among other matters, procedures for parents and legal guardians to review and correct personally identifiable information held by the contractor.”
Sorry, comments are closed for this post.