Va. Legislature at Head of Class in Protecting Student Data

I am very proud Access Point represents two businesses that provide services within the public education environment in Virginia, Microsoft and Lifetouch, that were a part of a coalition of companies that came together last summer to develop a Student Privacy Pledge (www.studentprivacypledge.org). Taking that pledge one step further, both companies actively supported development and passage of legislation that puts the components of that pledge into state statute.

Last week, Virginia because the first state in the country to pass the Student Privacy Pledge Model Bill, carried by Del. Tag Greason (R-Loudoun) with unanimous votes by both the House of Delegates and Senate (http://lis.virginia.gov/cgi-bin/legp604.exe?ses=151&typ=bil&val=hb1612&submit=GO). The bill now goes to the Governor for his consideration.

This legislation, like the pledge, places the responsibility on industry to ensure that student privacy is protected without unnecessarily hampering the use of technology to continue to advance how our kids are taught in the classroom. With support from the Virginia PTA and others, the pledge legislation requires industry to do the following:

  • Collect, use, share and retain student personal information only for purposes for which they are authorized;
  • Disclose clearly (in contracts) what types of student personally identifiable information will be collected;
  • Support access to and correction of student personally identifiable information;
  • Maintain a comprehensive security program focused on protecting student data against risks, such as unauthorized access or use, or unintended or inappropriate disclosure;
  • Require that vendors with whom student data is shared are obliged to implement the same commitments outlined in the pledge;
  • Allow a successor entity to maintain the student personal information, subject to the commitments outlined in the pledge;
  • Not collect, maintain, use or share student personal information for non-educational purposes;
  • Not sell student personal information;
  • Not use or disclose student information collected;
  • Not build a personal student profile other than as needed to support authorized education purposes;
  • Not knowingly retain student personal information; and
  • Not make material changes to school service provider consumer privacy policies without first providing prominent notice.

The legislation doesn’t impact any current contracts in place, but as new contracts are negotiated, school service providers or vendors must abide by the conditions outlined in the model pledge bill. This will be particularly important for smaller school divisions that may or may not have the expertise to understand the complex provisions that are often a part of contracts with technology companies. This puts the responsibility on the vendor to ensure student data involved in its work with the school divisions is adequately protected.

Microsoft and Lifetouch are joined by more than 100 other companies that operate in the public education space in support of the Student Privacy Pledge. Similar legislation is being considered in other states to strengthen the commitment to student privacy across the country. Kudos to Virginia’s lawmakers for being on the cutting edge of supporting this legislation, which puts them at the head of the class in protecting the data of Virginia’s students.