- New York's 2014 implementation of student data privacy policies is a solid example — though not the only solution — for other states to look at when navigating new privacy initiatives, a new case study analysis from the nonprofit the Future of Privacy Forum suggests.
- The analysis found that New York benefited from using an existing Educational Service Agency model to help schools follow new privacy requirements limiting student data collection by both state and local education agencies. The Educational Service Agency acts as an intermediary between districts and the state education agency.
- As a part of the Educational Service Agency, the Boards of Cooperative Educational Services and their Regional Information Centers provided resources and continuous support to New York districts — helping to shape a culture of privacy as the state support helped free up time for school systems to understand student privacy compliance, the analysis said.
There is no one-size-fits-all approach for states as legislators consider student data privacy laws, the Future of Privacy Forum said, and it's important the local governing infrastructure is considered by states before establishing policies in multiple districts.
Other state models for implementing student data privacy laws include a more centralized example in Utah, where student data privacy resources are mostly run through the state education agency via the department’s staff support, the analysis said. Meanwhile, in California, education privacy professionals can receive resources through a membership organization known as the California IT in Education.
In New England, districts can enroll in a multistate cooperative, which offers services like negotiating privacy agreements with ed tech companies. This cooperative covers Massachusetts, New Hampshire, Rhode Island, Vermont and Maine.
Data privacy continues to be top of mind for districts with recent research uncovering alarming evidence that a majority of ed tech companies use “extensive” tracking technologies and share students’ personal information with third parties.
That can be difficult for districts, however. A recent study by researchers at the University of Chicago and New York University found schools often lack resources to handle privacy and security issues, and said schools likewise often had little room to negotiate contracts regarding potential privacy concerns. That’s typical because district leaders often are not aware or do not have enough sway in negotiating privacy and security measures in ed tech contracts, the study found.