NASBE Report Outlines Seven Lessons for Policymakers Mulling State Data Privacy Legislation
Washington, D.C. – In the past three years, policymakers in almost every state have considered laws to ensure the safety of student data, and the US Congress is considering seven bills on student data privacy. At the same time, the Every Student Succeeds (ESSA) Act requires that states adopt evidence-based interventions to improve school performance. The education research to inform these interventions depends on access to student data. In a new report, Policymaking on Education Data Privacy: Lessons Learned, NASBE Director of Education Data and Technology Amelia Vance outlines key lessons policymakers should contemplate before taking action.
“In the course of making new laws and implementing them, states have discovered both pitfalls and best practices. And they will continue to do so,” writes Vance in Lessons Learned. “But the knowledge gained during this recent rapid and vigorous cycle of policymaking can be used to create the best possible education data privacy regime across the country.” Vance offers seven lessons for policymakers.
- Stating the value of data is essential. If parents do not understand how data can help their children, they will not care how the state is protecting the privacy or security of that data. Policymakers must be proactive in explaining the value of student data to the public.
- More transparency = More trust. Building support for quality data use is not possible without transparency. States ought to go above what is required by most current laws to build trust between parents and schools on data privacy. State boards, for example, can ensure the accessibility of resources and information on data privacy.
- Early adopters can shape second generation laws. Most states that passed student data privacy laws in the last two years based their legislation on Oklahoma’s Student DATA Act or California’s Student Online Personal Information Protection Act (SOPIPA). These early adopters are models for other states, and states should pay close attention to any bills that raise new privacy issues, such as model legislation the ACLU introduced earlier this year.
- Clarify, revisit, and revise existing laws. Laws can and should be improved and enhanced. Policymakers should continue to examine and revise laws to ensure they adequately balance privacy and data use in education and ensure implementers fully understand policymakers’ intent.
- Student data privacy legislation can cause unintended harms. It is essential for all data privacy legislation to be vetted with a fine-toothed comb for vague or problematic language that may unnecessarily restrict the positive use of data. State boards are ideally placed to review bills before they pass.
- Training on data use and privacy is essential. Anyone who handles data should know how to protect those data. Although more than 300 bills have been introduced over the past two years on data privacy, few mention training. Policymakers must ensure that each state has training laws and policies and identify resources to make training feasible.
“Data privacy will be ever more important as education becomes more personalized and dependent on technology,” writes Vance. “By taking advantage of the current spotlight on privacy and using it to make positive changes that balance privacy and good data use, state boards can improve education and create a system where the appropriate use of data can help all children succeed.”
The National Association of State Boards of Education represents America’s state and territorial boards of education. Our principal objectives are to strengthen state leadership in education policymaking, advocate equality of access to educational opportunity, promote excellence in the education of all students, and ensure responsible lay governance of education. Learn more at www.nasbe.org.