Skip to main content

Outdated laws, abundance of state rules and increase in ed tech tools add to the difficulty in protecting students’ personal data. Get the highlights below for the security challenges we face in education and testing and what we can do to help protect student data.


  • The increase in general internet use has resulted in alarms about the collection of children’s personal information from website owners. 
  • Educators, parents, researchers and lawmakers continue to raise concerns about the vulnerability of children’s online personal data as nearly every child is now able to access the internet from home, school or a smartphone in their pocket. 
  • Federal laws and regulations have brought oversight and the promotion of best practices, as well as partnerships between ed tech companies and school systems.
  • Most state education departments and legislatures have developed stricter policies to further protect children’s online privacy.
  • Some student data privacy experts say some of the laws are outdated or misunderstood.

The Problem

  • Laws put in place to safeguard children’s personal online data, prevent the unintended exposure of the details of a child’s life and to keep kids safe, may be out of date .
  • While school systems are required to protect children’s online data, at the same time they are encouraged or mandated to collect and keep a vast amount of information about each student. 
    • These data points include students’ academic standing, test taking history and results, images and videos, creative content, discipline referrals, social-emotional and physical well-being, special education records, socioeconomic status, and much more. 
    • Often school systems are putting their trust into third-party ed tech providers to safeguard this student information. 
  • The pandemic forced every student to learn from home virtually, causing an already strained system to get even more complex.
  • The federal and state laws are often mismatched. 
  • Some state student privacy laws don’t fit with practical applications in schools. 
  • School staffs caused most of the accidental breaches between July 1, 2016 – May 5, 2020.
  • Antiquated record retention laws are contributing to the difficulty for school districts in managing sensitive data. 
  • Collaboration and improved working relationships between educators, privacy advocates and ed tech companies has led to development of national best practices.
  • Model approaches have been another effective way for school systems to learn about best practices.

Potential Solutions

  • A bipartisan bill in Congress would:
    • create an “eraser button” requiring companies to let parents and kids eliminate personal information from a child or teen when “technologically feasible.”
    • The legislation has not yet been acted on.
  • Utah and Maryland took deliberate approaches to understand their student data privacy challenges and find solutions.
  • Utah also created several state-level positions to work on student privacy issues, including trainings for district-level staff.
  • Thoughtful data governance in school systems is a powerful way to protect student information.
    • School systems should explain why they are monitoring and collecting data and connect it to some larger goal.
    • Consistent training of teachers about safeguarding student data.
  • Data privacy and security efforts should include, but not be limited to IT departments.

Complete article HERE

Close Menu

Contact Us

National Association of Testing Professionals (NATP)
611 Pennsylvania Ave. SE
Box 462
Washington, D.C. 20003

T: 361-960-4619