Skip to Main Content
Security & Privacy

Five tips for app developers to comply with new student data privacy laws

September 20, 2016 Liz Allen

As session wraps up in many state legislatures, new student data privacy bills have become law. For those of us in the education technology space, protecting student data is a mandate we take seriously.  

Two federal laws, FERPA and COPPA, offer a floor for states to build upon. FERPA establishes parental control over student data and limits sharing of that data. COPPA protects student data for those under 13 by prohibiting targeted advertising and requiring online operators to have a privacy policy, along with other protections.

Two major forces have propelled this trend: California passed the SOPIPA bill two years ago and ACLU recently released a model student data privacy bill. According to EPIC, states recently introduced 36 student data privacy bills during this year alone. Colorado, North Carolina, and Connecticut all passed new student data privacy laws.

These state laws vary but have several key components in common. Below are five tips to help application developers get privacy right early-on. Implementing this list won’t ensure a software application is in compliance with the various state laws, but it’s a great place to start.

1. Create an accessible student data privacy policy.

This shouldn’t feel like some inconvenient box to check – it should embody the philosophy of your company and demonstrate how you follow the federal and state laws. Check out ours if you need help.

2. No selling, renting, or sharing student information without permission or a legal reason.

Yeah, don’t do that. Many states explicitly prohibit targeted advertising for all students. Plus, these are young people; their data is particularly vulnerable, and they cannot protect themselves well.

The good news? Most states allow student data to be used within the product – for personalized learning, to make recommendations based on student performance, or to improve the product itself.

3. Design security, privacy, and confidentiality structures.

Define a clear system for ensuring the security, privacy and confidentially of the data you collect – and communicate those decisions clearly. The requirements for what this looks like varies from state to state. Clever accomplishes this through a white paper that details our security measures.

4. Provide an easy way to update and delete student personal information.

You must have an easy method to update and delete the data upon request. Most states, including Washington and Connecticut, require data is deleted within a “reasonable” timeframe. Clever is committed to deleting within 10 days. It’s a best practice – and a requirement in some states – to notify the person or education entity after the data has been deleted or updated.

5. Notify of a breach in a timely manner.

Be prepared for any scenario. Specifically, have a plan for how and when you will notify your education partners after a breach. Some states have explicit timeframes. For example, Connecticut law says users must be notified within a reasonable time frame but that it also can’t exceed 30 days.

Keeping it up

If you follow best practices for student data privacy, you should be in compliance with these new state laws, but it’s always best to double check how your company handles data privacy. To learn more about best practices, take a look at Clever’s lead security engineer’s article on our “privacy by design” process that makes sure privacy is always at the forefront of our product.

You can also reach out to us at info@clever.com or visit Clever’s privacy and security resources here.

More to read

Kanawha pioneers MyAda Math learning integration with Clever LMS Connect
Districts Partners

November 1, 2024

Kanawha pioneers MyAda Math learning integration with Clever LMS Connect

Learn how Kanawha County Schools rolled out new math curriculum 6x faster and with 0 support tickets from teachers using Clever LMS Connect.

Our product vision and 2025 roadmap for protecting K-12 identities
Districts Partners

October 11, 2024

Our product vision and 2025 roadmap for protecting K-12 identities

Explore how Clever's product roadmap and vision are shaping the future of education. Discover how our innovative approach addresses current challenges, enhances security, and ensures seamless integration to accelerate learning outcomes for students, educators, and schools.

Wixie resolves manual data handling, streamlines onboarding for schools
Partners

July 19, 2024

Wixie resolves manual data handling, streamlines onboarding for schools

Discover how Wixie, a creativity tool for students, partnered with Clever to streamline onboarding and eliminate manual data handling for schools. Learn how this transformation increased efficiency, enhanced data security, and allowed students and teachers to focus more on creativity.

Subscribe to our Cybersecure K-12 Newsletter to receive exclusive insights to safeguard school data.

This field is for validation purposes and should be left unchanged.