Senate Bill 29
SPONSOR
Senator Stephen Huffman, District 5 TARGETS All schools, districts, school boards, educational service centers, and agencies that serve students Technology providers for any of the above DESCRIPTION Creates legal guidance for processes to maintain student data privacy in all education records |
COMMITTEE
Senate Education Committee INTRODUCED January 23, 2023 WATCH TESTIMONY TBD BILL General Info | As-Written |
SB 29 Details
Senate Bill 29 prohibits schools and technology providers from tracking student activity from school-issued devices and prohibits technology providers from using educational data for any marketing or advertising to a student.
Provisions that impact schools, districts, and education agencies:
Provisions that impact technology providers:
Provisions that impact schools, districts, and education agencies:
- Declares that “education support services data” is NOT a public record.
- Unless otherwise provided by law, no person may share educational support services data concerning any student attending a public school for any purpose.
- By August 1 of each school year, each school district must notify parents and students of any curriculum, testing, or assessment technology provider contract affecting a student's education records. The notice must:
- Identify each curriculum, testing, or assessment technology provider and their level of access to education records
- Identify the education records that will be affected by the curriculum, testing, or assessment technology provider contract
- Include information about the contract inspection, and provide contact information for a school department to which a parent or student may direct questions or concerns.
- Parents and students must be allowed to inspect a complete copy of any technology provider contract.
- Names technology features that school districts and technology providers cannot electronically access or monitor, with certain exceptions. Disallowed features would include:
- Location-tracking features of a school-issued device
- Audio or visual receiving, transmitting, or recording feature of a school-issued device;
- Student interactions with a school-issued device, including, but not limited to, keystrokes and web-browsing activity.
- If a school district or technology provider legally interacts with a school-issued device, it must, within 72 hours of the access, notify the student or that student's parent and provide a written description of the interaction, including which features of the device were accessed and a description of the threat (if any).
Provisions that impact technology providers:
- Technology providers must follow current law (ORC 1347) regarding the collection, use, and protection of data as if it were a school district.
- Education records made, used, or shared by a technology provider are solely the property of the school district they contracted with.
- If there is a breach of education records data maintained by the technology provider, the technology provider must tell the school district all information required under current law (ORC 1347.12).
- “Unless renewal of the contract is reasonably anticipated,” a technology provider must destroy or return to the appropriate school district all education records created, received, or maintained within ninety days of the expiration of their contract.
- A technology provider cannot sell, share, or disseminate education records, except as allowed by law or as part of a contract with a school district.
- A technology provider cannot use educational data for any commercial purpose, including, but not limited to marketing or advertising to a student or parent.
- A contract between a technology provider and a school district must ensure appropriate security safeguards for educational data.