Ohio Senate Bill 29 (SB29) went into effect last month on October 24, 2024. The focus of this bill is to improve student data privacy and school cybersecurity. The reason for the bill is to ensure that technology companies don’t misuse student data for students who use school-provided devices.
Some of the key provisions include:
Be ready! Ohio Senate Bill 29 will emphasize stricter oversight of student data, with provisions for monitoring, secure storage, and responsible usage.
- Monitoring: Schools are prohibited from electronically monitoring or accessing school-issued devices without notice. Exceptions include monitoring for purposes of instruction and/or participation in the Ohio E-Rate program. Parents must be notified of monitoring.
- Data collection: Schools must be transparent about how they collect data.
- Data use: Schools cannot use student data for non-educational purposes.
- Data deletion: Schools must ensure that contracts with technology providers include provisions for student data to be deleted upon contract termination.
- Breach notifications: Schools must notify people if there is a data breach.
- Vendor management: Schools must review and manage vendors and ed-tech resources to ensure they meet the bill’s data privacy standards.
- Parental visibility: Parents should have greater visibility into their child’s school data.
Most DD Boards already use privacy/security policy templates created either by Eagle Consulting or the Cleveland law firm Hickman-Lowder (provided in partnership with the OACB) which already contain some but not all of these requirements.
Eagle’s recommendation: existing HIPAA/FERPA privacy and security policies should be updated rather than create new policies.
Eagle Consulting has provided combined HIPAA and FERPA policy templates to DD boards since 2001 and has committed to providing its customers with an update, by year end 2024, which addresses these obligations. The policies will require some new procedures, for example, a vendor management program and updated parental notice. For more information, please contact us at https://eagleconsultingpartners.com/contact-us/
