Student Privacy

Earlier this month, the Governor of Vermont signed into law S.B. 110, which will amend the state’s data breach notification law and create a new student privacy law focused on operators of educational technology services.  Notably, the amendments to the state’s data breach notification law will expand the categories of personally identifiable information (“PII”) that may trigger notification obligations to individuals and regulators in the event of a breach to include online account credentials, health and medical information, and biometric and genetic data, among others.  The student privacy law will place certain restrictions on how student data can be collected, used, and disclosed by operators of online educational technology services.  The new requirements, which will enter into force on July 1, 2020, are discussed in more detail below.
Continue Reading Vermont Enacts Data Breach Notification and Student Privacy Legislation

On November 2, 2016, California Attorney General Kamala Harris released a report outlining best practices for the education technology industry (“Ed Tech”).  In Ready for School: Recommendations for the Ed Tech Industry to Protect the Privacy of Student Data, Attorney General Harris noted the need to implement robust safeguards
Continue Reading California Attorney General Issues Recommendations for Privacy in Ed Tech