The California Consumer Privacy Act Bolstering Student Data Privacy Goes into Effect December 31, 2019By Katie Onstad CA Privacy Laws, Privacy Management CCPA The start of the new year brings big changes to the privacy landscape in California. Effective January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) becomes law. The CCPA protects the personal information of all California residents collected by any company doing business in the state of California. Edtech companies that collect PII from California students are also bound by this new law. The big takeaway for school districts and edtech companies is that while COPPA regulates information privacy for children up to age 13, CCPA extends that protection to children up to age 16. This means that students’ PII is protected from preschool through most of high school—so companies and districts should align their compliance plans for the entire PK–12 student population. Much like the European GDPR security law, the CCPA expands the definition of personal information to include things like IP addresses, geolocation information, and inferences drawn from personal data to create a data profile of a consumer. “While all consumers have the right to ‘opt out’ of a sale of their information, consumers under the age of 16 must ‘opt in’ before their personal data is sold. (If the user is under the age of 13, the student’s parent or guardian must opt in.)”[1] It is important to note that the CCPA does not supplant the existing California Student Online Personal Information Protection Act (SOPIPA). How the two laws will co-exist remains to be seen as CCPA is designed for general consumer protection (and students fall within that category), whereas SOPIPA is focused on students exclusively. Most data elements categorized as “covered information” under SOPIPA are already protected as PII under federal laws, such as FERPA and COPPA.[2] How Do School Districts Navigate the Requirements of Multiple Laws? The various federal and state laws are intended to prevent violations of student data privacy with newer laws enacting stricter privacy guidelines. But how the laws overlap or work together presents a complicated picture as the CCPA is in effect on January 1st and is retroactive to January 1, 2019. Protecting student privacy, understanding how edtech vendors and service providers are currently handling data, and monitoring their privacy policy changes over time is a monumental task for districts. Keeping track of the details of how new legislation impacts current practice is also a challenge. Managing process and policies for protecting student PII is a challenge for any sized district, but especially ones with limited resources. EdPrivacy presents a solution. EdPrivacy utilizes machine learning-based artificial intelligence to create privacy scores for more than 10,000 apps and digital resources used in classrooms. The scores help educators and administrators quickly identify safe online technologies and easily determine which service providers respect and protect student data privacy. With EdPrivacy, school district leaders better understand school privacy laws for students, and enjoy student data privacy peace of mind. Benefits of EdPrivacy include: Partner with trusted experts in school student data privacy. Access a database of privacy scores for more than 10,000 of the most-used online education resources. Understand which education technologies respect and protect sensitive student information. Instill parent confidence that the district is proactively protecting student information online. Publish and maintain a list of safe-to-use technologies approved for use in the classroom. Reduce risk of data breach and ensure compliance with FERPA, COPPA, and state privacy laws. For a free trial, visit here. [1] Retrieved from https://www.edsurge.com/news/2018-09-21-golden-state-gdpr-what-the-edtech-industry-should-know-about-ca-s-new-privacy-rules [2] Retrieved from https://fpf.org/wp-content/uploads/2016/11/SOPIPA-Guide_Nov-4-2016.pdf Related Posts Student Data Privacy Policy for Schools—How to Ensure Your Data Stays Private Keeping students’ PII can be complicated - learn how to create a student data protection policy for your school today. District Challenges in Executing a Student Data Privacy Policy Districts must develop a comprehensive K-12 student data privacy policy. Get our top 5 policy best practices today. How Technology in the Classroom Impacts Student Data Privacy Until a parent voiced a concern, teachers in an Illinois school district had been able to use any application or online resource they chose in their classrooms. That parent inquiry sent the superintendent and director of technology on a quest that led to major changes in how the district investigates and vets applications and websites for use. Learn how River Forest School District 90 stepped up their privacy game with help from EdPrivacy by Education Framework. EdPrivacy by Education Framework: Student Data Privacy Peace of Mind [Video] Protecting student privacy is a big challenge for U.S. school districts. Learn how EdPrivacy helps simplify and streamline the privacy management process, protecting student data and providing privacy peace of mind. Managing Student Data Privacy: How One District is Doing it Right Learn how a school district in Georgia is effectively supporting their student data privacy policy with EdPrivacy, a comprehensive privacy management tool that vets vendor privacy policies, monitors policies for changes, and protects sensitive student information. Optimize Student Data Protection with this EdPrivacy Checklist Take full advantage of the student data privacy and security benefits that EdPrivacy provides. Follow this simple checklist to enhance your data protection program and get the year off to a smart start.