Missouri Statutes Safeguard Student Data Privacy

In 2014, Missouri enacted House Bill 1490 which is the statute that outlines the state board of education’s responsibilities relating to student data accessibility, transparency, and accountability. The board is directed to:

  1. Create and make publicly available a data inventory and index of data elements with definitions of individual student data fields.
  2.  Develop policies to comply with all relevant state and federal privacy laws.
  3. Not transfer personally identifiable student data.
  4. Develop a detailed student data plan with guidelines authorizing access to the student data system and to individual student data including guidelines for authentication of authorized access.
  5. Ensure routine and ongoing compliance by the department of elementary and secondary education with FERPA, other relevant privacy laws and policies with security policies and procedures, including the performance of compliance audits.
  6. Ensure that any contracts that govern databases, assessments, or instructional supports that include student or redacted data and are outsourced to private vendors include express provisions that safeguard privacy and security, including provisions that prohibit private vendors from selling student data or from using student data in furtherance of advertising, with penalties for noncompliance, except to a local service provider for the limited purpose authorized by the school or district whose access to data is limited to the “directory information” defined in the federal Family Educational Rights and Privacy Act (FERPA).

 Compliance Audits Spot Check District Practices

 The Missouri State Auditor is charged with ensuring that school districts are in compliance with all federal and state student privacy legislation. The state auditor has the authority to conduct a Student Data Governance audit at any time as part of the State Auditor’s Cyber Aware School Audits Initiative. The audits are used to assess the effectiveness of the district’s privacy and security controls. The intention is to improve security for the information school districts keep on their students and families.

Statewide Student Data Privacy Solution Available to all School Districts

 As a result of a statewide partnership, all K–12 school district members of MOREnet have the opportunity to purchase an annual license for EdPrivacy from Education Framework Inc. (EFI) at discounted pricing. EdPrivacy is an economically sustainable, on-demand, student data privacy management solution, that standardizes student privacy practices across the state and helps districts monitor the frequent changes in the privacy policies of technology vendors.

Each interested MOREnet school district member will need to work with EFI individually on a letter of engagement, quote and a client access agreement. Since different school districts have different contractual needs, each MOREnet school district member will be responsible for the negotiations of their client access agreement and letter of engagement with EFI.

EdPrivacy utilizes machine learning-based artificial intelligence to create privacy quality scores for thousands of online technology resources commonly used in classrooms across the nation. The scores help educators and administrators quickly identify safe online technologies and easily determine which service providers respect and protect student data privacy. With EdPrivacy, school district leaders better understand school privacy laws for students, and enjoy student data privacy peace of mind.

For more information on what school and district administrators should know about federal student privacy laws, read EFI’s federal legislation page.