A new report by NASBE Director of Education Data and Technology, Amelia Vance, “Policymaking on Education Data Privacy: Lessons Learned,” reflects on the “recent rapid and vigorous cycle of policymaking” on student data privacy and safety. Based on both the pitfalls and best practices states have discovered through this process, Vance offers seven key lessons for policymakers:

1. State boards significantly shape data privacy policy. State boards need to ensure purposeful collection and use of data.

2. Policymakers must be proactive in explaining the value of student data to the public. Before engaging with how the state is protecting data, parents need to understand how data can help their children.

3. More transparency = more trust. States ought to go beyond what current laws require to build trust between parents and schools on data privacy.

4. Early adopters are models for shaping second-generation laws. States should pay attention to bills that raise new privacy issues, such as the model legislation the ACLU recently introduced.

5. It’s important to clarify, revisit, and revise existing laws. Policymakers need to continue to examine and revise laws to ensure they adequately balance privacy and data use in education.

6. Student data privacy legislation can cause unintended harm. All legislation needs to be thoroughly vetted for problematic language that may unnecessarily restrict the positive use of data.

7. Training on data use and privacy is essential. Very few of the more than 300 bills introduced over the past two years mention training. Anyone who handles data should know how to protect those data.