Student Data Privacy Regulations in the State of Ohio
Ohio’s HB 487 is a student data protection and privacy law that was passed in the U.S. state of Ohio in 2014. While student data privacy laws around the U.S. have varying levels of applicability and scope within their jurisdictions, the provisions of Ohio’s HB 487 apply to all individuals that share or disclose their personal information in the context of educational pursuits, including students, teachers, and other related personnel. With this being said, the law establishes the responsibilities that the Ohio State Board of Education has as it relates to securing the personal information of the various individuals that both work and attend educational institutions within the state.
How are school districts defined under the law?
Under Ohio’s Ohio’s HB 487, a school district is defined as “any city, local, exempted village, or joint vocational school district and, in accordance with section 3314.17 of the Revised Code, any community school. As used in division (L) of this section, “school district” also includes any educational service center or other educational entity required to submit data using the system established under this section.” Alternatively, as it pertains to how personal information or data is defined under the law, Ohio’s HB 487 states that “any data that is collected or maintained pursuant to this section and that identifies an individual pupil is not a public record for the purposes of section 149.43 of the Revised Code.
What are the duties of the Ohio State Board of Education under the law?
Ohio’s HB 487 mandates that the Ohio State Board of Education take a number of measures to provide school districts across the state with the tools necessary to protect the personal information of their respective students, particularly as it concerns the various data elements that are contained within the state’s education management information system. Some of these responsibilities include:
- The Ohio State Board of Education is responsible for both identifying and defining the data elements that should be included in the state’s education management information system.
- The Ohio State Board of Education is responsible for creating annual procedures that can be used to govern the collection, reporting, compiling, and dissemination of personal data that is contained within the state’s education management information system.
- The Ohio State Board of Education is responsible for implementing strict safeguards that can be used to safeguard the personally identifiable information of students within the state.
- The Ohio State Board of Education is responsible for collecting student participation and performance data, as well as using this information to draft future policies and procedures.
- The Ohio State Board of Education is responsible for ensuring that any data elements pertaining to students that are contained within the state’s education management information system are used solely for the purpose of aiding said students in furthering their individual academic pursuits.
What data elements are protected under the law?
The data elements that are legally protected from unauthorized access or use under Ohio’s HB 487, in accordance with the Family Educational Rights and Privacy Act or FERPA, include but are not limited to:
- Students names.
- The names of a student’s family members.
- Social security numbers.
- Student identification numbers.
- Dates of birth.
- Home addresses.
- Email addresses.
- Telephone numbers.
- Biometric records.
- Mother’s maiden name.
- Healthcare and medical records.
Redaction and student privacy
Due to the sheer mass of data that is contained within many educational state-wide longitudinal data systems, educators face an enormous amount of pressure to protect this information. Subsequently, one effective way to accomplish this goal is through the use of automatic redaction software programs. These software programs enable users to redact data elements concerning students that could be used for nefarious purposes, such as social security numbers, while simultaneously allowing them to use other data elements, such as transcript data, to help students advance their educational futures. In this way, educators can secure the personal information of their students in an efficient manner.
While Ohio’s HB 487 regulates a variety of aspects of the state education system, including funding, educational standards, and the pursuit of post-secondary educational opportunities, among other things, the provisions of the law concerning data protection and personal privacy serve to safeguard the personal information of students from unauthorized use. Through the responsibilities that the Ohio State Board of Education are required to implement and follow, citizens within the state that have children enrolled in educational institutions can have the peace of mind that the personal data of their children is being protected.