Student Data Privacy Requirements in the State of Tennessee

Student Data Privacy Requirements in the State of Tennessee

Tennessee’s Student Online Personal Information Protection Act, otherwise known as HB 1931/SB 1900, is a student data protection law that was enacted in 2016. HB 1931/SB 1900 was passed to amend previous data protection legislation that had been passed in the state, which took the form of the Student Data Accessibility, Transparency & Accountability Act which was enacted in 2014. As such, HB 1931/SB 1900 amends and updates the requirements that educators and online operators within the state of Tennessee must adhere to when managing the personal data of students. Furthermore, the law also outlines the specific categories of personal data that are protected from unauthorized access, use, and dissemination.

How is the term online operator defined under the law?

Under Tennessee’s HB 1931/SB 1900, an online operator is defined as “the operator of an Internet website, online service, online application, or mobile application with actual knowledge that the site, service, or application is used primarily for K-12 school purposes and is designed and marketed for K-12 school purposes”. Conversely, the law defines k-12 school purposes to mean “purposes that are directed by or that customarily take place at the direction of a K-12 school, teacher, or LEA or that aid in the administration of school activities, including, but not limited to, instruction in the classroom or at home, administrative activities, and collaboration among students, school personnel, or parents, or are otherwise for the use and benefit of the school.”

What are the duties of online operators under the law?

The duties that online operators have under Tennessee’s HB 1931/SB 1900 include:

What data elements are protected under the law?

Tennessee’s HB 1931/SB 1900 protects the following data elements pertaining to students enrolled in K-12 educational institutions within the state from unauthorized access, use, and transfer:

Enforcement of the law

As it concerns the enforcement of Tennessee’s HB 1931/SB 1900, the provisions set forth in the law are enforceable by the Tennesse attorney general. More specifically, the law states that “the attorney general and reporter shall have the authority to conduct civil investigations and bring civil actions.” As such, online operators, educators, and other related school personnel that are found to be in violation of the law are subject to a number of civil penalties, to be imposed at the discretion of the Tennessee attorney general. Moreover, violations of Tennessee’s HB 1931/SB 1900 also constitute an unfair or deceptive practice under the Tennessee Consumer Protection Act of 1977.

As many students around the country have been forced to submit their personal data to statewide longitudinal data systems for the purposes of furthering their educational careers, legislation is needed around the U.S. to protect these data elements. To this point, Tennessee’s HB 1931/SB 1900 serves to protect the various data elements that K-12 students around the state disclose to their respective teachers, online operators, and support personnel, ensuring that this information is safeguarded and secured from unauthorized use and disclosure, as well the adverse consequences of being involved in a data breach.

Related Reads