Student Data Privacy Requirements in the State of Tennessee

April 12, 2022 | 4 minutes read
Student Data Privacy Requirements in the State of Tennessee

Tennessee’s Student Online Personal Information Protection Act, otherwise known as HB 1931/SB 1900, is a student data protection law that was enacted in 2016. HB 1931/SB 1900 was passed to amend previous data protection legislation that had been passed in the state, which took the form of the Student Data Accessibility, Transparency & Accountability Act which was enacted in 2014. As such, HB 1931/SB 1900 amends and updates the requirements that educators and online operators within the state of Tennessee must adhere to when managing the personal data of students. Furthermore, the law also outlines the specific categories of personal data that are protected from unauthorized access, use, and dissemination.

How is the term online operator defined under the law?

Under Tennessee’s HB 1931/SB 1900, an online operator is defined as “the operator of an Internet website, online service, online application, or mobile application with actual knowledge that the site, service, or application is used primarily for K-12 school purposes and is designed and marketed for K-12 school purposes”. Conversely, the law defines k-12 school purposes to mean “purposes that are directed by or that customarily take place at the direction of a K-12 school, teacher, or LEA or that aid in the administration of school activities, including, but not limited to, instruction in the classroom or at home, administrative activities, and collaboration among students, school personnel, or parents, or are otherwise for the use and benefit of the school.”

What are the duties of online operators under the law?

The duties that online operators have under Tennessee’s HB 1931/SB 1900 include:

What data elements are protected under the law?

Tennessee’s HB 1931/SB 1900 protects the following data elements pertaining to students enrolled in K-12 educational institutions within the state from unauthorized access, use, and transfer:

Enforcement of the law

As it concerns the enforcement of Tennessee’s HB 1931/SB 1900, the provisions set forth in the law are enforceable by the Tennesse attorney general. More specifically, the law states that “the attorney general and reporter shall have the authority to conduct civil investigations and bring civil actions.” As such, online operators, educators, and other related school personnel that are found to be in violation of the law are subject to a number of civil penalties, to be imposed at the discretion of the Tennessee attorney general. Moreover, violations of Tennessee’s HB 1931/SB 1900 also constitute an unfair or deceptive practice under the Tennessee Consumer Protection Act of 1977.

As many students around the country have been forced to submit their personal data to statewide longitudinal data systems for the purposes of furthering their educational careers, legislation is needed around the U.S. to protect these data elements. To this point, Tennessee’s HB 1931/SB 1900 serves to protect the various data elements that K-12 students around the state disclose to their respective teachers, online operators, and support personnel, ensuring that this information is safeguarded and secured from unauthorized use and disclosure, as well the adverse consequences of being involved in a data breach.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »