Student Data Privacy Standards in the State of Missouri
Missouri’s Student Data Accessibility, Transparency & Accountability Act, otherwise known as HB 1490, is a student data privacy and protection law that was passed in 2014. HB 1490 was enacted in order to protect and strengthen the learning environments of K-12 children that attend educational institutions within the state of Missouri. To this point, the law mandates that the Missouri State Board of Education develop and implement both academic standards and data privacy requirements that will ensure that students within the state can pursue their educational endeavors in the most efficient and effective manner possible. Moreover, HB 1490 also outlines the penalties that may be imposed against individuals that fail to comply with the provisions set forth in the law.
What are the duties of educators under the law?
Under Missouri’s Student Data Accessibility, Transparency & Accountability Act, the duties that educators, school administrators, and the Missouri State Board of Education have as it concerns protecting the privacy and confidentiality of students include but are not limited to:
- The Missouri State Board of Education is responsible for creating a data inventory or index of data elements that will be collected from students enrolled in K-12 educational institutions around the state, definitions for these various data elements, as well the manner in which they will be used. This information must also be made publicly available.
- The Missouri State Board of Education is responsible for creating data protection and privacy policies that will both protect and limit access to the personal data contained within the state’s longitudinal student data system. These policies must be in accordance with the Family Educational Rights and Privacy Act or FERPA, as well as other relevant federal and state legislation.
- The Missouri State Board of Education is responsible for developing and implementing a detailed security plan, including data breach planning and notification procedures, data retention and disposition policies, and privacy compliance standards, among other pertinent information.
- The Missouri State Board of Education is responsible for ensuring that any contracts signed with third parties or school service providers are in accordance with the law.
- The Missouri State Board of Education is prohibited from transferring the personal data of students, unless such transfer is mandated by another law.
Academic performance and learning standards
In addition to protecting the personal data and privacy of students, Missouri’s HB 1490 also requires that the Missouri State Board of Education develop and implement academic standards that can be utilized in school districts around the state. To this point, the fields of study that must be covered under these academic standards include mathematics, English or language arts, science, history, and government. Furthermore, as is the case with many other U.S. states, these academic standards must also align with the state academic assessment system within Missouri, with the goal of enabling students within the state to perform more effectively on such examinations, as well as in their future academic endeavors.
What data elements are covered under the law?
Under Missouri’s Student Data Accessibility, Transparency & Accountability Act, the Missouri State Board of Education, teachers, and other school personnel are forbidden from collecting the following data elements from students enrolled in K-12 educational institutions throughout the state:
- Juvenile court delinquency records.
- Criminal records.
- Student biometric information.
- Student political affiliation.
- Student religion.
What’s more, as it pertains to the enforcement of the law, Missouri’s HB 1490 states that “the attorney general shall have the authority to enforce compliance with this section by investigation and subsequent commencement of a civil action, to seek civil penalties for violations of this section, and to seek appropriate injunctive relief, including but not limited to a prohibition on obtaining personally identifiable information for an appropriate time period.” Most notably, educators, school administrators, and other relevant third parties that are found to be in violation of the law are subject to a monetary fine of up to $1,000, while subsequent violations of the law can result in a monetary fine of up to $5,000. Any additional violations of the law can result in a monetary fine of up to $10,000.
While some of the provisions of Missouri’s Student Data Accessibility, Transparency & Accountability Act protect the personal privacy of students, other sections of the law serve to improve the overall educational experiences of students within the state. On top of this, the monetary fines that individuals stand to face should they fail to comply with the law ensure that parents and guardians within the state of Missouri can have the peace of mind that no one will be able to infringe on the privacy of their children without having to face the consequences, as many other U.S. state student data privacy laws do not contain such protections.