Student Data Protection Legislation in the State of Kansas

The Kansas Student Data Privacy Act is a student data privacy law that was passed in the U.S. state of Kansas in 2014. The Kansas Student Data Privacy Act was passed to ensure that school districts within Kanas were taking the proper steps and measures necessary to protect the personal information and privacy of students within the state. With this being said, the law sets forth a multitude of requirements that school districts within Kansas are required to adhere to when collecting personal information from K-12 students within the state, ranging from required security procedures and protocol to the circumstances under which school districts are permitted to disclose the personal information of students.

How is the term school board defined under the law?

Under the Kansas Student Data Privacy Act, a school board is defined as “the state board of regents, the state board of education, the board of trustees of any public community college, the board of regents of any municipal university, the governing board of any technical college and the board of education of any school district.” Alternatively, the law defines a “statewide longitudinal student data system” as “any student data system maintained by the department,
which assigns a state identification number for each student who attends an accredited public or private school in Kansas and uses the state identification number to collect student data.”

What are the data privacy responsibilities of school boards under the law?

Under the Kansas Student Data Privacy Act, school boards that serve students within the state have the following obligations and responsibilities as it concerns protecting the personal information and privacy of said students:

• School boards are responsible for developing a privacy policy geared toward protecting the personal information and privacy of students, in accordance with all relevant federal and state legislation.
• School boards are prohibited from collecting biometric information from students.
• Any student data that is contained within a “statewide longitudinal student data system” may only be disclosed to educational agencies within the state of Kansas in accordance with the provisions of the law. Furthermore, in instances where a school district discloses a student’s personal information to an educational agency within Kansas, the school district in question must also provide notification to the student’s parent or guardian.
• School boards are permitted to disclose personal information to individuals and third parties outside of the scope of educational agencies within the state, if the student’s parent or guardian consents to such disclosure. Additionally, in instances where a school district wishes to disclose a student’s personal information for the purpose of aiding them in furthering their education, such as providing information for an application to a postsecondary educational institution, the student in question must also provide written consent authorizing such disclosure.
• School boards are required to delete personal information pertaining to students when said information is no longer required to achieve the purposes for which it was collected.
• In the event that a security breach occurs, school boards are required to provide notification to all affected individuals and parties as soon as possible.

What categories of personal information are protected under the law?

Under the provisions of the Kansas Student Data Privacy Act, the following categories of personal information are legally protected from unauthorized access, use, and disclosure:

• Educational records.
• Course grades and grade point averages.
• Dates of birth.
• Grade levels and expected graduation dates.
• Attendance and mobility data.
• Special education data.
• Demographic information.
• Biometric data.
• Information about degrees, diplomas, and certifications.
• Attendance and mobility information.
• Transcript information.
• Any other student information that either alone or in combination with other forms of information could be used to identify an individual.

How can school boards within Kansas maintain compliance with the law?

As school boards within Kansas will have a number of duties as it pertains to serving the educational needs of their respective students, maintaining compliance with legislation such as the Kansas Student Data Privacy Act can prove to be challenging. To this point, school boards can utilize automatic redaction software to ensure that they achieve compliance with all applicable legislation with as little time, effort, and resources as possible. Using these software programs, school boards within Kansas can ensure that the personal information of their students is only disclosed for purposes related to the furtherance of educational pursuits, as information that is not needed for such purposes can be redacted, keeping it safe from threats such as cybercrime.

The Kansas Student Data Privacy Act was passed in 2014 to protect the personal information and privacy of students within the state. As K-12 students, especially those enrolled in high school, will need to disclose their personal information to pursue higher educational opportunities at some point during their academic careers, legislation such as the Kansas Student Data Privacy Act is needed to govern and regulate such disclosures. While the categories of personal information that are covered may vary from state to state, the function of all U.S. student privacy legislation at the state level remains the same, as privacy and data protection continues to be a major issue around the world.