Student Privacy Legislation in the State of Michigan
April 05, 2022 | 4 minutes read
Michigan’s Student Online Personal Information Protection Act, also known as SB 510, is a student data protection law that was enacted in 2016. As stated in the law, Michigan’s SB 510 was passed in order to “prohibit the disclosure or use of certain information.” To this point, the law mandates that online operators within the state of Michigan take a variety of steps and measures to protect the personal information that students within the state disclose to them when looking to further their respective educational careers. Moreover, the law outlines the specific school purposes under which the disclosure of a student’s personal information is permissible.
How are school purposes defined under the law?
Under Michigan’s SB 510, K-12 school purposes are defined as “purposes that are directed by or that customarily take place at the direction of a K-12 school, teacher, or school district or aid in the administration of school activities, including, but not limited to, instruction in the classroom or at home, administrative activities, and collaboration between students, school personnel, or parents, or are for the use and benefit of the school. Other than advertising described in section 5(3)(b), K-12 school purposes also include those purposes related to K-12 students preparing for postsecondary education.” Conversely, the law defines a service provider as “a person or entity that provides a service that enables users to access content, information, electronic mail, or other services offered over the Internet or a computer network.”
What are the duties of online operators under the law?
Under the provisions of Michigan’s SB 510, online operators that collect the personal data of students within the state have a number of obligations and responsibilities as it relates to ensuring that this information remains confidential and private at all times. These duties include but are not limited to:
- Online operators are forbidden from using personal data obtained from students, such as persistent unique identifiers, to create an online profile for said students, except in the furtherance of K-12 educational activities.
- Online operators are forbidden from using the personal data of students for the purpose of engaging in targeted advertising activities.
- Online operators may only disclose the personal data of students within Michigan under certain circumstances. Such circumstances include protecting against liability, as well as responding to or participating in the judicial process, among others.
- Online operators are required to develop and maintain security measures and practices geared toward protecting the personal data of students within Michigan from unauthorized access, use, destruction, or dissemination.
- Online operators are responsible for deleting a student’s personal data upon receiving a request to do so from a student’s school or school district.
What data elements are covered under the law?
Michigan’s SB 510 provides legal protection for a wide range of data elements pertaining to students within the state. Some of the data elements that are protected under the provisions of the law include:
- Educational records.
- Home addresses.
- Email addresses.
- First and last names.
- Biometric information.
- Text messages.
- Documents.
- Test results.
- Discipline records.
- Social security numbers.
- Medical and health records.
- Student identifiers.
- Any other information that would permit physical or online contact.
Achieving compliance with the law
In order to achieve compliance with Michigan’s SB 510, online operators within Michigan will need to take steps to ensure that the personal data of students within the state is safeguarded from unauthorized use. Due to this fact, one primary means that online operators can utilize to achieve this goal is through the implementation of automatic redaction software. Through the use of such software offerings, online operators can redact numerous forms of personal data, including social security numbers, medical and health records, and student identifiers, effectively ensuring that these forms of information do not fall into the wrong hands.
While adult users of internet services have some modicum of understanding concerning the potential risks of using such services, children do not have this same level of understanding. As such, legislation such as Michigan’s SB 510 works to ensure that the personal data that students within the state submit to their teachers and online operators is used strictly for advancing their individual educational goals. Furthermore, as the unauthorized disclosure of such information could result in a data breach, the law also protects students from the potential consequences of being involved in such an incident.