Governor DeWine signed into law amendments that address many of the concerns with Senate Bill 29, the law covering student data privacy. House Bill 432 contains an emergency clause and is effective immediately. Here are the major changes that will provide school districts with some relief from the more unworkable portions of SB 29:

Trigger Notices

The law reduces the number of circumstances where a school district must give parents a 72-hour “trigger” notice that the district accessed a student’s school-issued device. Under the amendment, these 72-hour notices must be provided to parents if electronic access is:

1. Made under a judicial warrant or subpoena, and the district initiates responsive action;

2. Because a device is missing or stolen, and the district initiates responsive action; or

3. Necessary to prevent or respond to a threat to life or safety and the school district initiates responsive action, or pursuant to a warrant, subpoena, or theft, for child abuse or neglect, or related to suspension or expulsion, harassment, intimidation, or bullying, or a threat assessment.

Importantly, the 72-hour trigger notice isn’t required if the notice itself poses a threat to life or safety.

Districts are no longer required to send trigger notices for device access for an educational purpose, which was a major hurdle in implementing SB 29. Trigger notices also aren’t required for device access to comply with federal or state law, or where it is needed to participate in state or federal programs.

Caution should be exercised for judicial warrants or subpoenas prior to sending the 72-hour trigger notice, as warrants/subpoenas may prohibit disclosure. Please consult your district’s legal counsel in these circumstances. 

Notably, the law continues to require districts who elect to generally monitor school-issued devices to provide annual notice of that fact to parents. Districts should review their annual general monitoring notice, and 72-hour trigger notice, in light of this amendment.

Student Data Privacy

The amendment also makes key changes to definitions in SB 29. It changes the definition of education records to be consistent with the federal Family Educational Rights and Privacy Act (FERPA), instead of creating a new definition of the term. Districts can better evaluate compliance when using a familiar definition, instead of a new one.

The amendment also changes to definition of a “school-issued device” to require that the device be for “dedicated student use,” instead of “dedicated personal use.” We do not see this as a major change, in that devices (for example, a school computer) are covered under the law only where they are provided to the student for their own use. The law also changes the definition of “student” to include individuals currently enrolled in any of grades kindergarten through 12, and excludes applicants and formerly enrolled students.

Lastly, except as noted below for the annual contract notice, the law excludes from the definition of “technology provider” any county board of DD, ESC, ITC, assessment provider, curriculum provider, and other city, local, exempted village, or joint vocational school districts that have a service contract with a school district that includes providing students with school-issued devices.

Vendor Contracts

Districts are still required to have appropriate security safeguards for education records, including through their “technology providers” and contracts with those providers. Remember though, the definition of “technology provider” is now narrower, so those statutory contractual and other security mandates no longer apply to any county board of DD, ESC, ITC, assessment provider, curriculum provider, and other city, local, exempted village, or joint vocational school districts that have a service contract with a school district that includes providing students with school-issued devices. 

Notably, the law continues to require districts to provide parents and students notice by August 1 each year of any curriculum, testing, or assessment technology provider contract affecting a student's education records. This notice must include all curriculum, testing, or assessment technology providers, even if that provider is a county board of DD, ESC, ITC, assessment provider, curriculum provider, or other city, local, exempted village, or joint vocational school district that is not otherwise covered by the law. 

Districts may want to review their vendor contracts anew, to determine which contracts are now covered by the amended SB 29.

Licensure Disciplinary Action

The new law also clarifies that the state may take licensure action against an educator who purposely uses or intentionally releases confidential student information for a non-instructional purpose. The additional language makes clear the release of student information must be with intent, not an accidental disclosure.

Career-Tech License

The new law also addresses career-technical educator licenses. It specifically permits an applicant – instead of just the employing school district – to apply for a career-tech educator license. The applicant no longer needs a job offer to get a license. The new law also allows individuals with an employment offer to enroll in alternative educator preparation programs.