The Future of Privacy Forum (FPF), a nonprofit organization that promotes responsible data practices, notes that the CCPA also extends child privacy protections to teens — 13- to 16-year-olds have the right to consent to the collection and selling of their own data.
“This means that students’ PII is protected from preschool through most of high school — so companies and districts should align their compliance plans for the entire PK–12 student population,” writes Katie Onstad, vice president and co-founder of Education Framework, which helps K–12 school districts proactively protect student data privacy, in a blog post.
However, CCPA’s privacy protections for minors only apply to the sale of data. An initiative on the ballot in November will also protect the sharing of children’s data if approved, according to FPF.
DOWNLOAD: This white paper covers best practices for overcoming compliance challenges.
Additionally, experts note that issues may emerge if a parent or student asks a company to delete any personal data that schools are required to collect and maintain for federal and state reporting purposes, Education Week reports. Andrea Bennett, executive director of California IT in Education, tells the publication that there is no provision that addresses that concern.
Experts also say that even though the CCPA’s enactment is a sign of future data privacy laws to come, many educators are still confused about these types of laws, which means that adequate compliance training is still very much needed. “You can pass all the laws that you want in the world,” Leonie Haimson, an advocate for student data privacy, tells Education Week. “If no one’s paying attention to them, they have no real impact on what’s happening in the classroom.”