Skip to Content Skip to Navigation

On May 22, 2022, Governor Tim Walz of Minnesota officially signed the Minnesota Student Data Privacy Act (MSDPA), also known as H.F. No. 2353, which signifies a monumental step towards protecting student data within educational landscapes. This legislation, which took effect at the onset of the 2022-2023 school year, represents a concerted effort to protect the privacy rights of Minnesota students attending public educational institutions or agencies.

Generate your own Privacy Policy in under 5 minutes

Get Started

Scope & Application

The introduction of the Minnesota Student Data Privacy Act (MSDPA) on May 22, 2022, by Governor Tim Walz marks a significant milestone in Minnesota’s commitment to safeguarding student data within educational environments. This legislative achievement, embodied in H.F. No. 2353, amplifies the state’s efforts to fortify student privacy rights across its public educational institutions and agencies.

The MSDPA casts a wide net, extending its protective embrace over Minnesota students in public educational institutions or agencies. At its core, the Act is designed to shield students from potential surveillance activities arising from the use of “School-Issued Devices.” These devices, integral to modern educational practices, are now subject to robust regulations to preserve student data’s integrity.

An aspect of the MSDPA is its targeted focus on Technology Providers engaged in contractual partnerships with public educational agencies or institutions. These entities, entrusted with managing educational data, are subject to heightened scrutiny and regulatory oversight under the Act. However, it’s important to note that the MSDPA’s jurisdiction excludes Technology Provider contracts with post-secondary institutions or certain agreements with nonprofit national assessment providers.

Key Provisions – Technology Providers

Central to the MSDPA are the provisions delineating the obligations and constraints imposed upon Technology Providers. These encompass a range of stipulations aimed at ensuring the responsible handling and security of educational data, including:

  1. Disclosure of Data Breaches: Mandating prompt disclosure to educational agencies or institutions in case of a breach affecting educational data maintained by the Technology Provider.
  2. Data Destruction or Return: Requiring Technology Providers to initiate the destruction or return of all educational data within ninety days preceding the expiration of the contractual agreement.
  3. Restrictions on Data Usage: Prohibiting the sale, sharing, or dissemination of educational data unless explicitly authorized within the confines of a valid contractual arrangement.
  4. Limitations on Commercial Use: Precluding the utilization of educational data for commercial purposes, marketing, or advertising to students or parents, while permitting the use of aggregated, de-identified data for specified operational enhancements.
  5. Security Safeguards: Enforcing the inclusion of robust security protocols within contractual agreements, ensuring that access to educational data is restricted to authorized personnel solely for official duties.

Transparency & Parental Notification

Embedded within the framework of the MSDPA is a commitment to transparency, parental empowerment, and stakeholder engagement. The Act mandates robust mechanisms for disseminating information and fostering informed decision-making.

  • Transparency Mandates
    Embedded within the MSDPA is a commitment to transparency, parental empowerment, and stakeholder engagement. Recognizing the pivotal role of parents and students in shaping educational outcomes, the Act mandates robust mechanisms for disseminating information and fostering informed decision-making.
  • Parental Notification Requirements
    Public educational agencies and institutions are mandated to provide parents and students with direct and timely notice regarding any curriculum, testing, or assessment technology provider contracts impacting student education data. This proactive disclosure empowers parents and students with critical insights into the contractual landscape governing educational data usage, fostering transparency and accountability within the educational ecosystem.
  • Comprehensive Disclosure
    Furthermore, the notification process is structured to be comprehensive, encompassing detailed information about the involved Technology Provider, the extent of educational data affected, avenues for parental inquiries, and provisions for contract inspection. By equipping stakeholders with this knowledge, the MSDPA cultivates a culture of informed engagement, amplifying parental voices and strengthening student privacy protections.

Navigating School-Issued Devices

School-issued devices serve as potent educational tools but also pose potential privacy risks. Acknowledging this dual nature, the MSDPA establishes guidelines to help navigate educational technology while safeguarding student privacy rights. Under the Act’s provisions, government entities and Technology Providers are unequivocally prohibited from electronically accessing or monitoring specific features of School-Issued Devices, including:

  • Location-tracking functionalities, audio/visual recording capabilities, and student interactions. 

These prohibitions serve as a defense against unwarranted surveillance and data exploitation, upholding the privacy and dignity of students within educational settings.

Exceptions and Balances

The Act recognizes the nuanced dynamics of educational technology usage, carving out exceptions under specified circumstances. From instructional purposes to judicial warrants and imminent threats to life or safety, these exceptions strike a delicate balance between privacy protection and exigent necessity, ensuring that student welfare remains paramount.

Empowering Students & Parents

By fortifying the regulatory framework governing student data privacy, the MSDPA empowers students and parents with enhanced protections against unwarranted surveillance and misuse of educational data. Moreover, it furnishes clarity regarding the ownership of student data held by Technology Providers and delineates requisite protocols in case of a security breach.

In essence, the Minnesota Student Data Privacy Act (MSDPA) committed to prioritizing student privacy in an increasingly digitized educational landscape. Through its provisions and delineation of responsibilities, the Act heralds a new era of accountability, transparency, and empowerment for students, parents, educators, and Technology Providers alike.

Wrapping Up

The Minnesota Student Data Privacy Act (MSDPA) marks a significant step towards enhancing privacy and accountability in educational settings. The Act protects student privacy while navigating technological advancements by providing clear guidelines and empowering stakeholders, including students, parents, educators, and Technology Providers. Let us continue to prioritize students’ rights and create an environment that fosters learning, development, and digital citizenship as we progress into the future.

GetTerms can simplify the complicated task of compliance and allow you to get back to business by addressing multiple items on your compliance checklist, including a cookie policy tailored to your business needs and generating cookie consent banners, we can help. Please take advantage of our services today. Create an account and get started in 5 minutes.

Generate your own Privacy Policy in under 5 minutes

Get Started