Every state has its own parameters when it comes to data privacy, cybersecurity, and breach notification. But Texas? Yeah, don’t mess with it. (I know, I went there…)
Understanding the laws that regulate student data privacy is an important part of managing data at your school district. That’s why we’re here to help you out. Let’s explore the nitty gritty of Texas data privacy laws and what you can do to protect student data.
In truth, cybercrime is a nationwide phenomenon in the United States — and it’s getting worse. According to a recent study, cyberattacks increased 57% in 2022. And the worst part? Cybercriminals targeted the education sector more than any other industry.
Suffice to say, the United States has a long way to go in improving cybersecurity, especially when it comes to K-12 education. After all, school districts collect, process, and store massive amounts of sensitive student data. It only takes one data breach to expose personal information which could be used for any number of nefarious purposes, including identity theft.
So, why the focus on Texas? For one, Texas is among the leaders in enacting stronger cybersecurity and student data privacy laws.
Unfortunately, the Lone Star State also has a storied history of data security and privacy incidents over the past few years. Here’s a look at some of the most pertinent cases of compromised student data:
According to WFAA, the Texas Education Agency (TEA) released a list of over 70 districts that had experienced cyberattacks since 2019. However, this list was non-exhaustive. Why? Because per Texas law, schools aren’t required to report cyberattacks to the state agency as long as there’s no evidence that students’ personal information was stolen during the hack. In fact, the Texas legislature doesn’t require them to tell anybody whatsoever (but more on that later).
As the above examples indicate, data privacy is important. If your data security and privacy policies aren’t supported by ample cybersecurity measures every step of the way, your district runs the risk of falling victim in a similar fashion. Schools must also be aware of the Texas data privacy laws that impact them and their third-party technology vendors.
Generally speaking, all districts are subject to federal data privacy laws such as the Children’s Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA). However, the U.S. leaves it up to the state governments to set their own specific cybersecurity and breach notification requirements.
Texas, in particular, has a series of important laws that schools must follow. Let’s take a closer look at each one in more detail:
You can’t have data privacy without data protection, which is exactly what Senate Bill 820 is all about. In June 2019, Governor Greg Abbott signed this bill that requires districts to adopt an effective cybersecurity policy. Specifically, the Texas law mandates all schools to:
Notably, the bill only requires the Coordinator to report an incident to the Texas Education Agency and the parent or guardian of any student whose personal information has been compromised only if it constitutes a breach of security.
Enacted in June 2019, this bill amended the state’s previous breach notification laws, requiring businesses to provide:
The bill also specifically requires that any “person who conducts business in this state and owns or licenses computerized data that includes sensitive personal information” must disclose a breach of security. Thus, this law also applies to Texas school districts.
Originally enacted in 2009, this biometric privacy law prohibits the capture, sale or disclosure of a person’s biometric identifier without their consent. The law has largely lain dormant until recently when the Texas Attorney General brought a suit against Meta for allegedly collecting personal information via facial recognition.
How does this impact school districts? With smart home devices increasingly used in classrooms, one can only imagine the privacy implications in play if that information were to leak to the public.
Obviously, the Texas Student Privacy Act is the law that applies most directly to K-12 education. Enacted in 2017, this privacy legislation prohibits the sale of students’ personal data, bans advertisements to students based on the data they’ve shared with educational institutions or vendors, and broadly prohibits student data disclosure, with some limited exceptions.
What’s notable about this bill is that is defines multiple categories of protected information, including:
In its Biennial Performance Report, the Texas Department of Information Resources asked the state legislature to consider new laws requiring schools to disclose cybersecurity incidents within a standard timeframe. Although nothing is set in stone, it’s worth mentioning that schools should be on the lookout for new Texas data privacy laws that could go into effect in the near future.
Compliance is important, but what’s especially crucial is that your students’ sensitive personal information is kept under wraps and away from prying eyes. Question is: How do you make that happen?
That may seem like a complicated question, but the answer is just the opposite. When you squeeze an additional layer of cloud security between your district’s cloud domain and the threat vectors clawing at your data, you can simplify and streamline data protection — all in one dashboard.
Take ManagedMethods, for example. As a cloud security platform designed for Google Workspace and Microsoft 365, it automatically detects risks that could threaten your data, even the ones previously unseen. For instance, ManagedMethods can identify unauthorized third-party applications and help you remove any that pose a risk to your data. Not only does this help reduce your attack surface, but it also makes data security a painless, easy process.
But, don’t take it from us. Here’s what Cody Walker, director of technology at West Rusk County Consolidated ISD, had to say about the platform:
“ManagedMethods is going to be your best friend. In the beginning, it will relay more information to you than you want to know. But they have an awesome team that stands behind their product. I know a lot of vendors say that, but it’s the truth. From sales to support to the follow-up afterward, they’re committed to helping their customers.”
Want to learn more about how ManagedMethods can help you safeguard student data privacy? Request a free risk assessment today.