Privacy & Information Security Law Blog

Legislators in New Hampshire and Oregon recently passed bills designed to protect the online privacy of students in kindergarten through 12th grade.

On June 11, 2015, New Hampshire Governor Maggie Hassan (D-NH) signed H.B. 520, a bipartisan bill that requires operators of websites, online platforms and applications targeting students and their families (“Operators”) to create and maintain “reasonable” security procedures to protect certain covered information about students. H.B. 520 also prohibits Operators from using covered information for targeted advertising. H.B. 520 defines covered information broadly as “personally identifiable information or materials,” including name, address, date of birth, telephone number and educational records, provided to Operators by students, their schools, their parents or legal guardians, or otherwise gathered by the Operators.

Governor Hassan said that technology “is an essential component of the 21st century innovation economy” and plays an important and growing role in the classroom. She added that H.B. 520 protects New Hampshire students against threats to their privacy while enabling them to participate in that economy. H.B. 520 takes effect on January 1, 2016.

On June 10, 2015, the Oregon legislature passed S.B. 187, providing similar protections to K-12 students’ personal information and restricting the use of that information by Operators. The bill defines “covered information” in the same way as the New Hampshire student privacy bill and applies to the same types of Operators. S.B. 187 prohibits selling student information and presenting students with targeted advertisements. Operators also may not disclose student information to third parties, except in limited circumstances, but may use “de-identified student information” to improve or market the effectiveness of their products. Legislators rejected proposals backed by the technology industry that would have allowed students ages 12 and older to consent to the use and disclosure of covered information.

S.B. 187 grants the Oregon Attorney General enforcement power under the state’s consumer protection statute. Governor Kate Brown (D-OR) is expected to sign the bill, which would take effect on July 1, 2016.

Both New Hampshire and Oregon modeled their student privacy legislation on California’s Student Online Personal Information Protection Act, which was enacted in 2014.