The New Reality of Student Data Privacy

School Business Insider Episode: The New Reality of Student Data Privacy Host: John Brucato Guest: Amelia Vance, President of the Public Interest Privacy Center Date: January 27, 2026

Episode Overview

This episode of School Business Insider dives deep into the urgent and evolving topic of student data privacy in U.S. schools. With host John Brucato, privacy expert Amelia Vance discusses the challenges of the current legal landscape, parental rights and concerns, implications of emerging technologies like AI, rising distrust of tech providers, and practical next steps for school business leaders seeking to protect students and districts. The conversation is rich in both high-level context and actionable insights, making it essential listening for educators, administrators, and policymakers alike.

Key Topics and Discussion Points

The Chaotic Legal Landscape of Student Data Privacy

A Patchwork of Laws: The U.S. operates under an increasingly tangled web of privacy regulations, including federal laws like FERPA (Family Educational Rights and Privacy Act), more than 140 state laws passed in the last decade, COPPA, and various consumer privacy bills.
- "It's messy. You have our what is it now? I think 52 year old... federal law, FERPA... and then you have well over 140 laws that passed in states over the past decade..." (B, 01:41)
Resource Constraints: Many schools simply lack the resources to meet the high bar set by some cybersecurity and privacy mandates.

FERPA: Still Relevant, But Outdated

History of FERPA: Despite being created in response to concerns over computerized records (in 1974), FERPA remains relevant today but does not adequately address the complexities of third-party vendors and cloud computing.
- "FERPA is absolutely still relevant... it was actually created because of computers... but where FERPA is less useful is when it comes to third parties. Because 50 years ago you didn’t have 10, 20, 30, 40, 50 third parties involved in education." (B, 04:17)
Third-Party Challenges: Modern education depends on numerous outside vendors, making compliance more complex and shifting responsibility for oversight more squarely onto school districts and states.
- “It is the responsibility of the school district... to make sure the vendors are in compliance.” (B, 08:55)
Information Overload and Confusion: The majority of guidance is not easily accessible and may not appear in standard searches, resulting in widespread misinformation.
- "If you read the statute and the regulations, it'll actually give you the wrong impression of what FERPA protects. And that's a massive problem..." (B, 07:58)

State-Led Privacy Initiatives and Enforcement

Enforcement Drives Compliance: The real lever for change is not lawmaking but enforcement. New York’s Education Law Section 2D is cited as having effective enforcement that compels vendor compliance, albeit with significant logistical challenges for districts.
- "But what [NY’s law] does have is the best enforcement mechanisms and setup in the country, and therefore they have the leverage." (B, 27:57)
Duplication and Practicality: Overly strict or duplicative requirements can make compliance feel unattainable, but New York has provided robust, practical guidance.
- "Setting up a law that cannot be followed isn’t a good way to protect anybody." (B, 30:33)

Tech Bans, Parental Rights, and Equity

Device and Screen Time Bans: A wave of cell phone bans and screen time policies is sweeping across several states. These trends are often intertwined with privacy and parental rights advocacy.
- "There was a belief that cell phone bans just couldn't happen... There's now another threshold. Well, we couldn't do cell phones, but we did. So what can we do next?" (B, 14:28)
Threat of "Opt-In" Models: Allowing parents to opt-in or -out of educational tech tools raises new equity issues, as it could undermine FERPA protections, widen the digital divide, and disadvantage students from less-resourced families.
- "You end up with parents being able to waive all protections. FERPA is based on the school needing to do the vetting... if parental consent is the primary driver... you have lost privacy protections..." (B, 18:00)
- "You also have students who... don't have a personal device, are limited in what they can do, and are more heavily monitored by schools as part of that." (B, 19:40)

Political and Public Pressure

Legislative Responses: Activism by a vocal minority is shifting policy conversations in some legislatures toward technology reduction or outright bans, often disregarding scientific consensus.
- "Privacy issues... are often driven by the loudest voices... you had [a Senate] hearing... Three of the four witnesses advocated... allowing parents to opt out of tech. The others pushed for tech to be removed entirely." (B, 22:42)
Science vs. Sensationalism: Recent books and high-profile testimonies amplify extreme, sometimes misinformed perspectives that tech is universally harmful to children.
- "It seems like one could assume... there is scientific consensus that tech is bad for learning, that tech is bad for kids. And that's just not the case." (B, 23:49)
Enforcement as a Deterrent: Real consequences, like fines and investigations (especially in New York), are what get tech vendors and districts to take compliance seriously.
- “The one state that has brought enforcement actions, New York, is the state that has the most vendors worried and focused on compliance. It works.” (B, 26:57)

Artificial Intelligence: Promise and Peril

Public Distrust of AI: Both parents and students are increasingly wary of AI tools in schools, especially in the wake of tragic incidents and sensational news stories involving AI chatbots.
- "Polling has also shown that at the same time, districts are finally more comfortable adopting AI... that is all running directly towards these parents and students... who don't think the promises... have come to fruition and are seriously questioning... tech." (B, 33:01)
- Anecdote: Vance recounts a lawsuit involving a student and ChatGPT, highlighting the lack of safeguards and the dangers of unsupervised use. (B, 33:50)
Tech Vendors Changing Products Without Notice: Instances such as Google’s “cheat button” during exams deepen teacher distrust and fuel anti-tech sentiment.
Congressional Hearings: Recent House and Senate hearings indicate a bipartisan shift toward skepticism regarding AI in education, a significant change from previous years.
- "There’s much more skepticism than there was in previous years... Many, many members sounded more skeptical about AI being used... And you wouldn't have seen those sorts of statements... a year ago, two years ago." (B, 37:27)
Is Regulation Too Late?: While federal action has lagged, state legislatures may still play a critical role in containing inappropriate AI expansion in schools.
- "I don't know that it's going to be Congress that has the most impact here. I think it's going to be state legislatures. I think there's a general agreement... that the horse isn't quite out of the barn yet." (B, 40:38)

Action Steps for School Business Leaders

Adopt Standardized Contracts: Vance strongly recommends using the Student Data Privacy Consortium (SDPC)’s model National Privacy Agreement for all software procurement. This tool is widely adopted, increases leverage over vendors, and supports consistent compliance.
- "You should be using that contract. If you are not using that contract, why? It will make your life so much easier." (B, 44:29)
Leverage Community Resources: Tap into established best practices and shared networks for guidance and support.
- "Lean into the community efforts that people have been working on for years to make your life easier." (B, 45:42)
Enforce Vendor Compliance: Prioritize enforcement strategies, in conjunction with robust documentation and clear communication.
Engage Your Community: Proactively communicate with parents, understand their concerns, and prepare for potential pushback regarding new technologies, especially AI.

Notable Quotes & Memorable Moments

On the Legal Landscape:
"It's messy... if you read the statute and the regulations, it'll actually give you the wrong impression of what FERPA protects. And that's a massive problem..." (B, 01:41 & 07:58)
On State and Enforcement:
“The primary thing is enforcement. And the one state that has brought enforcement actions, New York, is the state that has the most vendors worried and focused on compliance. It works.” (B, 26:57)
On Equity and Tech Choice:
"If parental consent is the primary driver... you have lost privacy protections for kids whose parents may have more time to review things... And you also have students who... don't have a personal device... are more heavily monitored by schools as part of that." (B, 18:00 & 19:40)
On AI Dangers:
"How much have we introduced AI without doing sufficient safety checks or relying on vendors that say, oh, it's fine... What's the worst that could happen? Well, we've seen now the worst that could happen." (B, 33:50)
On Action Steps:
"You should be using [the SDPC] contract. If you are not using that contract, why? It will make your life so much easier." (B, 44:29)

Timestamps for Key Segments

Introduction & Legal Landscape Overview – 00:01–03:41
FERPA’s Relevance and Shortcomings with Modern Tech – 03:36–09:59
The Patchwork of State Laws and Enforcement – 09:59–12:29
Device Bans, Parental Rights, and Equity – 12:29–22:16
Legislative Dynamics & The Role of Enforcement – 22:16–32:37
AI in Schools: Threats, Public Perception & Congressional Attention – 32:37–40:38
Are We Too Late? Federal vs. State Role in Tech Regulation – 40:38–44:14
Action Steps for School Business Leaders – 44:14–46:04

Conclusion

This episode provides a comprehensive, realistic snapshot of the current challenges and opportunities in student data privacy. Amelia Vance’s expertise breaks through the complexity, highlighting the limits of outdated laws, the practicalities of compliance under growing scrutiny, and the shifting sands of technology and public opinion. For school leaders, the call is clear: focus on enforcement, adopt robust privacy agreements, stay engaged with families, and leverage the shared wisdom of the school privacy community to keep students safe and districts protected.

Episode Overview

Key Topics and Discussion Points

The Chaotic Legal Landscape of Student Data Privacy

A Patchwork of Laws: The U.S. operates under an increasingly tangled web of privacy regulations, including federal laws like FERPA (Family Educational Rights and Privacy Act), more than 140 state laws passed in the last decade, COPPA, and various consumer privacy bills.
- "It's messy. You have our what is it now? I think 52 year old... federal law, FERPA... and then you have well over 140 laws that passed in states over the past decade..." (B, 01:41)
Resource Constraints: Many schools simply lack the resources to meet the high bar set by some cybersecurity and privacy mandates.

FERPA: Still Relevant, But Outdated

History of FERPA: Despite being created in response to concerns over computerized records (in 1974), FERPA remains relevant today but does not adequately address the complexities of third-party vendors and cloud computing.
- "FERPA is absolutely still relevant... it was actually created because of computers... but where FERPA is less useful is when it comes to third parties. Because 50 years ago you didn’t have 10, 20, 30, 40, 50 third parties involved in education." (B, 04:17)
Third-Party Challenges: Modern education depends on numerous outside vendors, making compliance more complex and shifting responsibility for oversight more squarely onto school districts and states.
- “It is the responsibility of the school district... to make sure the vendors are in compliance.” (B, 08:55)
Information Overload and Confusion: The majority of guidance is not easily accessible and may not appear in standard searches, resulting in widespread misinformation.
- "If you read the statute and the regulations, it'll actually give you the wrong impression of what FERPA protects. And that's a massive problem..." (B, 07:58)

State-Led Privacy Initiatives and Enforcement

Enforcement Drives Compliance: The real lever for change is not lawmaking but enforcement. New York’s Education Law Section 2D is cited as having effective enforcement that compels vendor compliance, albeit with significant logistical challenges for districts.
- "But what [NY’s law] does have is the best enforcement mechanisms and setup in the country, and therefore they have the leverage." (B, 27:57)
Duplication and Practicality: Overly strict or duplicative requirements can make compliance feel unattainable, but New York has provided robust, practical guidance.
- "Setting up a law that cannot be followed isn’t a good way to protect anybody." (B, 30:33)

Tech Bans, Parental Rights, and Equity

Device and Screen Time Bans: A wave of cell phone bans and screen time policies is sweeping across several states. These trends are often intertwined with privacy and parental rights advocacy.
- "There was a belief that cell phone bans just couldn't happen... There's now another threshold. Well, we couldn't do cell phones, but we did. So what can we do next?" (B, 14:28)
Threat of "Opt-In" Models: Allowing parents to opt-in or -out of educational tech tools raises new equity issues, as it could undermine FERPA protections, widen the digital divide, and disadvantage students from less-resourced families.
- "You end up with parents being able to waive all protections. FERPA is based on the school needing to do the vetting... if parental consent is the primary driver... you have lost privacy protections..." (B, 18:00)
- "You also have students who... don't have a personal device, are limited in what they can do, and are more heavily monitored by schools as part of that." (B, 19:40)

Political and Public Pressure

Legislative Responses: Activism by a vocal minority is shifting policy conversations in some legislatures toward technology reduction or outright bans, often disregarding scientific consensus.
- "Privacy issues... are often driven by the loudest voices... you had [a Senate] hearing... Three of the four witnesses advocated... allowing parents to opt out of tech. The others pushed for tech to be removed entirely." (B, 22:42)
Science vs. Sensationalism: Recent books and high-profile testimonies amplify extreme, sometimes misinformed perspectives that tech is universally harmful to children.
- "It seems like one could assume... there is scientific consensus that tech is bad for learning, that tech is bad for kids. And that's just not the case." (B, 23:49)
Enforcement as a Deterrent: Real consequences, like fines and investigations (especially in New York), are what get tech vendors and districts to take compliance seriously.
- “The one state that has brought enforcement actions, New York, is the state that has the most vendors worried and focused on compliance. It works.” (B, 26:57)

Artificial Intelligence: Promise and Peril

Public Distrust of AI: Both parents and students are increasingly wary of AI tools in schools, especially in the wake of tragic incidents and sensational news stories involving AI chatbots.
- "Polling has also shown that at the same time, districts are finally more comfortable adopting AI... that is all running directly towards these parents and students... who don't think the promises... have come to fruition and are seriously questioning... tech." (B, 33:01)
- Anecdote: Vance recounts a lawsuit involving a student and ChatGPT, highlighting the lack of safeguards and the dangers of unsupervised use. (B, 33:50)
Tech Vendors Changing Products Without Notice: Instances such as Google’s “cheat button” during exams deepen teacher distrust and fuel anti-tech sentiment.
Congressional Hearings: Recent House and Senate hearings indicate a bipartisan shift toward skepticism regarding AI in education, a significant change from previous years.
- "There’s much more skepticism than there was in previous years... Many, many members sounded more skeptical about AI being used... And you wouldn't have seen those sorts of statements... a year ago, two years ago." (B, 37:27)
Is Regulation Too Late?: While federal action has lagged, state legislatures may still play a critical role in containing inappropriate AI expansion in schools.
- "I don't know that it's going to be Congress that has the most impact here. I think it's going to be state legislatures. I think there's a general agreement... that the horse isn't quite out of the barn yet." (B, 40:38)

Action Steps for School Business Leaders

Adopt Standardized Contracts: Vance strongly recommends using the Student Data Privacy Consortium (SDPC)’s model National Privacy Agreement for all software procurement. This tool is widely adopted, increases leverage over vendors, and supports consistent compliance.
- "You should be using that contract. If you are not using that contract, why? It will make your life so much easier." (B, 44:29)
Leverage Community Resources: Tap into established best practices and shared networks for guidance and support.
- "Lean into the community efforts that people have been working on for years to make your life easier." (B, 45:42)
Enforce Vendor Compliance: Prioritize enforcement strategies, in conjunction with robust documentation and clear communication.
Engage Your Community: Proactively communicate with parents, understand their concerns, and prepare for potential pushback regarding new technologies, especially AI.

Notable Quotes & Memorable Moments

On the Legal Landscape:
"It's messy... if you read the statute and the regulations, it'll actually give you the wrong impression of what FERPA protects. And that's a massive problem..." (B, 01:41 & 07:58)
On State and Enforcement:
“The primary thing is enforcement. And the one state that has brought enforcement actions, New York, is the state that has the most vendors worried and focused on compliance. It works.” (B, 26:57)
On Equity and Tech Choice:
"If parental consent is the primary driver... you have lost privacy protections for kids whose parents may have more time to review things... And you also have students who... don't have a personal device... are more heavily monitored by schools as part of that." (B, 18:00 & 19:40)
On AI Dangers:
"How much have we introduced AI without doing sufficient safety checks or relying on vendors that say, oh, it's fine... What's the worst that could happen? Well, we've seen now the worst that could happen." (B, 33:50)
On Action Steps:
"You should be using [the SDPC] contract. If you are not using that contract, why? It will make your life so much easier." (B, 44:29)

Timestamps for Key Segments

Introduction & Legal Landscape Overview – 00:01–03:41
FERPA’s Relevance and Shortcomings with Modern Tech – 03:36–09:59
The Patchwork of State Laws and Enforcement – 09:59–12:29
Device Bans, Parental Rights, and Equity – 12:29–22:16
Legislative Dynamics & The Role of Enforcement – 22:16–32:37
AI in Schools: Threats, Public Perception & Congressional Attention – 32:37–40:38
Are We Too Late? Federal vs. State Role in Tech Regulation – 40:38–44:14
Action Steps for School Business Leaders – 44:14–46:04

wavePod

Summary

Episode Overview

Key Topics and Discussion Points

The Chaotic Legal Landscape of Student Data Privacy

FERPA: Still Relevant, But Outdated

State-Led Privacy Initiatives and Enforcement

Tech Bans, Parental Rights, and Equity

Political and Public Pressure

Artificial Intelligence: Promise and Peril

Action Steps for School Business Leaders

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Conclusion

Summary

Episode Overview

Key Topics and Discussion Points

The Chaotic Legal Landscape of Student Data Privacy

FERPA: Still Relevant, But Outdated

State-Led Privacy Initiatives and Enforcement

Tech Bans, Parental Rights, and Equity

Political and Public Pressure

Artificial Intelligence: Promise and Peril

Action Steps for School Business Leaders

Notable Quotes & Memorable Moments

Timestamps for Key Segments

Conclusion