N.C. OKs Reasonable Security Standard for Student Data

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Andrew M. Ballard

June 9 — North Carolina recently enacted a bill ( H.B. 632) that aims to protect students' personally identifiable information online.

Under the new law, effective Oct. 1, companies that provide online or mobile application services for K-12 schools will be required to implement and maintain “reasonable security procedures and practices” to protect student information. Such companies also will be required to delete student information within 45 days of a request by the school, local board of education or if contracted services are completed.

The legislation, assigned Session Law number 2016-11, also prohibits online educational service providers from using or disclosing student information except for school purposes, with certain limited exceptions, and prohibits them from engaging in direct advertising to the students.

Some Uses Allowed

Online educational service providers may still use information “not associated with an identified student” to improve their services and products and for marketing purposes. The requirements also don't apply to “general audience” Internet sites.

H.B. 632 unanimously passed both the state House of Representatives and Senate and was signed into law by Gov. Pat McCrory (R) June 8, a development the legislature posted the following day.

To contact the reporter on this story: Andrew M. Ballard in Raleigh, N.C., at aballard@bna.com

To contact the editor responsible for this story: Daniel R. Stoller at dstoller@bna.com

For More Information

Full text of H.B. 632 is available at http://src.bna.com/fLJ.