Education Framework Blog

Focused on the Future of Education in America

Transparency and the Art of Protecting Student Privacy | SEEN Magazine

I have written a thought leadership piece for SEEN Magazine that discusses the importance of transparency in protecting student privacy. For sake of brevity, I have posted an edited version below that hits on the finer points.


School improvement efforts have driven data collection to new and alarming heights in recent years. Many argue that data is essential for improving students’ achievement in schools and preparing them for success in life, while others feel this holds true only if privacy, safety and security considerations are integrated from the start and implemented throughout.

Data, when collected and used correctly, brings value to schools and students; when amassed in a cloak of secrecy, without clear and discernible goals, screams trouble. Transparency plays an important role in protecting student privacy. For schools, focusing on areas of safety, security and trust are key to implementing effective student privacy initiatives.

Data Collection And Privacy

Schools today collect and use student data for various purposes. The general understanding is that data helps teachers and administrators make informed decisions based on empirical evidence. In a nutshell, data helps educators determine what is working and what is not.

Safeguarding student information starts with establishing clear lines of communication and employing transparency measures from the get-go. In order to eliminate confusion and foster greater support for the overall effort, it is vital that school and district leaders share what they are doing in a way that’s upfront, open and honest. Additionally, providing the proper services, support and training gives students, parents, and educators the tools, knowledge and skills they need to confidently handle this new responsibility.

Transparency And Accountability

Parental backlash is a real and pressing issue that educators are grappling with these days. Widespread concerns over the extensive amounts of data being collected in schools by private and public agencies have prompted many parents to speak out in opposition. While some are demanding to know what information is being collected from students, others are seeking a clearer understanding of the intent, its safety, and its security.

As parents press for greater transparency, and lawmakers push for greater accountability, school and district administrators, IT directors and school board members are finding themselves uncomfortably caught in the crosshairs. This is forcing education leaders across the nation to quickly and seriously reconsider their current approach to managing student privacy.

Safety and security

The conversation surrounding student privacy often comes down to safety. Parents need assurance that their children are safe while at school, both physically and virtually. They want a greater understanding of what is going on in the classroom, what digital tools are being used, what information is being collected from them, for what purposes and for how long.

Schools are no exception. Focus on physical protection of students has come to include digital security protection against cyber threats and intrusions. In response, schools and districts are reallocating resources to ensure adequate safety and security systems are in place.

Trust And Understanding

Trust plays a key role in managing student privacy because it is the proverbial glue that binds everyone and everything together. When supported by trust, successful privacy initiatives are engaging, empowering and effective.

Building trust starts with providing clearly defined goals and objectives that serve as a guide to understanding. In order to believe in the vision, participants need a comprehensive understanding of the big picture. Providing this offers a sense of ownership and some semblance of control.

Takeaways

Protecting student data is an ongoing and continual effort that demands attention, communication, collaboration, cooperation and understanding on broad and comprehensive levels. Taking precautionary steps in advance, openly communicating privacy plans and employing transparency and accountability measures from the start will help ensure privacy is protected and students are safe.



Is Your School or District Really Protecting Student Data Privacy? Here’s How to Tell.


For all the talk about student privacy – what it is, how to protect it, why it matters – there’s one question that receives precious little attention: How do you quantify student privacy? How do you measure it? How do you know that you’re actually protecting student data, and you’re doing it “right”?

 

There are various answers to that question, some obviously more quantitative than others. But what it comes down to is being knowledgeable about the online technologies your students are using in the classroom, understanding how third party vendors are utilizing the data they have access to, and having the ability to communicate this information in a clear and concise manner - to parents, teachers, administrators, board members and policy makers, alike.

 

This process starts with understanding what online technologies your students are using and whether or not they are safely protecting student data privacy.

 

Keep Tabs on Technology Usage in Schools

 

Today’s students use hundreds of different apps, websites and programs in school, and while the potential for growth and development is tremendous, keeping track of all this information can be a mountainous load of work.

 

Understanding whether an app or website is safe for students first involves knowing what the third party vendor does with the data they collect, how they store it, whether or not they share it, and ultimately how they plan to dispose of it.

 

This type of review needs to happen for each and every online technology (app, website, program…) suggested for use in the classroom before it is ever approved for use by students. And once it has been determined that it is safe for use in the classroom, continual monitoring is necessary so you know if and when privacy policies change - which they can, and often do.

 

Yet despite this being the cornerstone to protecting student privacy, it’s often viewed as a burdensome task that nobody wants to do. But the fact remains that in order to properly protect student data, somebody has to commit to proactively protecting it, in an ongoing, full-time, administrative capacity.  

 

Understanding that and focusing on a few key factors can help any school or district get ahead.

 

Know Where You Stand

 

Properly assessing online technologies, continuously vetting third party vendors, and giving educators the tools they need to make informed technology decisions are all efforts that minimize the risk of inadvertently exposing student data to misuse or abuse.

 

And while conducting a comprehensive audit of technology usage is a solid first step towards understanding the health and vitality of your privacy initiatives, creating an ongoing list of the apps and websites used in the classroom, keeping track of the online technologies used by students, and regularly monitoring them for changes are all proactive efforts to will help to better protect student data privacy.

 

The next step is to conduct a thorough privacy assessment for each online learning technology to establish a general understanding of the individual safety, security and privacy of the apps and websites currently in use. Those apps and websites that meet the necessary requirements can be approved for usage in the classroom, while those that fail to meet state, federal or district privacy requirements should either be removed or further assessed before they are allowed to be used by students. But it's worth noting that in certain instances, technologies that fall short of certain mandates may still be used in the classroom, they just need to have signed parental consent in order to do so legally. 


Considering the importance of parental approval, it’s wise for schools and districts to have defined method in place to distribute, collect, store and retrieve information in an orderly and timely manner. Knowing precisely what data is being used, by whom and for what purpose enables you see the big picture, to take charge of your privacy initiatives, and to establish control when and where it is most needed.

 

Regularly Monitor Online Technology Usage

 

Keeping up with the demands of student privacy can be a lot for schools to take on. Understanding the safety and privacy of online technologies is often a full-time job, in and of itself. So it’s important to remember that protecting student data privacy is an ongoing effort that requires regular checks and balances. Because companies often alter their contracts after the fact - leaving student data exposed for misuse or abuse - remembering to regularly monitor policies for changes is an important part of properly protecting student data.

 

One option is to implement solutions that utilize automation to do much of the work for you. By automating the privacy process, schools and districts can observe, monitor and adjust accordingly, making improvements based on real-time actionable data. Through the use of student privacy analytic tools, educators are better positioned to understand the safety and security of their student privacy efforts and can quickly and easily plan for change based on the information available.


A bit less formally, but no less importantly, there are some key qualities that define a truly proactive student privacy initiative —and if you want to know what kind of progress you’re making when it comes to protecting student privacy, looking for these qualities can be a good beginning.


Here are some ways you can tell that your organization has achieved a healthy measure of privacy protection:


1. You have a clearly defined, year-round strategy in place. 


Start by asking yourself this question: Is student privacy something you push hard for a week or two a year, but keep on the back burner for the rest of the time? Or do you have a full-time privacy plan in place that helps direct your privacy initiatives and drive successful outcomes?


How regularly do you review third party vendor contracts to ensure they haven’t changed their terms of service agreements? Is it something you address every so often, once or twice a year, or possibly not at all? Or do you have a system in place that monitors third party vendor contracts for changes on a regular on-going basis, enabling you to know immediately if and when a change occurs?


Answering questions like these, establishing plans and procedures, and communicating what is going to parents reveals much about a school or districts’ intentions, priorities, and potential protection level.


2. You engage parents in the privacy conversation.


Is parental engagement part of your plan? Do you have a way to communicate what apps and websites are being used by their children in the classroom? Do you have a way to obtain parental consent, particularly for those schools and districts with students 13 and under? And do you have a method in place to quickly and easily retrieve information at a moment’s notice when requested by a parent?


Providing a method to engage parents in the privacy conversation helps keep them current with what is happening in the classroom and informed about their child’s technology usage while at school.


Transparency and accountability measures, such as these, go a long way towards eliminating unnecessary worries and building trust with parents and schools.


3. You have formal structures in place to check for privacy. 


Remember the student privacy analytic tools I mentioned above? Well, having a program in place that keeps track of all the apps and websites used by students is a sound way to better understand the technology usage in the classroom.


Knowing the privacy of online learning technologies used by students in schools offers an added level of safety and security, and provides an extraordinary level of insight into the effectiveness of your technology initiatives.  


4. You have a formal method to obtain parental consent. 


In addition to having access to a library of apps and websites safe for use, educators often need a way to obtain parental consent when using certain technologies in the classroom. Of course this, along with all the other items listed above can be done manually, but for those education leaders that really want to get ahead, deploying a paperless, digital solution is really the most efficient and effective way to go.


By eliminating the paper pushing processes of the past, schools and districts now have a safe and sustainable method to obtain, store and retrieve parental consent with the click of a button. While utilizing paper forms is an acceptable method, online, paperless options are far less wasteful and easier keep track of. 


5. You know why student privacy matters. 


A final consideration: Do you know why protecting student privacy is so important? Do you have a clearly defined plan in place to protect your students and your school that breaks down exactly what you’re trying to achieve?


Having a clear sense of goals and expectations is critical to achieving successful privacy outcomes. Understanding what you want to do, how you plan to do it, and who is going to help you along the way are all hallmarks of a solid student privacy plan.


Bottom Line


Whether you working towards improving your current system, or are just looking for ways to affect change, start by answering these kinds of questions to ensure you are on the right track.


Establish a plan, be knowledgeable about the online technologies your students are using in the classroom, understand how third party vendors are utilizing the data they have access to, and have a way to quickly and easily communicate this information to parents in a clear and concise manner. Following these steps will help your school or district get ahead when it comes to protecting student privacy.


Does your student privacy initiative have the hallmarks of success? As a student data privacy advocate, I know that this is a topic many education leaders are wrestling with. I hope you find this quick checklist to be helpful!


The Importance of Automation in Protecting Student Data Privacy


If you visit Apple’s iPad in Education page one of the first things you’ll see is this: 

“The App Store features over 80,000 education apps — designed especially for iPad — that cover a wide range of subjects for every grade level and learning style.”

Over 80,000 apps.

Now, unless your district is the one district in the country with an IT department and teachers with a whole lot of time on their hands, your staff doesn’t have the time to go through each app and countless websites to ensure their student data privacy policies are up to your district’s requirements.

 A mish-mash of federal laws, state and local laws, industry standards and each app company writing their own rules make it even harder to know that what you’re agreeing to fulfills your present legal requirement.

Short of reading hundreds or even thousands of Terms of Services for each app and website your teachers use, you have no idea how apps are storing your data, what information they are collecting, when they delete it, or who has final say over the data.

It can take 20 minutes or more to read, complete and approve one policy for one app or website. 

Multiply that by the thousands of apps and websites a district with multiple schools over twelve grade levels can use and you can see how this can quickly turn into hundreds of hours of work. 

Add the task of monitoring policies for changes and reassessing approval when there is a change and the task becomes a full-time job. 

Finally, expecting that person to also keep up with changing legislation and understanding the nuances in legal language and it becomes impossible. 

The result right now is many districts just not doing the work, putting their student data at risk for abuse and their schools at risk for litigation.

Of course, there’s a smarter way: automation. 

By automating the approval process for student privacy, you free up hours of time while knowing the job is getting done correctly.

EdProtect by Education Framework is one such solution that automates the entire process for you, taking the guesswork out of managing student privacy. 

This approach ensures student data privacy compliance for you by analyzing the apps and websites your district uses and monitoring their privacy policies to see if they are aligned with the standards you set. 

When an app policy or the law changes, EdProtect lets you know in plain language if the app is no longer in compliance, giving you the opportunity to keep using the app or not.

What would need to be a full-time job to do well can be done by our software automatically in the background, alerting you only when you need to make a decision. 

With EdProtect, teachers, administrators, and parents know exactly how student data is being used in schools, ensuring complete compliance with all laws and peace of mind for all involved. 

As student data privacy become more and more both the expected standard and the legal requirement, automation of student data privacy policy management is the best and perhaps only way to ensure complete compliance, provide transparency for parents, and reduce the risk of fines from the misuse of student information.

Now is the time to make a commitment to protecting student data. 

Get started today with our FREE Policy Change Monitor, and learn more about how EdProtect makes protecting your students simple


Secret to Student Privacy

In previous posts, I’ve shared tips to help you better understand the rules and laws governing student privacy. I’ve provided resources to guide and assist you in navigating the student privacy quagmire, and I’ve offered recommendations to help you proactively manage your student privacy obligations with transparency and accountability. Today I address the importance of educator buy-in; a key component to consider when creating, designing and implementing a successful student privacy program in your school or district.

Managing student privacy is no simple task. Implementing a successful student privacy initiative takes a lot of work. It involves considerable amounts of time, commitment, and resources - three things most schools and districts are already running short of. But despite any perceived limitations, it is vital that educators understand the importance of student privacy and make concerted efforts to ensure student information is safe, secure and protected.

Investing in protecting student privacy is a worthwhile endeavor.

It is important to give student privacy the attention that it rightfully deserves. This starts with fostering the belief that protecting student privacy is, indeed, a valid, pressing and necessary cause, worthy of our time and consideration. It involves cultivating a mindset where everyone understands that protecting student data is no single person or department’s responsibility – instead, it is everyone’s responsibility. It requires establishing clearly defined roles, and thoughtfully laid out plans that incorporate transparency and accountability measures into your everyday thinking. And it demands putting teachers on the front lines as the guardians of student information, while providing them with the support, training and tools they need to learn, grow and excel. Because without teacher understanding, support and essential buy-in, there is little likelihood of success.

Teacher empowerment is crucial to success.

Teachers play a critical role in implementing successful student privacy initiatives, no ifs, ands or buts about it. Teachers are the first touch point for parents and students. They are the ones with the greatest understanding of what’s really going on in the classroom; their fingers directly on the pulse of learning. They know which apps and websites are being used, who is using them, and how they are being used. They see first-hand who they help and who they hinder. And they understand, be it good, bad or ugly, the value that each piece of technology brings to the table. They are the ones with the knowledge. Yet, despite the value that teachers offer, they are often left out of the planning conversation. 

It's ironic that many decisions affecting technology usage in schools are often made outside of the classroom, at the administrative level, and absent of teacher input. But just as IT directors, school and district administrators, state and local policymakers, and even parents have a uniquely qualified perspective when it comes to protecting student privacy, teachers do too. Theirs, in particular, should be of legitimate concern, with administrators and policymakers giving weighty consideration to their point-of-view. Unfortunately, that is rarely the case. This discouraging disconnect is a weakness that jeopardizes privacy efforts in schools and districts across the nation.

Protecting student privacy is everyone’s responsibility.

It is time that we start looking at the big picture when it comes data use in our schools. We can no longer presume that someone else is taking responsibility for protecting student data, because more often than not, they're not. The sooner we all acknowledge that, the better we will be.

It’s important that everybody with a stake in education – students, parents, teachers, administrators and policymakers, come together to ensure concrete efforts are in place to protect student privacy. This means properly vetting apps and websites before they are approved for usage in the classroom. It means thoroughly reading privacy policies, understanding what information is being collected from students, and knowing exactly how the data is being used. It also means staying current with local, state and federal laws and regulations, and establishing clearly defined objectives that outline what is acceptable in your state, school or district, and what is not. Communicating this information clearly is key to minimizing confusion.

It’s also important that schools and districts engage participants from the onset by providing clearly defined plans and procedures. This fosters unequivocal understanding of the vision from the start, and minimizes any confusion or misinterpretation throughout its application. Providing regular communication, like posting real-time updates via an easy-to-access school or district website engages parents, teachers and administrators in the privacy conversation and ensures privacy efforts are being addressed at each and every level. Through the creation of easy-to-read guidelines and clearly defined protocols, schools and districts empower their thought leaders to share in the privacy responsibility.

The importance of educator buy-in

A successful student data privacy initiative is built upon a foundation of trust and communication, with integrity, transparency and accountability at its core. It requires dedicated time, energy and resources to thrive and succeed. But in order to function properly, it also needs educator advocacy. 

Giving teachers a say in this matter goes a long way towards making inroads to change. It helps them be a part of the solution, instead of a source of the problem. But in order to do this effectively, teachers need the necessary tools to help them learn, improve and prosper; ones that allow them to make thoughtful, calculated decisions based on empirical data. It’s really that simple.

The secret to properly protecting student privacy is putting teachers in the driver’s seat. This ensures that privacy is being considered from the boardroom to the classroom, with the student at the center of the discussion. It's time for schools and districts to reevaluate the role that teachers play in safeguarding student data and empower them to be the gatekeepers.  The sooner this occurs, the better off we will be. 

Do you agree? I'd love to hear your thoughts! I encourage you to post your comments below.

2016: The Year of Student Privacy


If we had to use one word to sum up the current state of student privacy, we would have to go with “complexity.” Technology has become more and more entwined in our schools and into students’ lives; pilot programs like iPads will soon become standard at every school and grade level. Elementary school children who used to learn the Three Rs are now learning things like programming, robotics and engineering. Rote memorization has been replaced with gamified learning. And what would be early-adopter technology for this year’s kindergartner, like wearable tech and virtual reality, may be a standard educational tool by time she becomes a sixth grader.

While technology will always move faster than legislation, all levels of government are feverously working to spell out the rules for how we treat student data. As with any legislation, there are many different interest groups with different ideologies and priorities. A simple question like “Who is responsible for student data?” will be answered very differently by state legislators, local school boards, teachers, parents and technology companies; each wants control while shielding themselves from any liability.

And liability is a reality. Right now your student data is at risk with grave consequences. We live in an age where Fortune 500 companies are routinely hacked, exposing the sensitive data of millions of customers for all to see and steal with the click of a mouse. If all the resources of companies like Target, Sony and Home Depot can’t protect their data, what hope does the average overworked, underfunded school district IT department have? Not only do they need to protect from outside threats (or mischievous students); they need to protect the data from their software vendors who may want to collect it for marketing purposes. Short of reading hundreds of ever-changing Terms of Services for every app and software your district uses, you have no idea how your vendors use the data they collect, where they store it, when they delete it, who has final control over it or perhaps even how to access it. 

Because of all this complexity, we believe this is the year student data becomes one of the most important issues facing a school district. The choices schools, legislators and technology companies make over the next 12 months may end up being the foundation for what is considered standard in student privacy.

We created EdProtect to give schools the choice of the highest level of student data privacy possible. Because we’re not just developers; we’re parents. We’re as excited by all the new technology in schools as anyone, and wholeheartedly believe in the power of technology to help our kids learn. But we’re also increasingly concerned about the security of student data. And we’re not alone: 87% of parents surveyed are worried their child’s information can be stolen, with 85% responding that their willingness to support technology in schools must be coupled with efforts to ensure security.

Whether you are ready or not, this is the year your school needs to make a commitment to protecting student data. Learn more about how our tools make ensuring student privacy simple and sign up for a free demonstration today.

Who is Responsible for Protecting Student Data?


In a perfect world, student data would belong solely to the student. In practice, the responsibility for student data is shared by anyone who has contact with that data, including teachers, administrators, IT departments, school districts, software developers and parents. As such, there are often competing philosophies for how much or how little student data is collected and shared. Today we are talking about how you can manage student data in a way that best satisfies parents, your school districts, and the law.

The first step, after understanding your requirements under state and federal law, is to create written policies and provide the resources required to support data protection. These policies should be crafted in a way that ensure front-line teachers and administrators are using the tools and processes necessary for optimal data protection. The Privacy Technical Assistance Center has created a checklist for developing school district privacy programs that should help you get started. In addition, a data governance team should be created, within the district, to recommend new policies and best practices related to data use, to collect feedback, and to conduct compliance audits. Perhaps the team’s greatest responsibility will be acting as an advocate for resources and investment into student privacy, such as training, technical assistance and data coaches.

Second, you should work with your local, state and federal government representatives to advocate for consistent policies and support across the state. By advocating for strong, consistent laws across school district lines based on transparency and accountability, schools and software makers will find it easier to be in compliance, reducing costs and ensuring stronger, more robust data protection for schools. Talk to legislators and policymakers about the importance of secure student data, and their role in ensuring consistent regulations across state lines. The more you can be part of the conversation, the more you can ensure new laws and policies are crafted with your concerns in mind.

Next, understand how your software and service providers use student data. Each app, website and program your students use is limited in how they can use the data they collect and manage. For example, they are prohibited by law from using or disclosing student data for commercial purposes like advertising without parental consent. However, with schools using hundreds of different apps and websites, it can be difficult to weed through countless Terms of Services documents to ensure compliance. Tools like EdProtect make it easy for teachers and administrators to review individual apps and websites, and know at-a-glance whether they comply with state and federal regulations. At the same time, schools are equally responsible for ensuring their contracts with vendors spell out specific requirements for student data privacy, such as stating the district retains ownership of all data, and that the service provider is prohibited from using data in any way they aren’t explicitly given permission for.

Finally, and most importantly, make sure you are constantly communicating your plans to others responsible for student data, with special attention given to parents. By engaging parents in an ongoing conversation about their student’s data, together you'll ensure that the data is safe and secure. Ways to engage parents include sharing lists of apps and websites their children use and posting the safety ratings of those apps and websites on an easy-to-access district website. Report any changes to privacy policies, and obtain parental approval when necessary. Doing so actively draws parents into the conversation and assures them that their child's data is a priority in your school district.

The responsibility for student data belongs to all of us. We help make it easier to do your part with tools that protect your students from data abuse and your district from costly fines and litigation. 

To learn how EdProtect makes your job easier, sign up for a free demonstration today.

K-12 Data Privacy & Training - Is there a missing link?

Education Week released an interesting piece on the need for improved training when managing student privacy. 

Entitled Why K-12 Data Privacy Training Needs to Improve, the article addresses a valid concern for many.


...(despite) bills at both the state and federal levels raising awareness of the need to better protect and secure student data, attention to training is still limited. Experts say greater emphasis should be placed on educating the educators, especially given the privacy threats that can come from using online homework portals, digital grade books, or student email programs.

Read full article here > 

Oregon Company Chosen as Finalists in International Pitch Fest

Edtech Start-up Develops Student Privacy & Parental Consent Solution for Schools

Education Framework Inc. earned a top spot in the final round of the ISTE Ed Tech Start-up Pitch Fest 2015. The Bend-based company presented their student privacy and parental consent solution, EdProtect, to a crowd of conference attendees and industry judges at the annual International Society for Technology in Education (ISTE) conference in Philadelphia. They were chosen as top finalists along with three other companies, Mathspace, Cogent and Zyrobotics, to present in the final round tomorrow at 11:30am (EST). Awards will be presented to the “Most Innovative” and the “Most Likely to Succeed” product or service.

ISTE has partnered with Edmix.com to organize and manage ISTE Pitch Fest 2015. Edmix helps educators build links into the digital industry through a series of edtech programs and competitions designed to recognize excellence.

ISTE welcomed applications from all across the globe. Ideas and start-up businesses were encouraged to apply, whether at the concept state, in pilot-mode, or already in the early stages of start-up. The finalists were chosen from more than 100 applicants.

Education Framework has created software that protects student data privacy. EdProtect is the first-ever, online student data privacy and parental consent manager for schools. It assesses the safety of apps and websites used in the classroom, engages parents, teachers, and administrators in the privacy conversation, and manages the entire process with transparency and accountability.

About Education Framework Inc.: Education Framework is an Ed Tech start-up, based in Bend, OR. The company develops enterprise compliance software for U.S. K-12 schools. Education Framework offers a unique next-gen strategic approach to managing student privacy. They can scale from small schools and districts, to state departments of education. For more information, please visit www.educationframework.com.

Student Privacy Bill Passes OR House Over Objections by Tech Giants

Lawmakers in the Oregon House approved a bill Wednesday that tightens online privacy protections for students. It passed 53-4, with Reps. Jodi Hack, R-Salem; Julie Parrish, R-Tualatin; Bill Post, R-Keizer; and Mike Nearman, R-Dallas, voting “no.”

The bill was approved by the Oregon Senate in April, but ran into opposition in the House after lobbying by technology giants like Facebook and Amazon. The companies pushed for an amendment to SB 187A that would have given parents the chance to opt-in to sharing more student data. Lobbyist group TechNet said they didn’t want the data to sell products to students.

Privacy bill supporter Attorney General Ellen Rosenblum said the tech companies’ amendment could have put student information at risk.

The bill had the support of the teachers’ union, school boards, the Oregon Parent Teachers Association and the ACLU, and now heads to Governor Kate Brown.

Read full article here.



DQC EdData Privacy Update

According to the recent EdData Privacy Update by Rachel Anderson at the Data Quality Campaign (DQC), over 30 new student data privacy bills have been introduced since last month. That means that as of today, 42 states have introduced 170 student privacy bills, and three states have now signed eight student data privacy bills into law. 

Within this diverse array of new laws, two critical themes seem to be on the minds of state legislators: the role of third-party service providers and how to best support and build capacity at the local level. As states and districts increasingly work with service providers to make the most of their education data, states are working to update their laws and policies and ensure their districts have the model policies, leadership, and guidance they need to be successful.