The nonprofit professional association surveyed more than 400 K-12 ed-tech leaders across 39 states and the District of Columbia between June and October 2024 to find out what districts need to do to improve student data privacy. Lack of defined leadership and expertise in this area were among the key findings.
Part one of the report lays out those and other survey results in a 55-page document that includes recommendations and resources to improve student data privacy. Close to half the ed-tech leaders surveyed said they need guidance on state and federal student data privacy laws, and more than a third cited financial constraints as a barrier to improvement. Sixty percent of respondents said they don’t have the time and personnel needed to support student data privacy.
“Bear in mind that technology, privacy and security are separate disciplines, each requiring special expertise,” the report states. “Thus, an individual who applied for a job as a technology or information officer would not necessarily have — nor would they be required to have — privacy or security expertise if it was not listed as a required job responsibility and qualification.”
Despite the lack of references to student data privacy in K-12 tech job descriptions, 88 percent of surveyed ed-tech leaders told CoSN it’s one of their top-two priorities, along with cybersecurity. What concerns them most about student data privacy is the behavior of district employees and vendors, according to the report.
Seventy-six percent of the leaders surveyed said they were extremely or very concerned about their inability to manage employee privacy practices, and nearly 70 percent said the same about an influx of free and low-cost classroom technologies brought in by teachers. Sixty-three percent said they were extremely or very concerned about understanding ed-tech vendor privacy and security practices.
To address such concerns, the document recommends that ed-tech leaders take a thorough look at their student data privacy policies and practices, and secure focused support from district leadership to follow through on any necessary improvements.
To help schools take on these recommendations, the report lists a number of CoSN resources, including three student data privacy toolkits, the Trusted Learning Environment (TLE) State Partnership Program, and the TLE Seal Program for individual districts. The TLE programs involve CoSN assistance for state and district leaders as they work to meet the association’s standards for student data privacy.
Part two of the report takes a closer look at survey responses from school districts that have met CoSN's TLE standards compared to those that have not. This 43-page document shows that TLE districts tend to outperform others in terms of the breadth and maturity of their student data privacy programs.
For example, it states that 100 percent of the ed-tech leaders surveyed who are responsible for student data privacy in TLE districts said they have received relevant privacy training, compared to 83 percent in non-TLE districts. In addition, 42 percent of ed-tech leaders in non-TLE districts said they lack sufficient district privacy policies to guide practices, compared to 24 percent of those in districts that participate in TLE programs.
“The 2025 National Student Data Privacy Report underscores the urgent need for stronger leadership, training and resources to protect student data in an increasingly digital world,” CoSN CEO Keith Krueger said in a public statement. “The report provides a road map for districts to build stronger, more resilient privacy programs and highlights the significant impact of CoSN’s Trusted Learning Environment Seal in fostering leadership alignment and cross-departmental collaboration.”
