In addition to federal laws, state laws often add extra layers of data protection. For example, states like California and New York have specific regulations (like SOPIPA or Education Law 2-d) that require strict data security and vendor agreements. This means that a standard, one-size-fits-all privacy policy is not enough.
The general takeaway for teachers is simple: Districts maintain an approved list of tools. These are the tools that have successfully signed legal agreements (sometimes called a CSDPA or similar data privacy agreement) to protect student data according to all federal and state laws. Before using any new AI product, always check this approved list or confirm its use with your school administrator. If it’s not on the list, do not use it for school purposes
