Choosing the Right Partners: Student Leaders' Responsibility to Protect Student Data

Skip main navigation (Press Enter).

In a world where data breaches have become commonplace, school leaders' responsibility to protect student data includes choosing partners who recognize the importance of data privacy.

Casey Johnson

Published May 2026

With the rapid growth of technology tools available for the education space — AI, laptops, cellphones, digital curricula, apps for ID cards, and hallway management tools – school district leaders are facing increasing pressure from parents, policymakers, and communities to ensure student data and privacy is a top priority.

According to a recent study by CoSN, 88% of school district leaders, and particularly technology directors, recognize that student data privacy is a top priority. At the same time, schools face significant hurdles in implementing effective privacy protections.

School leaders are finding it challenging to strike a balance between keeping up with new digital tools that enhance learning and security while also ensuring compliance with privacy laws. Unfortunately, there is often a mismatch between the high priority placed on student data privacy and the ability to effectively execute protective measures.

When evaluating new technologies or vendors, district leaders must make student data privacy top of mind. Choosing the right partners and ensuring that they follow strict privacy standards is key. Collaboration between district leaders and vendors should be focused on safeguarding student data and ensuring compliance with relevant laws and policies.

While school districts are focused on ensuring student data privacy, the reality is that many tech vendors face competing priorities. The cost and complexity of compliance can lead companies to prioritize business goals — such as growth or user engagement — over the privacy protections schools need. This disconnect creates challenges for school leaders who need to ensure all technology they use aligns with the district's privacy needs.

The scope of compliance is expensive and complex, and companies sometimes struggle with this perceived “tradeoff” of keeping students safe. According to a recent article in The Atlantic, internal teams at Meta were “divided on whether protecting kids should take precedence over user growth and engagement.”

A similar debate is unfolding online, with increasing scrutiny of vendors’ and partners’ student data privacy policies.

But for school leaders, the choice is clear. The need for companies to turn a profit or increase user engagement can’t take precedence over protecting students in our communities.

The cost and complexity of compliance can lead companies to prioritize business goals — such as growth or user engagement — over the privacy protections schools need.

Making Informed Decisions

To make informed decisions about student data privacy, school leaders must have the tools to assess potential vendors effectively. This includes knowing the right questions to ask and understanding key privacy standards.

When evaluating new technology partners, school leaders should prioritize several important factors, including:

SOC2 or SOC3 Compliance: Ensure SOC2 or SOC 3 compliance. While FERPA is a baseline, SOC2 or SOC3 compliance demonstrates that a vendor has undergone a rigorous audit process, ensuring their data security practices meet high standards.

Background Checks: Require vendors to conduct annual background checks for all employees working with student data or on school premises.

Data Encryption: Ensure vendors have strong data encryption policies to protect sensitive student information.

Sub-processor Transparency: Choose vendors with clear, limited sub-processors and transparency in how student data is handled.

Secure Access: Ensure that vendors provide secure online access, including compliance with PCI standards for payment-related information.

Protecting student data is not just a compliance issue — it's a matter of trust and responsibility.

As school leaders navigate vendor relationships, it's essential that data privacy be a top priority. By asking the right questions, requiring robust security measures and ensuring that privacy standards are embedded in every decision, districts can safeguard students’ information and maintain the confidence of their communities.

The choices made today will shape the future of our students' privacy, and it’s crucial that these decisions reflect the values of safety, transparency, and accountability.

Lifetouch completes thousands of RFPs each year and has developed an industry standard RFP document that can be adapted by school districts as necessary.

About the Author:

Casey Johnson

Casey Johnson is senior marketing director for Lifetouch.

Email: casey.johnson@lifetouch.com

Lifetouch is an Affinity Partner of ASBO International. Learn more about Lifetouch here.

Registration Is Now Open for AC&E 26

Join school business leaders from across the globe at the 2026 Annual Conference & Expo, October 14–16 in Pittsburgh, Pennsylvania. Experience forward-thinking sessions, powerful networking, and practical strategies designed to help you lead with confidence and shape what’s next for your district.

SAVE WITH EARLY BIRD PRICING

Welcome to ASBO

The Association of School Business Officials International (ASBO) provides programs, resources, services, and a global network to school business professionals who are passionate about quality education. We promote the highest standards of school business management, professional growth, and the effective use of educational resources.

Explore member benefits About School Business Now Contact Us

Visit ASBO’s main site for association news and resources.

Choosing the Right Partners: Student Leaders' Responsibility to Protect Student Data

Casey Johnson

Casey Johnson

Registration Is Now Open for AC&E 26

Welcome to ASBO

Follow Us: