Ohio Senate Bill 29 comes in to effect from October 24, 2024, and addresses concerns regarding the misuse of student data and undisclosed surveillance on school-issued devices. Specifically, SB29 prohibits the general electronic monitoring or accessing of school-issued devices, and mandates transparency in data collection.

In short, this ultimately prohibits the use of data for non-educational purposes, and includes requirements for data deletion and breach notifications. It also prohibits schools from monitoring or accessing students’ online activities, except for certain specified purposes.

Though the implementation of Ohio Senate Bill 29 looks to improve student data privacy and overall school data security, for those K-12 schools that employ edtech solutions to help keep their students safe and well, there is understandable concern surrounding ongoing compliance.

In this blog, we’ll cover:

• The key rules and provisions of the Ohio Senate Bill 29
• The exceptions and exemptions that fall within compliance
• Which edtech safety and wellness tools are compliant

The Key Ohio Senate Bill 29 Requirements for K-12 Schools

From October 24, Ohio school districts will need to ensure their technology – and technology providers – comply with the updated legislation detailed in the new bill. These are covered in four key sections:

1 | New Public Records Exemption

The introduction of more clearly defined terms, including ‘Education support services data’, now make it explicit that such data is not a public record and may not be released or accessed unless it is a legal requirement.

This new definition requires an awareness rather than any immediate action from school districts. In the future, if there are requests for records meeting the definition of “educational support services data”, those requests must be denied unless otherwise permitted under different statutes, or if the request falls under an exemption.

2 | Licensure Penalties for Release of Confidential Information

One of the more key statutes of Ohio Senate Bill 29 is the new requirement for edtech providers to align with Ohio’s data privacy laws, particularly around student data. This includes wilfully violating student confidentiality, and using confidential student, family, or school-related information – including test supplies and other such resources – in a non-professional way. Financial penalties may be incurred should these terms not be adhere to.

It’s important to note that this particular amendment could affect your district’s student confidentiality policies; keep in mind that these will need updating.

3 | Technology Providers and their Use of Educational Records

As a meaningful first step in creating improved legal expectations between districts and technology providers, schools are now required to include the following terms in their contractual agreements:

• Educational records are the sole property of the school district
• Breach of security protocols, including disclosure to the school district to allow the school district to meet its data security requirements
• Return or destruction of educational records within 90 days of termination or expiration
• No selling, sharing, dissemination, or commercial use of educational records by the tech provider
• Ensure security safeguards for educational records

Ultimately, this will require school districts to provide parents and students with notice of any curriculum, testing, or assessment technology provider contracts by August 1 each year.

School districts can use the remainder of this school year to gather information ahead of August 1, 2025, which will be the initial due date for this action.

4 | Access or Monitoring of Student Activity on School-Issued Devices

Once Ohio Senate Bill 29 is in place, schools will have to provide a greater degree of transparency when accessing or monitoring particular areas of their school-issued devices, especially as this pertains to student activity monitoring.

In summary, the new statute will prohibit the monitoring of:

1. Location tracking features
2. Audio- or visual-receiving, transmitting or recording features
3. Student interactions with a school-issued device, including keystrokes and web-browsing activities

There are, of course, certain exceptional circumstances under which this access and monitoring can still take place; these are detailed in the exemption list below.

The Exceptions that Ensure Schools Fall Within Compliance

For all four of the above statues, there are exceptions within which student data and students’ online activities can still be monitored and accessed by both the school district and technology provider. These specified purposes are as follows:

• Non-commercial educational purpose for instruction, technical support, or exam proctoring
  
• Permitted under a judicial warrant
  
• Location of lost or stolen devices
  
• Prevention of, or response to, a threat to life or safety (where the access is limited to that purpose)
  
• Necessary to comply with federal or state law; or necessary to participate in federal or state funding programs

Which Edtech Safety & Wellness Tools Are Compliant with Ohio Senate Bill 29?

At Securly, we remain steadfast in our commitment to keeping students safe, secure, and ready to learn. And, as part of that ongoing commitment, we’re constantly monitoring and updating our K-12 solutions to ensure they comply with state, federal, and international law.

To put your mind at ease, we’ve covered all of the safety and wellness solutions that we provide which fall under Ohio Senate Bill 29, while also detailing the specific exemptions that apply and what actions schools need to complete to remain compliant.

These details are listed below, or you can download our Ohio SB29 Overview Fact Sheet here.

Web Filtering | Securly Filter

Exemption: Necessary to comply with federal or state law; or necessary to participate in federal or state funding programs

Explanation of Exception: All Ohio districts must implement Enhanced Privacy Mode, which allows monitoring with pseudonymous identifiers and hides the Filter activity feed

Required Actions: All Ohio districts are required to notify parents annually that the district is using Securly Filter under the exemption to comply with federal or state law. If a student activity is unmasked in Filter Enhanced Privacy Mode, then the district is responsible for notifying the parents

Student Wellness Monitoring | Securly Aware

Exemption: Necessary to prevent or respond to a threat to life or safety

Explanation of Exception: All Ohio districts must implement Enhanced Privacy Mode, which allows monitoring with pseudonymous identifiers and hides the Aware activity feed

Required Actions: All Ohio districts are required to notify parents annually that the district is using Securly Aware under the exemption to prevent or respond to a threat to life or safety. If a student activity is unmasked in Aware Enhanced Privacy Mode, then the district is responsible for notifying the parents

Classroom Management Software | Securly Classroom

Exemption: Non-commercial educational purpose for instruction, technical support, or exam-proctoring

Explanation of Exception: N/A

Required Actions: All Ohio districts are required to notify parents annually that the district is using Securly Classroom under the exemption for non-commercial educational purpose for instruction, technical support, or exam-proctoring

Responsible AI Usage & Chat Bot Solution | AI Chat

Exemption: Non-commercial educational purpose for instruction, technical support, or exam-proctoring

Explanation of Exception: All Ohio districts must implement Enhanced Privacy Mode, which allows monitoring with pseudonymous identifiers and hides the AI Chat student history

Required Actions: All Ohio districts are required to notify parents annually that the district is using Securly AI Chat under the exemption for non-commercial educational purpose for instruction, technical support, or exam-proctoring

Edtech Usage Analytics | Securly Reveal

Exemption: Non-commercial educational purpose for instruction, technical support, or exam-proctoring

Explanation of Exception: N/A

Required Actions: All Ohio districts are required to notify parents annually that the district is using Securly Reveal under the exemption for non-commercial educational purpose for instruction, technical support, or exam-proctoring

---

To see which of Securly’s products do not fall under Ohio SB 29, view our fact sheet.

Keep Your Students Safe, Secure, and Ready to Learn with Securly

Like you, Securly work each and every day to keep students and schools safe – and for us, that includes ensuring our K-12 edtech and wellness solutions remain compliant.

Student data privacy has always been one of our key priorities, which is why our tools are safe for Ohio school districts – even after October 24.

Learn more about how Securly keeps your data and students safe:

• Read our blog: Student Activity Monitoring and Analysis: Student Privacy Threat or Potentially Lifesaving Intervention?
• What K-12 School Districts Need to Know about Student Data Privacy
• How School Administrators Can Defend Against New School Safety Threats