Ready for A New Standard in Data Privacy Requirements: Four Steps to Ensure Your Solution is Compliant and How ETIN Can Help

Share |

“. . . as education companies we can't just come up with a great product, show it to teachers, and expect to be successful. Our products and services have to help decision makers with their state and federal compliance and intricately defined funding requirements if we are going to be successful. If we don’t know what these are, we can’t get our products accepted.” Mitch Weisburgh, Managing Partner, Academic Business Advisors

Imagine this: You and your team have guided your solution through a sales cycle, including all the necessary steps to secure funding in next year’s district budget. Educators believe in your product and feel comfortable using it; students love it and demonstrate greater learning and engagement; and it meets all IT requirements. Time to celebrate. Until you get that call: “We’re so sorry. We just found out we can’t purchase or implement any products that don’t meet the new XYZ requirements. Unless you can demonstrate and document full compliance with XYZ to the committee by the end of next week, we’ll have to pass.”

If you’ve spent any time in education or education technology, it’s probably not a stretch to visualize the specter of a similar compliance wake up call. Even the best education products and services can stutter and fail because they are unable to meet and demonstrate compliance with pending or newly passed legislation.

A recent example of this type of legislation is California’s broad new consumer privacy law, the California Consumer Privacy Act (CCPA), passed with stunning speed on June 28, 2018. This new law, scheduled to go into effect in 2020, promises to have a significant impact across industries, leaving many businesses, organizations and municipalities wondering how to effectively comply. The Forbes Tech Council declared it “a wake-up call for everybody in tech.” The law has been compared to the EU’s General Data Protection Regulation (GDPR) in impact and intent and is widely expected to set the new standard for other US state legislation. Democratic senator Bob Hertzberg told the Washington Post, “I think it’s going to set the standard across the country that legislatures across the country will look to adopt in their own states.” 

In order to be ready for new policy like CCPA and to protect the potential of any solution’s sales pipeline, leaders and teams need to build and execute a plan to ensure their products and services meet and facilitate compliance with all the applicable requirements each time significant new legislation passes. Here are four critical steps to help ensure your organization is ready for CCPA or any new policy:

1)     Learn and understand the requirements and implications of the new legislation

2)     Conduct an effective gap analysis and readiness assessment against those requirements

3)     Build a compliance and communication roadmap. Here’s an example from Mailjet in response to the passage of GDPR

4)     Execute against your roadmap, including training your customer-facing teams to confidently communicate how your solution meets or exceeds compliance requirements

The quality of information and understanding produced in step one is a critical dependency for success in steps two through four. For education organizations, an investment in a reliable source of truth about enacted policy and an opportunity for advocacy and agency in pending legislation can make a fundamental difference in outcome throughout these steps. The SIIA’s Education Technology and Information Network (ETIN) provides that important opportunity to member companies with a dedicated policy team.  The ETIN’s policy team supports member organizations with:

  • Regular updates about policy and legislation, like CCPA
  • Timely Information about how policy will impact products, services and departments across your business
  • Key issues and topics leaders and teams need to consider as part of a readiness assessment
  • An overview of why education technology companies need to pay particular attention to pending and enacted law
  • An education policy expert view of how future state and federal legislation will be influenced by legislation like CCPA

Here are some ways to take advantage of this critical resource provided by ETIN to benefit your education technology business, ensure your organizational readiness for changing legislation and prepare your teams to avoid those compliance wake up calls:

  • Learn directly from SIIA experts at meetings and events. For an immediate opportunity, join Sara Kloek, SIIA Director, Education Policy, Programs and Student Privacy and Christopher Mohr, SIIA General Counsel, Vice President of Intellectual Property at the 2018 Education Business Forum, where they will lead a session covering the key considerations for CCPA.
  • Join the ETIN policy committee, for live and written monthly updates in legislation and policy, and an opportunity to add your organization’s voice to SIIA’s advocacy efforts.
  • Connect with members of the ETIN community who can provide gap analysis and readiness assessment services and support for critical legislation updates.
  • Learn from other ETIN leaders and industry insiders facing similar challenges and opportunities.
If your organization is focused on creating positive outcomes in US education, you benefit from the SIIA’s ETIN policy and advocacy work in education and education technology. Help fund this critical work that strives to ensure policy is implementable, that legislation language is practical and deliberate, and that it minimizes unintended consequences producing negative outcomes for students, educators or education technology companies. Support these efforts by becoming a member, renewing your membership, attending ETIN conferences like the Education Business Forum and SIIA Annual, and become an active part of this committed community of businesses, organizations and leaders serving education.  In doing so, you provide your organization with an unparalleled resource to ensure your legislation compliance initiatives and solutions are positioned for success.

Ashley Ashley is a media, technology and education industry leader and author based in the Twin Cities. She serves on the executive committee of the SIIA's ETIN board and as co-chair of ETIN's Diversity & Inclusion Committee.