top of page

Privacy Policy

FutureEd Solutions Privacy Policy, is intended to ensure complete compliance with Ohio state laws and Ohio Department of Education and Workforce (ODEW) requirements. All provisions are aligned with the Ohio Revised Code, including Sections 3319.321, 3301.12, 3301.0714, and the 2025 Senate Bill (SB) 29 and House Bill (HB) 432 student data privacy updates, along with the ODE Information Technology Policy ITP‑007 (Data Protection and Privacy) guidelines.

 

Effective Date: October 20, 2025  

 

FutureEd Solutions (“FutureEd,” “we,” “our,” “us”) is committed to protecting the privacy and security of student and educator data. We comply with the Family Educational Rights and Privacy Act (FERPA), Ohio Revised Code § 3319.321 (Student Privacy Law), Ohio’s Data Protection and Privacy Policy ITP‑007, the Ohio Public Records Act, and all applicable Ohio Department of Education and Workforce (ODEW) directives governing educational data security, retention, and breach response.

1. Personal Information We Collect

We collect and maintain personally identifiable information (PII) consistent with ORC § 3319.321 and FERPA, including:

  • Student names, demographic details, and contact information.  

  • Parent or guardian contact details for minor students.  

  • Educational records such as grades, attendance, course history, and assessments.  

  • Technical and device identifiers (e.g., IP address, login IDs, cookies).  

  • Employee and contractor credentials where required.  

  • Transaction data where instructional services involve payment.  

 

The amount of data collected is the minimum necessary to accomplish the educational purpose, consistent with ODEW ITP‑007 standards.

2. Lawful Basis and Purpose of Use

PII is collected for legitimate educational and administrative functions:

 

  • Delivering instructional programs and monitoring progress.  

  • Ensuring compliance with FERPA, ODEW rules, and district contracts.  

  • Providing support, research, analytics, and system improvement.  

  • Responding to public records requests in accordance with the Ohio Public Records Act while protecting exempt records.  

  • Preventing fraud and safeguarding systems under the NIST Cybersecurity Framework v1.1.

FutureEd does not use student data for advertising, profiling, or sales, per SB 29 (2025) restrictions.

 

3. Data Collection and Consent

  • Use of any Social Security Number (SSN) requires citation of the statutory authority, as mandated by ITP‑007 § 3.1(c).  FutureEd does not collect SSN.

  • Parental or student consent is required before collection beyond directory information.  

  • Consent may be revoked at any time under Ohio Admin. Code 3364‑71‑15 and FERPA.

     

4. Data Sharing and Third‑Party Disclosure

FutureEd shares data only as permitted by ORC § 3319.321(C) and federal law:

  • With contracting educational agencies, boards, and authorized personnel.  

  • With service providers performing functions under written contracts requiring confidentiality, encryption, and restricted access.  

  • With regulators or law enforcement as required by law.  

All third‑party agreements contain mandatory SB 29 clauses restricting unauthorized access and ensuring employee authorization only “as necessary to fulfill official duties.”

 

5. Parental and Student Rights

Under FERPA and ORC § 3319.321, parents and eligible students have the right to:

  • Inspect and review educational records within 45 days of request.  

  • Request correction or amendment of inaccurate data.  

  • Opt‑out of directory information disclosures.  

  • Receive annual notification of rights and changes, per HB 432 (2025).

Requests may be made via privacy@fesnow.org.

 

6. Data Retention and Destruction

Retention and destruction practices comply with ORC § 149.43 and § 3301.12 and NIST SP 800‑88 Rev. 1:

  • Data is retained only for legitimate instructional or legal needs.  

  • Upon contract termination, data is removed within 30 days.  

  • Secure destruction methods (wiping, shredding, degaussing) are employed.  

  • A Certificate of Data Destruction is issued to the contracting district.

     

7. Security and Safeguards

FutureEd employs administrative, technical, and physical controls aligned with ODEW ITP‑007 and NIST CSF:

  • Role‑based and organizational access.  

  • Encryption at rest and in transit (AES‑256/SSL).  

  • Activity logging and anomaly detection.  

  • Annual risk assessments and vulnerability testing.  

  • Incident response and recovery procedures reviewed annually.

 

8. Data Breach Notification

Consistent with SB 29 (2025) and HB 432 modifications, FutureEd will:

  • Report any confirmed breach to affected agencies, parents, and the Ohio Department of Education and Workforce within 7 calendar days.  

  • Disclose the scope, nature, and mitigation steps involved.  

  • Retain incident documentation for a minimum of five years.  

  • Notify when any misuse of student device data occurs, per ORC § 3319.327.

 

9. Staff and Contractor Training

All employees and contractors undergo annual training on:

FERPA and ORC § 3319.321 compliance.  

ODEW Information Security requirements.  

Data handling, encryption, and incident response.  

Ethical restrictions under the Ohio Ethics Law and the Governor’s Cybersecurity Directive 2023‑03.

Training completion is documented and auditable.

 

10. Student Device and Online Monitoring

Consistent with SB 29 (2025) and HB 432, FutureEd:

  • Limits student activity monitoring to legitimate safety or instructional reasons.  

  • Issues written notice to parents and students describing provider contracts involving monitoring tools.  

  • Avoids any continuous surveillance or non‑educational data collection.

 

11. Audit, Accountability, and Compliance

FutureEd performs:

  • Annual ODEW‑aligned Data Security and Privacy Assessments.  

  • Internal NIST CSF compliance audits.  

  • Immediate corrective action for identified gaps.  

  • Full cooperation with ODEW’s Office of Data Governance and district‑level audits.

 

12. Data Hosting and Transfers

All PII is processed and stored within U.S.‑based, FERPA‑compliant cloud environments, with servers located in data centers that meet the Ohio IT Security Standard.  

Data transfers outside Ohio are restricted and must comply with both ODEW and contracting agency approval protocols.

 

13. Children’s Online Privacy and COPPA

FutureEd complies with the Children’s Online Privacy Protection Act (COPPA) and Ohio student data rules.  

Parental consent by the contracting district is required before collecting information from students under 13, and all accounts for students under 18 require district‑approved authorization.

 

14. Data Protection Officer

Data Protection Officer  

FutureEd Solutions  

PO Box 1248, Reynoldsburg, OH 43068  

Email: privacy@fesnow.org  

Phone: 1‑614-300-5200

The DPO oversees compliance with FERPA, ORC § 3319.321, ITP‑007, and NIST CSF.

 

15. Policy Updates

FutureEd may revise this policy to reflect statutory changes. All updates will be posted on the website and communicated to contracting districts at least 30 days in advance of the effective date.

 

This version of the FutureEd Solutions Privacy Policy now fully aligns with Ohio state law, ODEW data privacy policy ITP‑007, and the 2025 legislative updates (SB 29 and HB 432) concerning student data handling, vendor contracting, and breach notification. It meets or exceeds all privacy and security expectations set by the Ohio Department of Education and Workforce.

 

Sources

[1] Privacy | Ohio Department of Education and Workforce https://education.ohio.gov/Miscellaneous/Privacy

[2] Privacy Notice - Ohio Department of Higher Education https://highered.ohio.gov/help-center/privacy-notice-and-policies

[3] New student data privacy requirements to go into effect Oct. 24 https://www.ohioschoolboards.org/blogs/legal-ledger/new-student-data-privacy-requirements-go-effect-oct-24

[4] [PDF] Information Technology Policy, Data Protection and Privacy https://education.ohio.gov/getattachment/Miscellaneous/Privacy/ITP-007-Data-Protection-and-Privacy.pdf.aspx?lang=en-US

[5] General Assembly passes bill containing revisions to student data ... https://www.ohioschoolboards.org/blogs/legal-ledger/general-assembly-passes-bill-containing-revisions-student-data-privacy-law

[6] Requesting Student Level Data - Ohio Department of Education https://education.ohio.gov/Topics/Data/Frequently-Requested-Data/Requesting-Student-Level-data

[7] Ohio Admin. Code 3364-71-15 - Confidentiality of student records ... https://www.law.cornell.edu/regulations/ohio/Ohio-Admin-Code-3364-71-15

[8] [PDF] Confidentiality of Student Records Policy - Ohio.gov https://dam.assets.ohio.gov/image/upload/highered.ohio.gov/aspire/Policies/Confidentiality_of_Student_Records.pdf

[9] SSID Frequently Asked Questions – Policy http://education.ohio.gov/getattachment/Topics/Data/EMIS/EMIS-Documentation/Statewide-Student-Identifier/ODE-SSID-FAQs.pdf.aspx?lang=en-US

[10] FERPA: Law Balances Access and Privacy https://lawyers4students.com/studentrecords

[11] Student Data Privacy Information for Families - Delaware City Schools https://www.dcs.k12.oh.us/departments/technology-department/student-data-privacy-information-for-families

[12] New Ohio law prohibits student cell phone usage, requires ... https://education.ohio.gov/Media/Ed-Connection/Aug-20-2025/New-Ohio-law-prohibits-student-cell-phone-usage-re

[13] Privacy and Release of Student Record Information - The Ohio State ... https://registrar.osu.edu/policies-information/privacy-and-release-of-student-record-information-ferpa/

[14] Public Records Policy | Ohio Department of Education and Workforce https://education.ohio.gov/Miscellaneous/Privacy/Public-Records-Policy

[15] Data Sharing for Program Evaluation https://education.ohio.gov/getattachment/Topics/Research-Evaluation-and-Advanced-Analytics/Sections/Our-Work-Includes/Data_Sharing_Guidance_for_Districts.pdf.aspx?lang=en-US

[16] Your Rights Under FERPA https://www.esceasternohio.org/student-data-privacy/ferpa

[17] Ohio Board of Education balances collecting data and protecting ... https://fordhaminstitute.org/ohio/commentary/ohio-board-education-balances-collecting-data-and-protecting-privacy

[18] Cell Phones in Schools - Ohio Department of Education https://education.ohio.gov/Topics/Student-Supports/School-Wellness/Cell-Phones-in-Ohio-Schools

[19] Section 3319.321 - Ohio Revised Code https://codes.ohio.gov/ohio-revised-code/section-3319.321

[20] SAFE Privacy Notice - Ohio Department of Education https://safeqa.ode.state.oh.us/portal/Help/Policy?Length=7

bottom of page