Skip to main content
Minnesota

Minnesota Student Data Privacy

Requires Signed Agreement
Does not require signed agreement

Minnesota treats educational data as private by default and limits disclosures under Minn. Stat. 13.32, aligning closely with FERPA and requiring strong vendor governance.

Minnesota Educational Data Privacy and Disclosure Guide

Primary Law
Educational data privacy and permitted disclosures under the Minnesota Government Data Practices Act

Citation
Minnesota Statutes Section 13.32 (Educational data)

Official Text
https://www.revisor.mn.gov/statutes/cite/13.32

Overview

Minnesota treats educational data as private data on individuals by default and limits disclosure unless a specific exception applies. Minnesota Statutes Section 13.32 aligns closely with federal FERPA concepts while providing Minnesota-specific structure for how districts, schools, and parties acting for them handle student data.

Because Minnesota explicitly covers educational data maintained by a public educational agency or by a person acting for the agency, districts should treat vendor relationships, outsourced platforms, and school-issued device programs as in-scope for compliance planning.

Applicability and Scope

Minnesota educational data rules are relevant when:

  • A district, school, or charter maintains data that relates to a student
  • A vendor or service provider creates, receives, or maintains educational data on behalf of a public educational agency
  • Student data is shared outside the district, including with government agencies, researchers, or contracted service providers

The statute includes definitions that matter operationally, including definitions for student, parent, school-issued device, and technology provider.

Default Classification: Private Educational Data

Under Minnesota law, educational data is generally private and not disclosed except as permitted. Districts should treat this as a default: access and sharing should be role-based, purpose-limited, and documented.

Common compliance practices include:

  • Using least-privilege permissions in student information systems and connected platforms
  • Minimizing data elements shared with each tool or integration
  • Keeping a written record of what data is shared, with whom, and for what educational purpose

When Disclosure Is Permitted

Minnesota lists many circumstances where disclosure is permitted, including pursuant to consent and FERPA-authorized exceptions (such as certain school official, audit/evaluation, and health/safety emergency provisions). Districts should confirm that each disclosure aligns with an applicable legal basis and that recipients are limited to the data needed for the allowed purpose.

Technology Providers and School-Issued Devices

Minnesota defines technology providers in the context of school-issued devices and one-to-one programs. This reinforces that vendor governance is part of student privacy: districts should verify that providers receiving educational data are restricted to school-authorized purposes, and that contracts and configurations match real data flows.

How Can EdPrivacy Help Minnesota Schools

Minnesota districts often need a practical way to demonstrate: what student data each app touches, why it is used, and which disclosures are allowed. EdPrivacy helps districts centralize app inventory, documentation, and approvals so district teams can apply consistent privacy decision-making across many products.

The platform helps districts:

  • Maintain a clear inventory of tools that collect or store educational data and map each tool to an educational purpose
  • Organize privacy policies, DPAs, and security documentation so staff can quickly answer disclosure and access questions
  • Record approval notes and sharing constraints (data minimization, access roles, retention and deletion expectations)
  • Monitor vendor policy changes and schedule periodic check-ins so documentation stays aligned over time

Summary

Minnesota districts should be prepared to:

  • Treat educational data as private by default and disclose only when a clear exception applies
  • Apply role-based access and minimum-necessary sharing across systems and vendor tools
  • Ensure technology providers and school-issued device programs are governed by documented purpose limitation and safeguards
  • Maintain repeatable documentation to support consistent approvals and ongoing oversight

Minnesota Statutes Section 13.32 supports a governance-forward approach where controlled access, justified disclosures, and strong vendor oversight are central to protecting student data.