Skip to main content
New Jersey

New Jersey Student Data Privacy

Requires Signed Agreement
Does not require signed agreement

New Jersey restricts edtech operators' use/disclosure of student information and supports contract-driven safeguards, security controls, and deletion expectations.

New Jersey Student Online Personal Information Protection Guide

Primary Law
Student online personal information protections for operators of educational services (limits on use/disclosure and security expectations)

Citation
P.L. 2019, c.494 (A4978 4R)

Official Text
https://www.njleg.state.nj.us/2018/Bills/PL19/494_.HTM

Overview

New Jersey restricts how operators of online educational services collect, use, and disclose covered student information. The law focuses on prohibiting certain commercial uses (such as selling covered information and targeted advertising) and expects vendors to handle student information consistent with school purposes and contractual limitations.

For districts, the practical takeaway is strong contract governance: when an edtech operator will receive student information, districts should use signed agreements that define permitted uses, prohibit unauthorized disclosure, and require security and data lifecycle controls.

Applicability and Scope

This is most relevant when:

  • A district uses an online educational service operated by a vendor that receives student covered information
  • Tools integrate with district systems (SIS/rostering/SSO) and receive roster, grades, or student performance information
  • Vendors use subcontractors or share data to deliver the service

Vendor Data Governance and Protection Standards

Although New Jersey law does not explicitly require signed vendor agreements, districts commonly use written contracts, structured vendor evaluations, or both to manage student data responsibly and demonstrate compliance.

Districts should confirm that vendor agreements and/or documented review processes establish:

  • Clear limits on data use, restricting student information to authorized educational or school-related purposes
  • Explicit prohibitions on data sales and targeted advertising involving student information
  • Controls on data sharing and subcontractors, including flow-down privacy and security obligations
  • Security measures appropriate to the nature and sensitivity of student data
  • Defined procedures for data deletion or return when services conclude or upon district request

This approach enables New Jersey districts to apply consistent, defensible data governance across vendors, regardless of whether controls are implemented through contracts, vetting, or a combination of both.

How Can EdPrivacy Help New Jersey Schools

New Jersey compliance is easier when districts have a clear, centralized understanding of which vendors handle student information and how each vendor has been evaluated. Whether districts rely on written agreements, structured vetting, or both, consistency and documentation are key.

EdPrivacy helps districts centralize vendor approvals, contracts/DPAs (where used), and privacy and security documentation, ensuring oversight remains organized and repeatable across a wide range of instructional tools.

With EdPrivacy, districts can:

  • Maintain an inventory of applications and vendors that receive or process student data
  • Store contracts, DPAs, privacy terms, and security artifacts in a single system
  • Document approval decisions, conditions, and required safeguards for each vendor
  • Monitor vendor policy or ownership changes and schedule periodic re-reviews

This centralized approach helps districts scale oversight without losing visibility or control.

Summary

New Jersey districts should be prepared to:

  • Apply written agreements, documented vendor vetting, or a combination of both when edtech tools handle student information
  • Ensure vendors are limited to legitimate educational purposes and do not sell, market, or otherwise misuse student data
  • Evaluate security safeguards and confirm workable data deletion and return processes
  • Maintain consistent documentation and ongoing monitoring across the district

New Jersey’s student privacy framework emphasizes responsible data use, security, and oversight, allowing districts to demonstrate compliance through structured vetting, contractual controls, or a blended approach, depending on risk and data sensitivity.