Skip to main content
Tennessee

Tennessee Student Data Privacy

Requires Signed Agreement
Does not require signed agreement

Tennessee combines student data governance requirements with operator restrictions on targeted advertising, profiling, and sale for online services used in K-12 settings.

Tennessee Student Data Governance and Online Operator Protections Guide

Primary Laws
Data Accessibility, Transparency and Accountability Act and Student Online Personal Protection Act

Citations
Tenn. Code Ann. 49-1-701 through 49-1-708 (notably 49-1-708)

Official Resource
https://comptroller.tn.gov/content/dam/cot/orea/advanced-search/2017/2017_OREA_StudentDataPrivacy.pdf

Overview

Tennessee addresses student data privacy through a governance framework and an operator-focused law for online services used in K-12 settings. Tennessee's approach is designed to improve transparency and accountability for student data while limiting certain online practices such as targeted advertising based on school-collected student information.

For districts, the practical compliance posture is to align vendor use of student data to school purposes, control disclosures, and ensure security safeguards and data lifecycle controls are documented and enforceable.

Applicability and Scope

Tennessee requirements are most relevant when:

  • Districts use online services, applications, or platforms for instruction, assessment, or student support
  • Vendors or operators collect covered information from students through school-directed use
  • Districts share student data with service providers or allow integrations into district systems

Operator Restrictions (Ads, Profiling, Sale) and Permitted Disclosures

Tennessee's Student Online Personal Protection Act restricts operators from targeted advertising based on information obtained through school use, limits profiling beyond school purposes, and restricts sale/rental of student information. It also includes expectations around reasonable security and responding to deletion requests in appropriate circumstances.

Governance and Practical District Implementation

Because districts work with many vendors, Tennessee compliance is easier when districts implement repeatable processes for review and documentation:

  • Inventory the tools used and map each tool to an educational purpose
  • Apply least-privilege access in systems and integrations
  • Document disclosures, subcontractors, and data lifecycle expectations
  • Re-review vendors when products, features, or terms change

How Can EdPrivacy Help Tennessee Schools

Tennessee districts benefit from a single system that tracks which tools touch student data and captures the vendor evidence needed to support oversight. EdPrivacy helps districts centralize app inventory, contract artifacts, and approval decisions so governance stays consistent and scalable.

The platform helps districts:

  • Maintain a district-wide inventory of apps and highlight which ones collect covered student information
  • Store vendor privacy terms, security documentation, and approval notes together
  • Document key constraints (no targeted advertising, purpose-only profiling, controlled disclosures)
  • Track vendor changes and schedule periodic check-ins for ongoing compliance

Summary

Tennessee districts should be prepared to:

  • Confirm online operators do not use student data for targeted advertising or other prohibited secondary purposes
  • Use clear vendor governance practices for access, security, and data sharing
  • Maintain documentation that supports transparency, accountability, and repeatable approvals
  • Monitor vendor changes to keep oversight aligned with real data flows

Tennessee's framework supports a combined governance-and-operator model for protecting student data across district systems and online learning tools.