Grace Ai | The Chronicle
As the doors to the high school open for the 2025-2026 school year, some doors online have been shut instead.
Ohio public schools have enforced Senate Bill 29, banning technology providers from selling or sharing student records. Providers must sign contracts with individual schools to operate, with refusal blocking their service from staff and student use. Mason High School (MHS) implemented the bill this school year after its introduction in January 2023 and enactment in October 2024.
Cybersecurity and Computer Science teacher Corey Rice said families and students should have some guarantee that their information will not be disclosed to the public based on school use.
“The main goal of the law is to try and keep students from inadvertently giving away information,” Rice said. “The reason why there’s a list [of platforms] is because the companies we’re using would need to have an agreement with the school that they’re not going to track, sell or use [students’] PII in any way.”
Some platforms, like Kahoot, let students play anonymously without sharing personal data. Others require accounts or subscriptions, so schools have stopped using them. While some websites are generally prohibited from the school, there are exceptions, such as Kahoot and YouTube, depending on what they are used for.
“I’m one hundred percent on board with the fundamental goal of protecting students’ PII,” Rice said. “[But] I don’t love the way it’s implemented.”
MHS senior and Cybersecurity I student Gavin Dunn said some of his teachers have had to suddenly change their course material and activities in order to meet the bill’s requirements with its implementation so close to the start of the school year. Dunn said that while he likes the bill, he wished that students were given more information about it.
“I think the administration has done a poor job of communicating to us,” Dunn said. “As a student, I have not heard anything about this bill other than a short mention of it in the class speech. I really wished there could have been an email at the start of the year with a short summary of the law, the websites that you [cannot use] and practices [they] recommend to keep your data safe [at] school.”
Rice said he has seen how other states handle concerns with PII from his experience at schools outside of Ohio. He doesn’t fully agree with Ohio’s execution of the law compared to some other states, or how online safety at schools is handled in the U.S. overall. Other places like the United Kingdom have also made laws regulating internet access for students.
“I would argue that we [might not] have gone far enough,” Rice said. “Europe has some more progressive laws around PII than the United States does, but [Senate Bill 29] is a great first step.”
The primary concern behind Senate Bill 29 has been to limit the spread of students’ personal information, and Rice said there are a variety of ways that personal information can be used by outside parties.
Rice said that while targeted ads are the most common way personal data is used, there is an entire industry of data brokers that build profiles of individuals for law enforcement without strict regulations. For business alone, the usefulness of data collection might go beyond simply advertising differently towards different people.
“Kroger has [thought of] putting screens for prices on cans of soup, and then having cameras in their store, so when they see you walk down the aisle, they can change the prices when a new person [enters],” Rice said.
According to MHS senior and co-president of Mason Hack Club Wissam Nusair, tech company Palantir has worked with the US government to collect data for its military and intelligence. Nusair said that while the technology right now is still being set up, there are concerns that the government could use it to see what people search, say and think.
“Data is just so profitable and the government can do a lot with it, ” Nusair said. “Right now there isn’t really anything wrong with having a camera see people commit a crime, but it [could] become a problem in the future, where maybe we have AI predict if somebody is going to commit a crime.”
Aside from using a password manager to avoid using the same password for everything, Rice also said that you should avoid putting in any unnecessary information on the apps you use.
“[For] social media, only put in the information you [need] to make your accounts,” Rice said. “ Just pump the brakes before you sign up for the next new service. I get that [the terms and services] are long. But it’s good to think about your data use.”
Dunn said that being educated in the field of cybersecurity will not only help in understanding the functions and systems of computers, but also general online safety and defending against malicious hacking.
“The most vulnerable part of a computer system is often the human running it, which is why many cybersecurity attacks are due to human error and not computer error,” Dunn said. “No matter what you’re going to do in the future, you’re going to use a computer every single day and knowing the best practices in terms of keeping yourself safe, keeping your information and your data safe is going to help you [regardless].”
Rice said that he hopes students take this bill to heart and start being more careful of their digital safety on an individual level.
“Hopefully in the 2020s we’re starting to be a little more judicious about what you want to sign up for, what you don’t want, and hopefully have less information just flying around willy-nilly,” Rice said. “It’s going to be a bumpy road, [but] I hope that everyone gives each other a little grace.”
