details? As in the fingerprints in the scanning system? Yes, they're deleted. in fact, the entire system is reseeded every year of enrollment, and purged automatically! Why? simple biometric system like this are only accurate enough to get a "good guess" based on fingerprints in a database. The more prints, the less accurate the response.... They remove the old data to make current data more reliable BY DESIGN.
As for all the OTHER student data, I don't know about there, but here in this state, it has to be kept INDEFINITELY by law. My old high school in NY was just forced to go dig out my records from my time there as part of a government background check. It took them 2 weeks, but they had the data in hardcopy in a warehouse (yea, nothing was on computer back then, at least at a common high school level, I'm old). They have to keep that data at least until my death, released only on request by certain agencies, (not even directly to me, because my record contains confidential information from counselors) and will never become publicly accessible data, but its there, and will never be deleted. A fingerprint of a child is barely valid for a few years, its in constant flux, and generally useless to anyone, and is not at-risk data.
Also, everyone seems to have jumped on this system as something that can be easily abused. Did anybody bother to ask what the second factor of authentication was? a pin number, student ID, anything? i doubt very highly simply the thumb print alone is full and valid identification.
We use a similar system at our grocery store. Enter out phone number, thumb print, then a pin number, and we don't need to have our key-fob store discount card, or any credit cards handy, we select the stored method of payment (we can have several) and the pin number for that card (only works with pin, not signature, as they'll have no card to cross validate), and the transaction is done without taking out a card or wallet.
The odds of someone having my fingerprint, knowing my phone number, system pin, and card pin all at the same time, pretty slim. The store backs it up with a guarantee, and the data and card information is stored to federal PCI network standards.
My kid's fingerprint can be lifted almost anywhere. I really don't care if some database stores it for part of an ID validation, so long as validation requires MORE than the finger. Personally identifiable information (PII) is by law defined as not-private information, its just illegal to SHARE that information.