Will CT elected officials enact appropriate safeguards on student privacy this session?

The Connecticut General Assembly will soon be acting on House Bill #7017, An Act Concerning Student Data Privacy.

However, as of now this critically important legislation is little more than an empty shell and it falls far short of what is needed to ensure that Connecticut law properly protects the state’s children by instituting appropriate safeguards on data collected by the state and school districts about students.

Although few parents are presently aware of the problems, as a result of federal action, the Common Core testing frenzy and the ever increasing desire to collect and warehouse massive amounts of data on everybody and everything, the notion of protecting student data at the federal, state and local level has been severely undermined.

Today student data is not properly protected.

In response to these developments, states all across the country have passed new laws aimed at putting appropriate safeguards in place on student data.

This year alone, 41 states have or are considering legislation that would increase the level of protection on student data.

The Connecticut’s General Assembly’s opportunity to step forward and protect Connecticut’s children rests with House Bill #7017, but significant changes would be needed if the legislation is to have a significant impact.

Jennifer Jacobsen, a long time educator, mother of three, a founding member of Connecticut Unites for Student Privacy and a member of the Connecticut Parental Rights Coalition has been a leading voice in the effort to ensure that Connecticut improves its laws on student data privacy.

In a recent letter Jennifer Jacobsen highlighted the steps needed to update loopholes with the Family Educational Rights and Privacy Act (FERPA), to institute appropriate provisions for dealing with online and third party vendors who contract with the state and schools that collect student data, and changes needed to ensure proper procedures for regulating Connecticut’s “state longitudinal data system,” known as P20-WIN, so that there is transparency, accessibility and protection in place.

The proposed law needs to include the following provisions;

  • Clarification that All student records are the property, and are under the control of, the parent or legal guardian of the child, and may be held in trust by the local board of education. The local board of education shall safeguard the privacy of student records, and shall protect student records from all unlawful release to third parties, in accordance with state and federal statutes and regulations.
  • A requirement that, upon request, the local board of education shall provide immediately to the student, parent, or legal guardian, a copy of any student record, or data of any kind, that is in the possession and/or control of the local board of education and its agents and the state longitudinal data.
  • Adding language ensuring that certain data elements cannot be disclosed to third-parties without parental consent including; (a) Juvenile court delinquency records; (b) Criminal records; (c) Student biometric information; and (d) Student medical Records.

In addition, tougher provisions are needed to limit the likelihood of a data breach and ensure that proper steps are taken if and when a breach of data security occurs. As Jacobsen notes, the legislature should add that:

The State Department of Education and its agents, and the local board of education and its agents, shall notify the student and parent or legal guardian of a student of any unauthorized access, or suspected unauthorized access, to any student record or data of any kind that is collected, maintained, or in the possession and control of the State Department of Education and its agents, the local board of education and its agents, and any other authorized third party.

Each unauthorized release of, or breached access to, any student record or data of any kind that is collected, maintained, or in the possession and control of the State Department of Education and its agents, the local board of education and its agents, and any other authorized third party, shall be considered a separate violation, punishable by (add appropriate penalties- fines, denied access to data systems, etc).

Upon notification of an unauthorized release or breach, or suspected unauthorized release or breach, of student records or data of any kind, the State Department of Education and its agents, the local board of education and its agents, and any authorized third party, immediately shall ensure that all necessary corrections are made to prevent further release or breach, and shall repair and rectify all harm caused by the unauthorized release or breach.

These additions are necessary to update Connecticut’s law on protecting student data.  As Jacobsen explains,

“These proposed changes and additions allow third party vendors and state agencies the opportunity to ensure their proper handling of the data they collect with ultimate responsibility to safeguard the students behind the data while still having access to de-identified data for research or product development purposes.

These recommendations also permit parents the access they need to ensure the accuracy of the data collected on their children and assures them that the state has taken every measure possible to protect their children’s information with serious consequences for those who would either intentionally or unintentionally misuse that information.”

The Connecticut General Assembly should add these provisions, Connecticut’s parents and students deserve nothing less.

  • buygoldandprosper

    If Danny can find a way to monetize the information, he will.
    Expect it to be sold, and resold.
    You don’t like it? “Don’t go to public schools” is what the administrations response will be.
    Connecticut…where everything is for sale or trade.

  • Bluecoat

    Someone needs to find out how much money is being funneled to the Politicians and State agencies that support the data collection. How much money is also being funneled to the P20 Council, CABE, CEA, AFT, and any other Education non-profit that is not protecting the privacy rights of students and parents.

  • mookalaboona

    As far as CEA goes, the answer to fixing that organization is voting out the current leadership this May. We need to clean house. RA members need to vote in Walsh and Minnick for CEA president and vice president. Out with the current leadership that endorsed Danny Boy who is ruining our education and our once great state!

  • Bluecoat

    There isn’t enough brain power in Hartford to take this problem seriously….but only when teacher’s data and the kids test score are going to be used to rate teachers, then everyone screams bloody murder.
    I am still trying find out why someone needs to know a child’s sexual preference, parental voting records, health records, etc….
    As usual these ladies in Utah have been covering this for a long time…
    It is time to have a data base of every politician, every teacher, every administrator’s health records, divorce records, voting status, sexual preference, etc… in a data base for the taxpayers to review.
    If it’s is OK to steal information from unsuspecting kids, then it should be OK to have a data base for the idiotic adults, that think it is necessary to have a data base on our children


  • Bluecoat

    It would be great too, to see a data base of Psychological exams and Personality tests on teachers, principals, administrators, etc….
    Lets find out which adult is on Viagra, Prozac, or any other mind altering drug, and are allowed in our schools to teach our children….