In this day and age of widespread data breaches, Governor Dannel Malloy, Attorney General George Jepsen and an overwhelming majority of Connecticut state legislators say they support privacy protections. They’ve even passed laws that guarantee notification and required protection for those whose data has been breached.
But in an incredibly underhanded maneuver, a new bill is being considered by the Education Committee that would roll back critically important protections for parents and children if data collected at school is breached.
House Bill 7207 strips the protection that students currently have by repealing the existing requirement that parents be notified if their child’s information is released via a corporate breach.
One would think that elected officials would be outraged, but with industry lobbying seeking to turn back the clock on these important notification requirements there is only silence from Governor Dannel Malloy and Attorney General George Jepsen — both of whom publicly bragged about their commitment to protecting Connecticut residents from data breaches.
In fact, just two years ago, Malloy and Jepsen pushed for legislative action requiring companies to notify and protect residents in the case of a breach and last year Malloy signed the new education law (Public Act 16-189) which targeted companies that do business with public schools.
But now with the new push to undo those protections, Malloy and Jepsen are nowhere to be seen.
As the parent run Connecticut Alliance for Student Privacy explains,
This year’s proposed bill (HB 7207) delays the effective date of the law passed last session from October 1, 2016 to July 1, 2018.
The law, as passed last year, did not stop the collection of student data or its appropriate use for instructional purposes or to improve student outcomes. It simply provides greater notice and transparency for parents and delineates contract provisions and technical security safeguards, while seeking to address misuse and instances of breach.
The effort to undo Connecticut’s new law is even garnering national attention. Fellow education advocate and blogger, Cheri Kiesecker, recently posted the following on her Missouri Education Watchdog blog.
Connecticut passed a student data privacy and transparency bill, Public Act 189, in 2016.
The bill adopted common sense policies associated with contracts between school districts and corporations that collect, maintain, and share student data. The CT law does NOT limit data collection, does not require parental consent prior to collecting data, it only asks that NEW or renewed contracts and bids collecting student data must handle data appropriately. The law requires parents to be notified if their child’s data is breached. To their credit, the CT Commission on Educational Technology has done great work and is prepared and ready for this law to be implemented. You can see their plan here: Operationalizing Public Act 189.
Why then, are some lawmakers in CT introducing bills to cripple this new law that protects student data privacy? Do they not think that keeping student data safe, notifying parents of a breach is important?
You may remember one Connecticut legislator introduced a bill in January to entirely repeal this new student privacy law. As CT blogger and parent Jonathon Pelto wrote,
“…in an astonishing, baffling and extremely disturbing move, State Representative Stephen Harding (R-107th District) has introduced legislation (HB 5233) to repeal this important law (Public Act 16-189)
…It is not clear who would ask Representative Harding to propose such a bill or why the representative would seek to do such harm to Connecticut’s students, parents and public schools.”
Fortunately, Representative Harding withdrew the bill after receiving much pushback (understandably) from the parent community.
New bill “Revising” CT Student Privacy to be heard Monday, March 6
This past week a new bill, 7207 to “revise” the student data privacy law, was introduced, and will be heard by the CT Joint Education Committee this Monday, March 6. This kind of a rush job could imply that they are hoping to pass this bill without giving parents time to react. This new bill, 7207, wants to repeal the data privacy law and delay further implementation until July 1, 2018. This would remove existing protection of school children for over a year. WHY?
The Student Data Privacy Law has been in effect since Oct. 1, 2016; it only applies to NEW contracts, only asks for transparency, the CT Edtech Commission has already done the work to implement it. WHY, would Connecticut want to now repeal protection and transparency?
Is it asking too much that when a company contracts with a school and collects and uses and shares children’s data, that the data be kept safe and parents be able to see how that data is used, breached, and not sold?
By repealing or delaying this law, who are they protecting?
Connecticut parents and other citizens opposed to stripping children of the privacy protections contained in Public Act 189 should take immediate steps to notify their legislators that this unwarranted and inappropriate assault on protecting students and parents must be defeated.
For more about this legislative effort to undermine Public Act 189 go to the CT Alliance for Privacy in Education’s Facebook Page: https://www.facebook.com/CTStudentDataPrivacy/posts/618261395030545