Student Data Privacy

Student Data Privacy Compliance

NOTE: Following Governor Lamont's Executive Order 7I, allowing flexibility related to the Student Data Privacy Act, Commissioner Cardona has issued guidance to schools through his memo of March 24, 2020. Under that guidance and until further notice, districts may bypass the process of crafting individual contracts for new technology solutions that fall under the data privacy statute. Instead, they can use educational technology from companies that have provided digital assurances that they comply with Connecticut’s law by signing the Connecticut Student Data Privacy Pledge. See the following sections for resources to assist public schools and educational technology providers.

>> Resources for Connecticut Public Schools
>> Resources for Educational Technology Providers

Resources for Connecticut Public Schools (“Boards”)

Educators and school leaders should review and understand their obligations under Connecticut’s student data privacy law (Connecticut General Statutes §§ 10-234aa through 10-234dd). The statute applies to any situation in which districts use educational technology that captures or accesses personal student information, records, or data. For a detailed analysis of the law and recommendations for revisions, see the Data Privacy Task Force Report (March 2019).

To comply with the law, districts must either (A) have existing contracts with vendors that comply with Connecticut's privacy statute or (B) limit their use of software to those titles provided by companies that have signed the Connecticut Student Data Privacy Pledge. Districts may reference the Connecticut Educational Software Hub to view a complete list of compliancy-pledged software. The following sections provide further detail on accessing the Hub and ways of encouraging vendors to comply with the law.

  • Connecticut Educational Software Hub: Educators and district leaders may use this Web site to search for educational software developed by companies that have pledged compliance with Connecticut’s privacy law. Contractors do so by digitally signing the Connecticut Student Data Privacy Pledge and providing documentation to support their compliance (e.g., sample contract, data privacy agreement, or addendum documents). Districts interested in leveraging a host of other features offered through the Hub (LearnPlatform) can watch this recorded presentation:

>> LearnPlatform Overview

LearnPlatform provides district leaders with insights into educational technology usage, allows them to conduct pilot evaluations of software, tracks and reports on efficacy, and provides teachers with the ability to share feedback on specific products.

In a limited number of instances, the Commission has engaged directly with educational technology providers that serve the vast majority of districts in the state. For information about the contract language that these providers have developed, see the following links, copies of correspondence sent from the Commission to the Connecticut education community:

  • Hub Endorsements and Communication Resources: Districts should refer educational software companies to the Hub as a state resource for supporting privacy compliance. Doing so saves time for contractors and districts and will help build a single point of reference for compliant software. Educators and leaders may use these resources to encourage use of the Hub:
    • Sample E-Mail: Use this language as a template to encourage contractors to visit the Hub, learn about Connecticut’s statutory requirements, and take steps to comply with our laws.
    • Letter of Endorsement: The Connecticut General Assembly, Connecticut State Department of Education, Connecticut Association of Boards of Education, Connecticut Association of Public School Superintendents, and Connecticut Association of Schools have all endorsed the use of the Hub to support compliance. Use this letter of endorsement to encourage contractors to visit and use the Hub.

  • Model Terms of Service (TOS) Addendum: Districts may encourage Contractors to modify their TOS or create a contract addendum using the language contained in the Model TOS Agreement Addendum (click here to view). Contractors must address all of the contractual requirements defined in the Model TOS Addendum. The only variable components of that document are highlighted in red text. These sections serve as placeholders for contractors and districts to define protocols specific to each executed contract.

  • IEP/504 Reporting Requirements: All districts must report on their use of software employed as part of IEP or 504 plans through a new exemption defined in Public Act 18-125. Districts that have not designated a reporter can do so through this form. Districts may also find the following resources useful:
  • Data Privacy Toolkit: This document provides additional supports to contractors and districts. The Toolkit includes background and definitions to help interpret the law, best practice guidance in security, and communication templates.

  • School Safety & Privacy: From the Future of Privacy Forum (FPF), this page provides background information, an animated overview of data privacy, and many useful resources to support policy, governance, and communications.

 

Resources for Educational Technology Providers ("Contractors")

Beginning March 23, 2020 Connecticut schools may use software from providers that have signed the Connecticut Student Data Privacy Pledge and provided documentation to support their compliance (e.g., sample contract, data privacy agreement, or addendum documents). For guidance on Connecticut's privacy law and directions on how to register products as compliant, see the following sections:

  • Connecticut Educational Software Hub: This Web site, specifically referenced in the state privacy law, allows contractors to register their products as compliant by digitally signing the Connecticut Student Data Privacy Pledge. The registration process encourages contractors to provide supporting documentation that demonstrates compliance (e.g., sample contract, data privacy agreement, or addendum documents). Taking these steps provides visibility to Connecticut districts, which use the Hub to find compliant software. For more information about the Hub, video instructions on how to register, and other resources, visit the Hub's Contractor FAQ page at connecticut.learnplatform.com/faqs/.

  • Model Terms of Service (TOS) Addendum: Contractors looking to comply with Connecticut’s law by modifying their current TOS or creating a contract addendum may use the language contained in the Model TOS Agreement Addendum. Providers must address all of the contractual requirements defined in the Model TOS Addendum. The only variable components of that document are highlighted in red text. These sections serve as placeholders for contractors and their Board customers to define protocols specific to each executed contract. Any contract entered into between a contractor and Board on or after July 1, 2018, that does not contain the provisions detailed in state statute and reflected in the Model TOS is considered void.

  • Governing Statute: See Connecticut General Statutes §§ 10-234aa through 10-234dd, available from the Connecticut General Assembly Web site.