Student Data Privacy

Student Data Privacy Compliance

Educators, school leaders, and education technology providers should review and understand their obligations under Connecticut’s student data privacy law (Connecticut General Statutes §§ 10-234aa through 10-234dd). The statute applies to any situation in which districts use educational technology that captures or accesses personal student information, records, or data. See the Data Privacy Task Force Report(March 2019) for a detailed analysis of the law and recommendations for revisions. For answers to frequently asked questions (FAQs) regarding the law, see the Commission's FAQ document and presentation (February 2022). For resources specific to schools and providers, see the links below:

>> Resources for Connecticut Public Schools
>> Resources for Educational Technology Providers

Resources for Connecticut Public Schools (“Boards”)

To support the compliance efforts of local education agencies (LEAs) and the educational technology providers whos products they use, the Commission has established a number of resources, listed below.

• Connecticut Educational Software Hub: Educators and district leaders may use this Web site to search for educational software developed by companies that have pledged compliance with Connecticut’s privacy law. Contractors do so by digitally signing the Connecticut Student Data Privacy Pledge and providing documentation to support their compliance (e.g., sample contract, link to standard terms, data privacy agreement, or addendum documents). Districts interested in leveraging a host of other features offered through the Hub (LearnPlatform) can watch this recorded presentation:

>> LearnPlatform Overview

Through an agreement with the Commission, LearnPlatform provides district leaders with insights into educational technology usage, allows them to conduct pilot evaluations of software, tracks and reports on efficacy, and provides teachers with the ability to share feedback on specific products.

In a limited number of instances, the Commission has engaged directly with educational technology providers that serve the vast majority of districts in the state. For information about the contract language that these providers have developed, see the following links, copies of correspondence sent from the Commission to the Connecticut education community:

• Apple
• Code.org
• Google

• Hub Endorsements and Communication Resources: Districts should refer educational software companies to the Hub as a state resource for supporting privacy compliance. Doing so saves time for contractors and districts and will help build a single point of reference for compliant software. Educators and leaders may leverage these resources to encourage use of the Hub:
  
  • Sample E-Mail: Use this language as a template to encourage contractors to visit the Hub, learn about Connecticut’s statutory requirements, and take steps to comply with our laws.
  • Letter of Endorsement: The Connecticut General Assembly, Connecticut State Department of Education, Connecticut Association of Boards of Education, Connecticut Association of Public School Superintendents, and Connecticut Association of Schools have all endorsed the use of the Hub to support compliance. Use this letter of endorsement to encourage contractors to visit and use the Hub.
    
    
• Model Terms of Service (TOS) Addendum: Districts may encourage Contractors to modify their TOS or create a contract addendum using the language contained in the Model TOS Agreement Addendum (click here to view). Contractors must address all of the contractual requirements defined in the Model TOS Addendum. The only variable components of that document are highlighted in red text. These sections serve as placeholders for contractors and districts to define protocols specific to each executed contract.
  
  
• IEP/504 Reporting Requirements: All districts must report on their use of software employed as part of IEP or 504 plans through the exemption defined in Public Act 18-125. School leaders may find the following resources useful:
  
  
  • District Reported IEP-504 Exemption Use by Year: Number of districts that used the IEP-504 exemption in a given year. Use the filter to see data for different reporting years.
  • CT Public School IEP-504 Exemptions by District: Of districts that used the IEP-504 student data privacy exemption, the totals by district with drill-down by software title. Use the filter to see data for different reporting years.
  • Sample PPT Planning Form

• Data Privacy Toolkit: This document provides additional supports to contractors and districts. The Toolkit includes background and definitions to help interpret the law, best practice guidance in security, and communication templates.
  
  
• School Safety & Privacy: From the Future of Privacy Forum (FPF), this page provides background information, an animated overview of data privacy, and many useful resources to support policy, governance, and communications.

Resources for Educational Technology Providers ("Contractors")

For guidance on Connecticut's privacy law and directions on how to register products as compliant, see the following sections:

• Connecticut Educational Software Hub: This Web site, specifically referenced in the state privacy law, allows contractors to register their products as compliant by digitally signing the Connecticut Student Data Privacy Pledge. Please note that simply signing the Pledge does NOT constitute compliance. Only by creating terms that align with Connecticut's data privacy law do Contractors attain compliance. 
  
  The Hub registration process encourages contractors to provide supporting documentation that demonstrates compliance (e.g., sample contract, data privacy agreement, or addendum documents). Taking these steps provides visibility to Connecticut districts, which use the Hub to find compliant software. For step-by-step instructors for providers on how to register on the Hub and sign the Pledge, see this brief video.
  
  
• Model Terms of Service (TOS) Addendum: If a Contractor's terms do not align with the requirements of Connecticut's statute, the organization may use the Model TOS Agreement Addendum to review the state's requirements and modify their current TOS. Providers must address all of the contractual requirements defined in the Model TOS Addendum. The only variable components of that document are those highlighted in red text. These sections serve as placeholders for contractors and their district ("Board") customers to define protocols specific to each executed contract. Any contract entered into between a contractor and Board on or after July 1, 2018, that does not contain the provisions detailed in state statute and reflected in the Model TOS is considered void.
  
  
• Governing Statute: See Connecticut General Statutes §§ 10-234aa through 10-234dd, available from the Connecticut General Assembly Web site.