CPRC (CT Parental Rights Coalition) Legislation Position For Immediate Release: April 30, 2015 Contact: [email protected]
CT State Agencies Would Own Children’s Personal Information and Allow it to be Sold
H.B. 7017: Strike & Amend or ‘kill the bill'
Parents must be aware that the H.B. 7017 - allows their children’s data to be shared and/or sold without informed consent. -takesaway parental ownership of their child’s data.
CPRC insists that this language be stricken from the bill: (4) (b) (1) of House Bill #7017 An Act Concerning Student Data Privacy: "A statement that student records continue to be the property of and under the control of the local or regionalboard of education, the State Board of Education or the Department of Education"
This language does not exist in the California Student Online Personal Information Protection Act (SOPIPA), upon which CT House Bill #7017 is based. In addition, this language does not exist in any other state law we have reviewed.
CPRC also, insists that children be protected over the gains of profiteers by adopting the four Amendments we have provided to State Representatives and are available to view on our website. The bill has not come to the floor for a vote yet, but our Coalition is on high alert and requests votes be recorded. Make our CT children and teachers safe-
H.B. 7017: Either Strike & Amend or ‘kill the bill’
CPRC thanks CT leadership who have advocated for student & teacher data privacy protections-Senator Toni Boucher, Representatives Gail Lavielle, Cristin McCarthyVahey, Tom O’Dea and Mike Bocchino. We are grateful for your efforts and ongoing commitment to the safety of CT’s children and teachers.
CPRC thanks CT media for shedding light on the vulnerabilities and critical need for real data protections for the children and teachers of our state.
A special acknowledgment for Senator Markley’s encouragement during CPRC’s launch and continued support.CPRC is the union of 11 citizen groups throughout CT, representing approximately 40,000 CT residents. The Coalition has and continues to, demonstrate willingness to work with legislators by submitting research, evidence and expert council. We are committed to the safety of children and the rights of parents.
(1) From HB 7017 as written: “An operator shall not (3) Sell covered information, unless the sale is part of the purchase, merger or acquisition of an operator by a successor operator and the operator and successor operator continue to be subject to the provisions of this section regarding covered information.”
Children's data should not be for sale, especially without the informed consent of their parents. The 4 Amendments address these missing protections that other state laws have included: 1) CT’s SLDS (State Longitudinal Data System), known as P20-WIN (Preschool to twenty Workforce Information Network) to be transparent, accessible to parents and protected.
2) Family Educational Rights and Privacy Act(FERPA) loop holes to be closed
*3) Online and third party vendors; utilized by schools, to be regulated.
4) Responsible Breach Policy enacted.
*HB 7017, addresses only (and insufficiently) the Online and third party vendors.
The children of Connecticut deserve a comprehensive student data privacy law akin to what other states have already enacted. House Bill #7017, while an attempt to do that, falls short of delivering on the promise we must make to the students and parents of Connecticut- that the legislature is serious about protecting children and teacher’s data and parental rights in the Constitution State.
--AMENDMENTS-- Provided by CPRC and CUSP AN ACT CONCERNING STUDENT DATA PRIVACY: Substitute Bill #7017, File no. 686 1)Data Ownership: Who Owns the Data?
Current language in the bill: “(1) A statement that student records continue to be the property of and under the control of the local or regional board of education;”
Recommended Change: All student records are the property, and are under the control of, the parent or legal guardian of the child, and may be held in trust by the local board of education. The local board of education shall safeguard the privacy of student records, and shall protect student records from all unlawful release to third parties, in accordance with state and federal statutes and regulations.
2) Add to the Bill: Parent/Eligible Student Access to P20-WIN for own child's data and means to rectify any misinformation.
Upon request, the local board of education shall provide immediately to the student, parent, or legal guardian, a copy of any student record, or data of any kind, that is in the possession and/or control of the local board of education and its agents and the state longitudinal data system Upon the request of the student, parent, or legal guardian, the local board of education, and/or its agents, immediately shall correct any error or misinformation contained in the student record, or data of any kind, that is in the possession and/or control of the local board of education and its agents and within the state longitudinal data system.
3) Add to the Bill a FERPA provision: The state Department of Education and its agents, the local board of education and its agents, shall not collect, maintain, or disclose the following student data without the written consent of the parent or legal guardian of the student: The state department of education shall not disclose, nor shall school districts report the following individual student data without consent: (a) Juvenile court delinquency records; (b) Criminal records; (c) Student biometric information; (d) Student medical Records This is a very short list of information that has been protected in other state laws from disclosure without consent. 4) Breach Statement:
Current language in the bill: “A description of the procedures for notifying a student, parent or legal guardian of a student and the local or regional board of education, the State Board of Education or the Department of Education as soon as practical, but not later than forty-eight hours after the contractor becomes aware of or suspects that any student record under the control of the contractor has been subject to unauthorized access or suspected unauthorized access”
Change to: The State Department of Education and its agents, and the local board of education and its agents, shall notify the student and parent or legal guardian of a student of any unauthorized access, or suspected unauthorized access, to any student record or data of any kind that is collected, maintained, or in the possession and control of the State Department of Education and its agents, the local board of education and its agents, and any other authorized third party.
Each unauthorized release of, or breached access to, any student record or data of any kind that is collected, maintained, or in the possession and control of the State Department of Education and its agents, the local board of education and its agents, and any other authorized third party, shall be considered a separate violation, punishable by (add appropriate penalties- fines, denied access to data systems, etc).
Upon notification of an unauthorized release or breach, or suspected unauthorized release or breach, of student records or data of any kind, the State Department of Education and its agents, the local board of education and its agents, and any authorized third party, immediately shall ensure that all necessary corrections are made to prevent further release or breach, and shall repair and rectify all harm caused by the unauthorized release or breach.
Nothing in this law prohibits a parent, board of education, and state and federal agencies from taking legal action against third party vendors or those entrusted from misusing student data that places their child, the school, or community at risk of harm.