Parent Coalition for Student Privacy opposes dangerous “model” employee & student privacy legislation

Adapted from the EFF website.

The Parent Coalition for Student Privacy joinbig-brother fotoed the Electronic Frontier Foundation,  ACLU, and a coalition of nearly two-dozen civil liberties and advocacy organizations  to urge the Uniform Law Commission (ULC) to vote down dangerous model employee and student privacy legislation.

The bill, the Employee and Student Online Privacy Protection Act (ESOPPA), is ostensibly aimed at protecting employee and student privacy. But its broad and vaguely worded exceptions and limitations overshadow any protections the bill attempts to provide. As the letter below explains, ESOPPA will result in only further invasions of student and employee privacy.

The ULC is a nonpartisan organization dedicated to researching, drafting, and promoting the enactment of uniform state laws, which it drafts and circulates as “models.” The ULC will vote on ESOPPA on July 11 at its annual meeting, and if it passes, the ULC will circulate the bill to legislators across the country in the hope of uniform adoption in all fifty states. But ESOPPA falls far short of its goal and does not live up to the prevailing standard for protecting social media privacy currently being enacted by the states and as required by the U.S. Constitution.

Social media accounts include vast quantities of sensitive personal information. As the U.S. Supreme Court made clear in Riley v. California, searches of digital devices are grave invasions of personal privacy in ways that physical searches could never be. Yet ESOPPA does next to nothing to prevent school administrators and employers—including public school employees and state officials—from coercing or requiring students and employees to turn over private, non-publicly available information from such accounts. The bill not only fails to comport with protections afforded to such sensitive personal communication under the Constitution, but the few protections it purports to provide are ripe for abuse and without measures to ensure accountability.

Furthermore, ESOPPA applies only to students at the college level and beyond, leaving the privacy of K12 students completely exposed.

That’s why we’re asking the ULC to either address ESOPPA’s deficiencies or reject the bill outright at its upcoming meeting. Other organizations, including the Foundation for Individual Rights in Education (FIRE), have also sent their own letter to the ULC opposing the current draft of ESOPPA.

You can read the full text of the letter below.

July 6, 2016

Members of the Uniform Law Commission
111 N. Wabash Avenue, Suite 1010
Chicago, Illinois 60602

Oppose Unless Amended: Employment and Student Online Privacy Protection Act

Dear Commissioner:

As civil liberties groups, advocacy organizations, student and parent rights coalitions, and a union representative, we write to you today to express deep concern over the Employee and Student Online Privacy Protection Act (“ESOPPA”). We appreciate the ULC’s interest in protecting the privacy of employees and students alike, but the version of the bill submitted to the full ULC committee for approval at the upcoming annual meeting fails to accomplish that goal in light of its significant deficiencies. While it purports to protect both employees and students, its broad and vaguely worded exceptions and limitations overshadow any protections the bill attempts to provide—doing next to nothing to prevent school administrators and employers from coercing or requiring students and employees to turn over highly sensitive social media account information. These provisions do not comport with the Fourth or Fifth Amendment, and will result in only further invasions of student and employee privacy.

We ask that you not adopt this bill until these issues have been adequately addressed. If these issues are not addressed, we urge you to reject the proposed bill in its entirety. Three of the bill’s provisions are most problematic:

First, the bill authorizes state employers and public educational institutions to require an employee or student to turn over information related to their social media account, including login information and social media content, based merely on “specific information about the student’s protected personal online account,” in order to (i) ensure compliance with, or investigate non-compliance with, federal or state law or an educational institution policy; or (ii) “to protect against . . . a threat to health or safety[.]”

The U.S. Supreme Court made clear in Riley v. California, 134 S. Ct. 2473 (2014), that searches involving technology and electronic devices are grave invasions of personal privacy in ways that physical searches could never be. That case involved cell phones, which the court recognized as especially important due to the many kinds of information they contain: “Modern cell phones, as a category, implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet, or a purse. . . . The term ‘cell phone’ is itself misleading shorthand; many of these devices are in fact minicomputers that also happen to have the capacity to be used as a telephone.” Id. at 2488–89. Social media accounts contain similarly vast amounts of personal information and implicate the very same concerns. Permitting government agents access to students’ and employees’ social media accounts under the vague terms of the current draft of ESOPPA does not comport with the level of protection afforded to such personal information under the Constitution.

Second, although the bill attempts to limit employers or educational institutions access by requiring that any such entity “reasonably attempts to limit its access to content relevant to the purpose justifying that access[,]” such a limit will prove hollow, as it is not technically or practically possible to segregate “relevant” from irrelevant content until all content is accessed. This provision, coupled with the overbroad grant of authority for employers and schools to compel or coerce employees and students to turn over social media account information, renders ESOPPA ripe for abuse by employers and education institutions alike. And the bill includes no measures to ensure accountability.

Third, the limited privacy protections that ESOPPA claims to provide for students have a glaring deficiency—the bill does not apply to most students. ESOPPA provides purported protections only to students at the college level and beyond, leaving the privacy of students at the high school level and below completely exposed. This is not a trivial concern. Students in secondary school and below use social media to learn about and discuss highly sensitive subjects, such as reproductive choices, sexual orientation, gender identity, and political perspectives. In many communities across this country, exposing a student’s perspective on such topics could not only be embarrassing, but it could also place the student’s safety—or even life—at risk. The only option ESOPPA leaves for non-college students who want privacy protection is to not use social media at all. This “option” would do tremendous damages to one of the most vibrant free speech platforms utilized by young people today. This is not acceptable.

We believe it is possible to create a bill that addresses the concerns raised in this letter, protects student and employee privacy, and grants educational institutions and employers the ability to procure social media account information when required or permitted under law, such as when investigating specific allegations of unlawful harassment in the workplace or specific allegations of unlawful bullying by a student or prospective student of another student. Indeed, the American Civil Liberties Union has worked closely with other advocacy organizations and Internet companies alike on its own model legislation, a version of which was enacted in four states this past legislative session alone. Those laws represent the prevailing standard for protecting social media privacy in 2016. ESOPPA, which is coming out of a three-year planning and drafting process, is already showing its age—and it has not even been voted on by the ULC yet. Unless it is the ULC’s objective to roll back the standard for protecting social media privacy currently being enacted by the states, ESOPPA must be significantly revised before it is adopted. The signatories of this letter fully intend to continue our successful efforts to have true social media privacy bills enacted in the states, and if that requires us to oppose ESOPPA, we certainly will.

In order to ensure that ESOPPA does not impermissibly infringe on employees’ and students’ rights, and to enable us to work with rather than against each other on this important issue, we urge the full ULC Committee to either address these concerns or to reject the bill outright.

Thank you for your time and attention to this matter.


American Civil Liberties Union

American Library Association

Bill of Rights Defense Committee

Center for Democracy & Technology

Center for Digital Democracy

Common Sense Kids Action

Constitutional Alliance

Consumer Watchdog

Defending Dissent Foundation

Demand Progress

Electronic Frontier Foundation

Fight for the Future

Free Speech Coalition

Government Accountability Project

Michelle Castro, SEIU California,  Director of Government Relations

National Coalition Against Censorship

Network for Public Education

Network for Public Education Action

NYS Allies for Public Education

Parent Coalition for Student Privacy

Parents Across America

Privacy Rights Clearinghouse

Restore the Fourth

Safety Net Project of the National Network
to End Domestic Violence

Woodhull Freedom Foundation

World Privacy Forum

How not to protect student data Colorado style


Picture this: a stranger able to access your children’s bus pick-up and drop-off time and location, able to see their photos, names, phone numbers, home addresses, health records, even lunch account and activity fees. This information was amazingly vulnerable to hacking in the Lewis Palmer School district in Colorado.  Incredibly, the school district posted hints to passwords (the student’s birthday) on the district website. The student login ID and password were the SAME for both Infinite Campus (that stores student grades, demographics and other personally identifiable information) and their Google Apps for Education documents, including their Gmail accounts.  According to a district parent, who prefers to remain anonymous,

Once you logged in with your student account, you could see all names and student IDs of every student in the district, listed alphabetically down the left side of the website, with corresponding student ID.  And since it was advertised that their birthday was the password, any hacker could go onto Facebook, find out a student’s birthday and login to see all their emails and records in Google (GAFE) and in Infinite Campus.”

According to its website, the Lewis Palmer School District has publicly posted login information and clues to student passwords for three years.  At least one parent complained last fall and the school did nothing to address the vulnerability. Apparently, school officials told parents this was just the way it had to be and it was not possible to change it.

Only after a parent spoke at a school board meeting on May 19, did the district-wide become public news, thanks in part to a local reporter who wrote about it in Complete Colorado:

At a school board meeting on May 19th, a concerned parent asked the school board to fix the security breach immediately. The woman said district officials have known about the issue since the beginning of the school year. Melinda Zark told the board that in the fall she spoke to the district’s top two information technology staff members and her children’s principal about the issue with Google Apps for Education (GAFE), which is needed to connect to Infinite Campus.

However, even after the vulnerability was revealed to the school board,  in the story posted in Complete Colorado, discussed on a breach notification site,,  and  on the blog of privacy advocate Bill Fitzgerald who wrote about it here, the Lewis Palmer School District still did not immediately notify all parents of the breach (as recommended by federal guidance and current Colorado law) nor did the district admit fault.

FERPA requires that the agency or institution record an unauthorized disclosure so that a parent or student will become aware of the disclosure during an inspection of the student’s education record. The district also appears to ignore the Colorado’s Department of Education’s guidance to districts that states,

“The personally identifiable information from students’ education records that a district maintains should not be available to all district employees…”Districts should establish clear methods for addressing any breaches in security.  Individuals should be designated for addressing concerns about security breaches and identifying appropriate consequences, which may need to include termination of employment or a contract.”

Nearly a week after the school board meeting, the District finally disabled the access portal to Infinite Campus accounts. As reported in Lewis Palmer’s disingenuous and incoherent account on its website:

“05.25.16 protecting your student and family personal data is of utmost importance to lpsd. yesterday, we discovered a possible security breach through normal monitoring of ip addresses accessing our systems. it appears one individual with legitimate access to our system, using the student portal, may have accessed a few middle and high student ic accounts. the ip address for this individual was immediately blocked. the individual was unable to modify data or transfer data electronically. we will be contacting the parents of the students impacted. if you do not receive a call by the end of the day, you can assume your child’s account was not impacted. we shut down student portal access to ic this morning. we apologize for the inconvenience this will cause. we had hoped to keep ic access for students up through june 1 so that they could view final grades. unfortunately, due to this possible breach, grades must be accessed through the parent portal. additionally, google accounts, where student user names could potentially be viewed, were shut down earlier this week. accounts will be upgraded and security will be enhanced over the summer. if you need assistance with your parent portal access please contact technology services at (719) 488­4700 . ­­­­­­­­­­­­­­­­­­­­­ at lewis­palmer school district 38, we value protecting student and staff data. we are committed to supporting the use of beneficial online teaching and learning resources, while keeping unnecessary data collection to a minimum. the following graphic shows a quick birds­eye view of some of the concrete steps we take to keep our staff informed and our data safe. staff, please access the spreadsheet below to find the websites / tools that have already been vetted by our team. if you have a tool you’d like to get vetted, please contact your principal to ask how to do this. ask us if you’re ever concerned or confused about wh

Many questions remain about this district’s handling of student data. What personal data was accessed and is there a record of who accessed it? Also, the newly adopted technology and privacy policies seem suspect. According to the Complete Colorado news story,

During the meeting on Thursday, board member Sarah Sampayo was the only board member to recognize the concern. She brought it up as the district was discussing two new policies that deal with privacy and cyber rules. One policy asks parents and students to sign a waiver stating they understand there is no expectation of privacy when they use district technology, and the other protects the district against unauthorized use of its technology that may cause harm to a student.

Sampayo questioned the district’s technology director, Liz Walhof, about whether the district planned to make changes to the Gmail accounts. “How easily accessible is that uniquely identifying [student identification] number to the vast community,” Sampayo asked. “And is our kids’ information then protected because you can then log in … with just the kid’s ID number.”

Walhof said they continue to look into better formats, but added that right now it is not possible to issue an email without using the student’s ID number.”

What are these two new technology policies?  The first, policy JS, states that “Students shall have no expectation of privacy when using district technology resources…Students should not expect that files stored on district resources will be kept private.”

It would seem this blanket waiver may violate existing federal laws including COPPA and FERPA  as well as current Colorado privacy law and the impending new state law which has stronger protections for student data transparency and privacy and security.

Students cannot waive all their rights to privacy in such a radical manner, even if the school district wants them to do so. School district officials can have access to personal student data but only those with a specific interest and responsibility to that child.  Also, although FERPA allows school officials to disclose personal student information to third parties, these exceptions are limited in law and regulation and restricted to those with legitimate educational interests, for the purposes of research, evaluation or audit, or in cases of health and safety emergencies.  Requiring students to waive all their privacy rights as this policy implies would thus seem to violate federal law.

In addition, by posting online the log-in information for all students, including their ID numbers, and publicly advertising that the passwords to gain access are their birth dates – which are readily accessible to district employees and many others – this appears to be an open invitation to breach the system.

The second new district policy JS-E further requires parents to waive any costs or claims from damages incurred by their children’s use of the school’s technology.

If districts and schools are mandating that students use these devices, they must be responsible for keeping their personal information safe. We urge parents in this Lewis Palmer School District to contact the U.S.  Department of Education’s Privacy Technical Assistance Center (PTAC) and file a FERPA complaint, pointing out how the required blanket waiver appears to violate the privacy protections required under FERPA…  The complaint form is here:

The form can also be downloaded, filled out and emailed to    If a parent needs help or advice with this, you contact us at 

Lewis Palmer parents should also ask their district and school board to immediately commission an independent security audit, to address the weaknesses in the system and determine which individuals or companies may have improperly accessed student personal information. What specific data was breached? Was personal information in Infinite Campus accessed by Google, through their Apps for Education? Why were the same user ID and password used for both systems and advertised on the school website? Why was this practice not halted immediately once the vulnerability was brought to the school board’s attention last fall? Why were parents’ concerns dismissed?

In addition, parents should urge that their district immediately adopt other security protections such as encryption for student data and training for all school district employees.  See our five principles to protect student privacy for more on what policies and practices should be adopted by all school districts and states.

At the very least, we believe that this mishandling of student data reveals troubling negligence on the part of the school district. How Lewis Palmer resolves this breach should be a litmus test for other districts and should serve as a wak­e-up call for all parents and schools.

  • Cheri Kiesecker, Leonie Haimson and Rachael Stickland on behalf of Parent Coalition for Student Privacy


Data walls must come down & we will help parents do so

privacy violation

Data walls are a widespread practice in many schools, in which students’ test scores and other personal data are posted publicly in a school, along with their names, photos or other information that makes them identifiable.  These practices not only shame students but also violate their privacy rights, as specified in the federal law called FERPA, in which only school officials or their designees engaged in research, evaluation or contractual services are able to access student personal information.

Here is an article about the damaging impact of data walls by a Virginia teacher; here is a post reprinted from Exceptional Delaware, in which the blogger Kevin Ohlandt explains how he is writing every Superintendent in the state to demand these walls come down.  Here is his follow up post with the letter.

If any parent is interested in filing a FERPA complaint against the use of these data walls, let us know at and we will help him or her do so.

Delaware Public Schools: You Have Until Thursday To Get Rid Of Your Data Walls Or I Start Filing FERPA Complaints

I will be emailing all Delaware Superintendents, Heads of School, and the DOE on this tomorrow, but I wanted to put it out there now.  If any of you have ANY data walls with kid’s names on them or anything that could make a student easily identifiable by the peers in their class, you have until the end of the day on Thursday to get rid of them.  If you don’t, I will start filing FERPA complaints against each and every one of the schools that ignore this.  I don’t mean to play hard ball here, but you are violating the most sacrosanct part of education, the rights of the child.

I highly recommend ALL Delaware parents contact their schools and ask if they have these data walls in their child’s school.  I also suggest they ask the principal or assistant principal to make sure their child IS NOT ON IT.  I don’t care if you think your kid is the next Einstein.  It is wrong to do this.  I don’t care if it is the best charter school, magnet school, or regular school out there.  It is a violation.

DataWalls2If you want to kill a child’s self-esteem, there is no easier way to do it than data walls.  This latest disgusting and sick craze of schools is an actual posting in school hallways or a classroom of a child’s progress.  Whoever thought this was a good idea is one sick individual.  I’m sure it is great for the smart kids who are always on top.  But for those who struggle it is a demeaning and humiliating experience.  For priority schools in Delaware, this is a requirement.  From the minds of those with no soul in the education reform world who don’t give a crap about children and their needs.  For students with disabilities, this is just the latest smack on their beaten faces.

DataWallsThis morning on Facebook, the current president of the Red Clay Education Association brought this up, as well as the growing in popularity E.R. Educators to the Rescue page.  ER wrote:

I call these “Data-shaming Walls”. I hate them (yes, hate) and here’s why you should too. In an age of anti-bullying, this is an in-your-face way of shaming low-performers and their parents. The only folks that like these are parents whose children are the green or advanced levels; everyone else feels like crap. If you see one in your child’s school, please ask the teacher/administrator to take them down.

The Washington Post thinks these are an abomination whereas the mighty Scholastic thinks they are the greatest thing since white bread.

Mike Matthews said:

My unfiltered definition of what a data wall is? It’s a tool used to shame and bully students into making them do better. Under the guise of competition, someone who’s in the “red” will just magically, one day, decide to change his or her performance to get into the “yellow” or “green.”

For some students this will work. Fine. But for others, like the many children with special needs I’ve taught over the years, this will not work and will continue to be a demotivator and could cause unnecessary emotional harm.

Last year at (x school) I had a young lady who came from the (y school). She was profoundly low. Many of the other students knew it, but we’re always very welcoming and supportive with her.

But what if I had one of these data walls? As the lowest-performing child in my class, what would this have done to her to see her name and picture “on the bottom?”

No. No data walls for me. In my classroom, I prefer regular conferencing with students to give them an update of where they are and where they need to be. This public shaming business has to end.

Don’t know what a data wall is? Thanks to E.R. Educators to the Rescue for posting this.

Other people (mostly teachers) had this to say about these pathetic data walls:

I’m shocked that student performance is publicly posted. That’s a clear violation of privacy. The only time I effectively used public posting of data is when I compared percentage passing the test to time studied by each student and found a strong correlation. Blew their minds that it actually mattered.
This is an epically bad idea on par with New Coke.
I’m still floored that they posted PHOTOS! Now, the other students can properly identify and chide the lowest performers.
Doesn’t this violate FERPA?
You’ve hit a nerve in every proper educator with this topic.
I would certainly think so. I don’t even put student’s names on the board. In the beginning of the year I give them each a number. We use the number instead of a name so that parents and other educators can’t see what going on and the students maintain their dignity. A data wall is exactly the opposite! We are taking a huge step backwards with this!
Yes, they are a violation!!! Would teachers want a similar wall based on their DPAS in the faculty room. Would admin want one based on theirs?
Definitely. If I’m not allowed to have a list viewable which tells of life threatening allergies, then I surely shouldn’t have a chart visible for students own data tracking. Does anyone remember the year that we had to discuss personal growth goals and then reward students who achieved their goals? And I teach kindergarten!!!!!!!!!!!!!!! My whole class got rewarded because I value them more than their data.
I wouldn’t do it. Suspend me for insubordination if you must, but I would not do it.
Basically posting students scores on a chart for all to see.
Bahahaha! This one comment: “How about posting each one of your paychecks or your weight? Seems only fitting the teacher share in this glorious display of data.”
So, we’re taking away creative play and limiting recess, adding more testing and less instruction, and then thinking this will lead to better test scores and kids caring about the boring, stressful testing moments of their days? Ugh. Education reform needs a reality check on the positive growth and development of children.
Horrible, terrible, miserable, anti-empathetic, anti-teacher-like behavior.
So there you have it folks.  Teachers hate these things.  They should fire whoever came up with this crap.  Seriously.  I’m guessing they don’t have kids or they had some horrible accident where all the feeling and emotion got sucked out of them.
Remember Delaware public schools…Thursday…the clock starts ticking NOW!

RI Commissioner Wagner Stands Firm on Automated Scoring for the PARCC

Sheila Resseger, a retired teacher, education activist, and  a member of the PCSP, wrote the post below.  Her new blog is at

On  April 5,  the Parent Coalition for Student Privacy, FairTest, Network for Public Education and other parent and teacher activists sent a letter to the State Education Commissioners from the PARCC and SBAC states.  I signed the letter as well.  We demanded these Commissioners inform us as to whether they plan to use computer scoring for the writing sections of these exams.

As research has shown, computers are unable to distinguish nonsense from coherent prose, and instead grade mostly on an essay’s length and how much arcane vocabulary is used.  Employing computers to score the Common Core exams is completely contrary to the supposed goal of these standards: to encourage critical thinking and writing skills; an article about this issue is here.

Later that day, Rhode Island Commissioner Ken Wagner met with our Council on Elementary and Secondary Education.  He was enthusiastic about the prospect of computer scoring of the PARCC constructed responses, and made many astonishing claims, including that research showed that computers scored writing as well or better than expert trained teachers.

(You can see the video, watch from about 11 minutes.)

He also falsely claimed that the SAT and Graduate Record Exam (GRE) used computer scoring. Yet on the GRE, every writing sample is scored by both a computer and a human being, and the College Board uses only human scorers on the SAT.

On May 17, 2016 the RI Board of Education met. Only two people commented during the Open Forum part of the meeting. A retired Providence high school English teacher spoke about her disapproval of the proposed revised regulations for high school graduation, with several diplomas offered of differing value, which would be discriminatory.  I spoke to critique Wagner’s enthusiastic endorsement of automated scoring of the PARCC constructed responses:

At the April 5, 2016 meeting of the RI Council on Elementary and Secondary Education, Commissioner Wagner was enthusiastic about the prospect of computer scoring of the PARCC constructed responses. However, he did not inform the Council of serious misgivings about computer scoring that many knowledgeable people have expressed.

The group Student Privacy Matters [Parent Coalition for Student Privacy] included the following information in an issue brief regarding automated scoring on April 5 under the title,

“Too Many Unanswered Questions about Machine Scoring of the Common Core Exams”

“… wasn’t the Common Core supposed to encourage creativity and critical thinking? And the Common Core aligned exams supposed to assess these skills? Is there any evidence that machines can do either? As far as one can determine, the answer is no.

“Last year, Les Perelman, who was in charge of MIT’s Writing program,wrote an opinion piece for the Boston Globe. Perelman tested out another automated scoring system, IntelliMetric, that could not distinguish essays with meaningful coherent prose from nonsense, and that [gave] high marks to gibberish, such as this:

“’According to professor of theory of knowledge Leon Trotsky, privacy is the most fundamental report of humankind. Radiation on advocates to an orator transmits gamma rays of parsimony to implode.’

“Unable to analyze meaning, narrative, or argument, automated scoring instead relies on length, grammar, and measures of abstruse vocabulary to do [sic] assess prose.”

On a related matter, Commissioner Wagner insisted that it’s necessary to get all schools to use the online version, rather than the paper and pencil version of the PARCC, as soon as possible. He claimed that this is important not only for the testing, but also for an underlying instructional purpose. He said,

“We can’t think about student engagement unless we have a serious strategy around digital learning.”  This does not match my understanding of the phrase student engagement. Thank you.

The format of the Board meetings does not allow for questioning or discussion of the comments from the public. However, later during the meeting, one of the board members asked:

“Can members follow up on public comments, and have a discussion about them? “The answer was that an agenda item can be added during a meeting if the Board votes to do so. No agenda item was added.

The Chair of the Board made a brief comment in answer to the member’s question, and then Wagner spoke up. He explained that there would be a discussion of the proposed graduation requirements later on the agenda. As for my comments about automated scoring, he stated that he stands by his previous comments, notwithstanding the information by the person who was quoted (i.e. Les Perelman).

Wagner continued to insist, as he did in the previous public meeting, that teachers have complained about the time taken out of their classrooms, robbing students of instruction, to SCORE the state assessments! This was one of his rationales for using computer scoring, along with efficiency (shorter wait time for the scores and less money)! Yet neither the PARCC nor the SBAC exam have ever pulled teachers out of the classroom to score; nor in my memory has this been an issue in Rhode Island, so his rationale is completely irrelevant.

Wagner did admit that he misspoke in his April 5 remarks when he claimed that the SAT and GRE have used automated scoring for some time. Apparently he didn’t bother to fact-check before making that comment.

So once again Commissioner Wagner stands firm on espousing the misguided tenets of the corporate education reform that is ruining public education for students, teachers, families, and public schools. Once again he dismisses authentic research by actual experts and refuses to acknowledge that there are legitimate counter-arguments to his positions. Unfortunately, most of the members of the RI Board of Education did not call him out on his careless and false claims.

At least one Board member at this meeting had the initiative to call for more discussion of comments made by members of the public. However, it is doubtful that this will be enough to derail the direction that the RI Strategic Plan for Public Education, the Commissioner, and the Rhode Island Department of Education are taking our state. It is up to those of us who recognize the depth of the damage that is happening under the radar of the general public to speak up and expose the insidious agenda of corporate technocrats like Commissioner Wagner, who argues that online learning is necessary to “engage” students and that machines can do a better job than expert teachers in assessing critical thought.

Breaking! Read how Connecticut passed its first student privacy law!

Students in the great state of Connecticut are fortunate to have warrior parents protecting their private information.

Read how Jennifer Jacobson, a member of the Parent Coalition for Student Privacy, and a handful of other parents joined together to create CAPE, the Connecticut Alliance for Privacy in Education. Read how how their group was able to work with stakeholders and legislators to enact the state’s first student privacy law. This is a great example of how parent power can affect meaningful change.

Congratulations to Jennifer, CAPE, and the students of Connecticut!

HB 5469 An Act Concerning Student Data: Origin, Outcome and Gratitude
What began as a labor of love through the collaboration of four moms; Maria Naughton, Anne Manusky, Kimberly Norton Butler and myself, became a venture into our own education in how student information, used as a tool to help our educators can also pose risks to students. We met with many other concerned parents and several state representatives after learning how a majority of other states have already enacted such legislation. We began advocating for a state law that would serve to protect the children of our state and provide greater awareness to their families.

After an unsuccessful first attempt in 2015, an alliance of organizations was created, across ideological perspectives who came together to have this important conversation- known as CAPE. Together we were able to focus our priority areas within a complex issue that were pertinent to our stakeholders and advocate for their addition into a first state law for Connecticut.

What this bill does: HB 5469 An Act Concerning Student Data Privacy regulates contracts with third party vendors and operators of websites and apps who utilize student information, student records and student generated content via a written agreement with a local or regional school board.

The bill.

  • Clarifies what must be included in contract provision with vendors who receive student information, student records or student generated content.
  • Restricts the use of student information, student records and student generated content to purposes defined within the contract.
  • Requires a means by which a parent can review student information held by a vendor and correct any erroneous information
  • Specifies that student information, student records and student generated content cannot be retained by a contractor after the contracted services expire, unless requested by the parent.
  • Clarifies that contractors and vendors do not “own” the data and that all student generated content remains property of the parent or student.
  • Defines technical security standards for the maintenance, transmission, access and destruction of sensitive student data.
  • Requires parental notification of a locally executed contract to which their children are a party to, details of the contact, and requires that contracts be posted.
  • Bans targeted advertising based on a students use of websites and apps used at school for school purposes.
  • Bans the sale, rent or trading of student information unless the sale is part of a merger.
  • Details the conditions and instances when an operator may disclose, use and share student information.
  • Specifies the timelines and process for breach notification to local and regional school boards and parents.
  • Creates a Task Force to examine other important issues relating to student data including: parent deletion of student information when appropriate, notice of website and apps used in school to parents, reasonable penalties for violators of the law, training on secure data handling, developing a list of approved websites and apps for use in school, a grievance process for parents and students, developing a tool kit for schools, and raising awareness on the issue of student data. The task force shall report to the general assembly with any findings and recommendations by January 1, 2017.

This bill does not stop the collection of student data or its appropriate use for instructional purposes or to improve student outcomes. It simply provides greater notice and transparency for parents and delineates contract provisions and technical security safeguards, while seeking to address misuse in an under regulated and under enforced industry.

HB5469 is a bill that serves to provide greater protection for our students, information for our parents, guidance for our schools and grants a vehicle to bring all stakeholders to the table to continue this important conversation. A bill which was borne by parents and their representatives who heard their concerns and acted to address the issue.

HB 5469 truly represents the best of us in Hartford. When constituents, lawmakers, organizations and advocates work together, listen to one another and work across the aisle we can create good policy that benefits kids, families and leaves open the door for further conversation

This is an important first step for Connecticut’s students and families and we are incredibly grateful that the legislature has heard our call this year. The bill passed unanimously in the House on May 3rd and on consent in the Senate on May 4th.

We wish to extend our sincere gratitude to those representatives who championed this work:  Cristin McCarthy-Vahey, Gail Lavielle, and Toni Boucher. To the Co-Chairs of the Education Committee- Andrew Fleischmann and Gayle Slossberg, all of the co-sponsors of the bill and every member of the House and Senate for their support and vote.

I wish to also thank CAPE member representatives from  the Connecticut Parental Rights Coalition-Pam Lucashu and Anne Manusky, Connecticut PTA-Marne Usher and Kathleen Kennedy, American Civil Liberties Union CT-David McGuire, Connecticut Association of Private Special Education Facilities-Ana Wittig, Connecticut Council of Administrators of Special Education-David Scata, Connecticut Association of School Administrators-Ann Jellison and Kevin Graff, Connecticut Education Association-Ray Rossomando and Susan Williams, Connecticut Federation of School Administrators-Gary Maynard and Paul Stinger, American Federation of Teachers- Jen Berigen and Jen Hochadel and Oak Hill School-Stan Stoby for their insight, support and tireless dedication to our states students and parents. It is truly an honor.

To the Grassroots contingency, starting with the original foursome and stretching across the state- what can I say ? Your fierce and fearless voices, always ready to stand guard- for which I can only bow down in awe of your continued action and advocacy.

To the parents and children of this state- this one’s for you!

On to the Governor with vigilance through to the finish line, who you may contact at 860-566-4840 to urge his signing. Nationally and within state there is more work to be done, but we have a start.


Jennifer Jacobsen, M.Ed

Director, CAPE

Never doubt that a small group of thoughtful, committed citizens can change the world”