Bethel Data Privacy PA-189

Bethel Public Schools Privacy Overview

Commitment to Student Privacy:

Bethel Public Schools is committed to innovative teaching and learning using 21st century personalized curriculum with 1:1 digital resources available in a protected anytime anywhere learning environment. While we are dedicated to provide rich, relevant, and rigorous resources we will only do so in compliance with Federal and State laws on student data privacy. These pages are designed to inform and address concerns on how Bethel Public Schools protects and informs staff, students, and parents on using digital resources in our district.

Plan Overview:

  1. Ensure we are compliant with Federal Privacy Acts and have parent sign off on our Parent Student Handbook
  2. Unpack, analyze, and apply the new PA -189 criteria to our district (see below)
  3. Communicate with the State Department of Education, State Commission for Educational Technology, and other school districts on best practices on student data privacy
  4. Create and post information as relates to student data privacy
  5. Establish a vetting process for digital resources in our district
  6. Train staff and students to best practices as relates to student data privacy
  7. Keep our community informed on our efforts and best practices regarding student data privacy

The Law

On June 9, 2016, Governor Malloy signed into law Public Act 16-189, “An Act Concerning Student Data Privacy” (the “Act”), which ushers in sweeping changes to the protection and use of student data. As schools increasingly turn to software, web-based learning, mobile apps, cloud computing and other electronic methods to improve student outcomes and the educational experience, the Act sets forth minimum privacy and contractual standards for all parties involved in the creation, use, or handling of student data. Unless otherwise noted, the Act’s requirements are effective October 1, 2016.

The law designates ten requirements for three types of student data (a) directory information, (b) personally identifiable information, and (c) student generated content. These ten requirements apply to three categories of vendors using student data namely operators, contractors, and consultants. Our Bethel contract contains direct language to these terms and specifically addresses the ten requirements each vendor must sign off on. See PA-189 Contract Checklist for these ten contract requirements.

Connecticut PA - 189 Requirements 

Here is Bethel Public School's mandatory response and preparation to each of the seven criteria expressed by Shipman & Goodwin:

  1. Conduct an in-district inventory of all internet websites, online services, and mobile applications teachers in the district are using in conjunction with the education of students;
    See Bethel Software Services Contracts

  2. Prepare a draft contract and student/parent notice of contracts that will be posted on the district’s website and sent electronically to students/parents;
    Link to
     Bethel Contract and Parent Letter of Notice

  3. Review Requests for Proposal (RFP) documents and templates to ensure that the documents requested from potential vendors contain information on the privacy topics addressed in the Act, so that the board of education can incorporate privacy concerns in its decision-making process;
    Link to PA-189
     RFP document Checklist

  4. Consider implementing a data privacy screening tool for potential vendors, which may or may not be included as part of a RFP.  The screening tool can provide some assurances to boards of education that vendors are aware of the requirements and have taken action to comply with them;
    Link to PA-189 
    RFP document Checklist

  5. Review and consider revision to the board’s Student Records Policy to ensure compliance with the Act and relevant provisions of FERPA;
    Link to Bethel BOE CABE documents

  6. Develop a preferred description of the actions the board of education will expect a contractor to take to ensure student record security and confidentiality, including administrative, physical and technical standards; and
    Link to PA-189
     RFP document Checklist

  7. Prepare a procedure to govern who is responsible for receiving notice of data breaches and how the district will respond to such notification.
    Link to
     Breach process and notification letter

    Source: Shipman & Goodwin