Category Archives: student data privacy

Lege TREND. Facial Recognition Software & Public Education.

State : New York

Legislation: AB 6787 (2019 | NY)

What does this bill do? 

  • Prohibit schools from using biometric software for 1 year
  • Study the use and safety of biometric identifying software
  • Make recommendations for the use of biometric software to further school safety

Lockport Union Sun Journal | Bill calls for study of facial recognition systems in schools 

Lege TREND. Tech Rich State. Yes to Data Breach Bill. No to Data Privacy Bill.

State: Washington

The bills that succeeded: HB 1071 (2019 | WA)

What does the data breach bill do?

  • 30 days to notify the state Attorney General and consumers (down from the current 45 days)
  • What information triggers a breach notification?
    • Social Security numbers
    • driver’s license numbers
    • state ID numbers
    • financial account information
    • full birth dates
    • health insurance ID numbers
    • medical histories
    • student ID numbers
    • military ID numbers
    • passport ID numbers
    • username-password…

Regulatory TREND. State Agency Data Security Requirements for Student DATA. Civil Liability Education Vendors.

New York Department of Education is proposing new rules  that will:

  • Parent’s Bill of Rights applicable to 3rd party vendors and setting standards on disclosing student data
  • The National Institute for Standards and Technology Cybersecurity Framework (“NIST CSF”)
  • Annual training for school district employees
  • A Data Protection Officer in every school
  • Notice of a school data breach must be given to the Department of Education within 10 days
  • Civil Penalties that accrue per individual affected…

2019 Student Data Security State Standings. Legislative Trends.

What entity is ranking states on student data protection?  Parent Coalition for Student Privacy

Best State for student Data Protection? Colorado with a B

Worst states for student data protection? 11 way tie with Fs for Alabama, Alaska, Massachusetts, Minnesota, Montana, Mississippi, New Jersey, New Mexico, South Carolina, Vermont, Wisconsin

The populous states?

  • California C
  • New York B-
  • Illinois C+
  • Texas D+
  • Florida D+
  • Pennsylvania D-

Lingering Education Data Security Issue for all…

Lege TREND. State passes Equifax Fix. State Attorney General Proposes More Fixes. 2 Key Points.

In 2018, Vermont passed a data breach notification bill to address the Equifax data breach.

Vermont’s Attorney General is Recommending the following additional legislative fixes:

  • Create a new statewide office, Chief Privacy Officer,  charged with ensuring the state establishes best practices for handling Vermonters’ personal information
    • the position would advocate for additional privacy protections for citizens & hear concerns
  • Stronger protections for student data by educational…

Lege TREND. Top Data Security State Legislation in 2019.

  • California Privacy Act.  Will other states replicate it? Is it the US solution for GDPR?
  • Federal Preemption. Will Congress pass federal data breach notification standards?
  • Data Privacy Requirements for Internet of Things.  Privacy standards for your home thermostat, etc… See California’s SB 327 (2018)
  • Will small businesses get a carve out bill? See S770 (115th Congress)
  • Federal Preemption of Data Encryption Standards for Business

Sc Media | Top cybersecurity legislation of 2019

5 Reasons Schools Must Tackle Cyber Security.

  • Libaility for the school, the school distric,t the principal, and the superintendent
  • Legal requirements schools retain records like, HIPPA records, that has certian legal requirements
  • Disruptions to Education When a school is subject to a hack, it can suspend learning
  • Student Records. A cyber event may not only want to steal information, it may want to change information. Integrity of school records is crucial
  • Reputation of the school, its educational system, and its leadership

EdScoop…

5 Points. Apple Desired Information Privacy Law.

 

  • tech companies should de-identify customer data or not collect customer data
  • comprehensive federal law is necessary
    • why? tech companies that collect a lot of data are basically spies
  • people should have a right in their data, and a right to have that data minimized
  • consumers must be told what data is being collected & why
  • the data belongs to the users and users (consumers) should always have access to it

The gold standard law: GDPR in the EU

Ars Technica | Tim Cook Calls for Strong US…

Lege Trend. Legislation to Regulate Data BROKERS. 5 Point Legislative Plan.

States can enacted legislation to address Data Broikers by:

  • impose a fiduciary duty towards the consumers whose data they harvest and monetize
  • establish a government office to assist the victims of data breaches
  • compensation for their financial & non-financial injuries 
  • require disclosures by data brokers like:
    •  consumer’s “right to know” what personal information a data broker has gathered
    •  how the broker obtained it
    • to whom they sold it
  •  require consumer consent for data…