As we previously reported, on March 21, 2020, Governor Lamont issued Executive Order 7I, Protection of Public Health and Safety During COVID-19 Pandemic and Response – Municipal Operations and Availability of Assistance and Healthcare, which permitted the Commissioner of Education (“Commissioner”) to temporarily waive any requirements included in Connecticut’s student data privacy laws, Conn. Gen. Stat. §§ 10-234aa through 10-234dd, during school closures resulting from the pandemic. Please refer to our March 22, 2020 post detailing various requirements of Connecticut’s student data privacy law. On March 23, 2020, the Commissioner issued a Memorandum to all superintendents identifying “temporary flexibilities” in the student data privacy laws and providing guidance to schools in their use of internet-based tools during the school closure as relating to data privacy.
The Commissioner’s temporary waiver is strictly limited to the contracting requirements identified in Conn. Gen. Stat. § 10-234bb. As the Commissioner explained, “effective immediately, and for the duration of the cancellation of in-school classes, districts may bypass the process of crafting individual contracts for new technology solutions that fall under the data privacy statute.” Instead of entering into individual contracts, districts may use any of the educational technology offered by companies that have signed Connecticut’s Student Data Privacy Pledge, available on the Connecticut Educational Software Hub. In signing the Pledge, providers agree that they will comply with Connecticut’s student data privacy protections. A list of the pledged products can also be found here. Please note that the following platforms can also be used because they have negotiated contract terms directly with the Connecticut Commission for Educational Technology: Apple, Google, Code.org, and Khan Academy.
School districts must be aware that all other aspects of Connecticut’s student data privacy laws still apply; this includes but is not limited to the requirements for and prohibitions on the use of student data by operators, under Conn. Gen. Stat. § 10-234cc; and the breach notification requirements for schools and operators, under Conn. Gen. Stat. § 10-234dd. Moreover, schools are still permitted to use the internet-based educational technology for which they already have contracts in accordance with Connecticut law, or technology that does not fall under the law’s contracting requirements. School districts are also still permitted to enter into contracts with these providers, or in the alternative, may request that vendors sign onto the Student Data Privacy Pledge, as suggested in the Commissioner’s Memorandum.
The intent of the Governor’s Executive Order and the Commissioner’s subsequent Memorandum are to assist schools in the provision of distance learning during these unprecedented times, while still protecting student data. Schools should always exercise caution in releasing student data to third parties. Even though Connecticut’s student data privacy contracting requirements have been temporarily relaxed, schools should continue to make student privacy a top priority in their provision of distance learning during school closures.
Please continue to monitor ctschoollaw.com for updates concerning COVID-19. You may subscribe to receive automatic updates, or you may visit our COVID-19 Resource Center, where we have gathered all of the guidance we have issued so far as well as state and federal guidance under the heading “For Schools.” If you have specific questions about online learning tools and contract requirements, please contact Gwen J. Zittoun at firstname.lastname@example.org or Chris Tracey at email@example.com.