Senate Bill Addressing Student and Family Digital Privacy Moves to Education Committee

Senate Bill Addressing Student and Family Digital Privacy Moves to Education Committee

A Senate bill addressing student and family digital privacy, introduced by two Democratic senators, has moved to the Education committee earlier this month. While not a bipartisan initiative, one of the ten senators introducing the bill included Tracy Pennycuick, a Republican representing parts of Berks and Montgomery counties. Originally introduced last year, the bill is co-sponsored by Democratic Senators Amanda Cappelletti, representing parts of Delaware and Montgomery counties, and John Kane, representing parts of Chester and Delaware counties.

The memo accompanying the bill highlighted the increasing use of technology and cloud-computing services in schools for academic and administrative functions. It pointed out that while schools can enhance student learning and improve operations through technology, private educational technology companies can collect massive amounts of sensitive data about students, including health records, disciplinary records, financial status, and online activity.

A review of thirty-one Pennsylvania school systems found that only eleven had documented procedures to ensure software companies did not violate student privacy. The senators acknowledged that while most schools make efforts to protect student data, the task is complicated and often expensive, especially with the use of third-party educational technology tools.

The bill aims to strengthen protections for students and their families by prohibiting educational technology providers from selling student data, using information for advertising, or creating student profiles for noneducational purposes. It also proposes support for school districts by establishing a data security officer within the Department of Education, publicizing model policies and contracts, and using an online technology platform to maintain student data securely.

If passed, the Secretary of Education will designate a chief data security officer within sixty days, who will submit an annual report on the protection of student data. School districts will be required to report any data breaches to the department within five days.

The bill comes in the wake of a data breach by Raptor Technologies, an integrated school safety software used by some local districts in the region. Wired magazine reported on the breach, which exposed highly sensitive documents, including evacuation plans, medical records, and personal information of staff, students, and parents.

Beth Ann Rosica, an advocate for at-risk children and families, covers education issues for Broad + Liberty and can be contacted at barosica@broadandliberty.com.