Privacy bills
The privacy bill is based in part on recommendations by the Electronic Frontier Foundation to protect student privacy. We need members to call legislators to support and sponsor this bill--join us!
A comment box is provided further below for suggestions,
such ideas on placement of surveillance video.
such ideas on placement of surveillance video.
an act protecting privacy of school staff & students
SECTION 1. Chapter 71 of the General Laws is hereby amended by striking the language of Section 93 and inserting thereof the following:-
SECTION 93. TECHNOLOGY PRIVACY AND SAFETY MEASURES
(a) As used in this section, the following words shall have the following meanings:
“Confidential data” is data collected on students or staff and which includes:
(1) standard identifying information:
(3) personal writings or other personal work such as art
(4) political views
(5) socioeconomic data
(6) similar information on home and family life
“Granular opt-out processes for different uses of data” is providing separate options to refuse different types of data sharing. Considerations include but are not limited to placement in a yearbook or directory, using cloud services, or using school-issued devices or personal devices.
“Opt-out alternatives for technology” is an opt-out of technology use for students and staff with a comparable non-technological assignment.
(b) Use of confidential data from public school students and staff for marketing or political identification shall be unlawful.
Except as necessary for defined bureaucratic, health, or educational functions, the gathering, sharing, or storing of confidential data on public school students and staff in the Commonwealth shall be unlawful, and data must be kept anonymous when personal identifying information is not relevant or necessary to the data collection. This law requires that school vendors and public schools collect only as much information as needed to do a particular job, take steps to avoid placing confidential data at risk, and that when the information is no longer needed that it be shredded or otherwise securely erased.
It shall be unlawful to mandate the posting of public primary and secondary student work online or in public spaces as a condition of mandatory course work. Posting student work online or in public spaces shall be lawful only with the directly specified consent of the student and relevant guardian.
Practices for protecting privacy include
(d) Data gathering related to educational functions may include but not be limited to educational research, professional development, counseling functions, or improvement of instruction, provided data collection is relevant to the task, reasonable, and respects privacy. Temporary data gathering for commercial product improvement may occur provided an educational benefit exists for the student, when the student may opt out at any time, and when informed consent is obtained from the student and relevant guardian.
(e) When providing school technology access, each school committee in conjunction with the superintendent or the board of trustees of a charter school shall reduce opportunities for loss of confidential data by establishing:
(1) granular opt-out processes for different uses of data;
(2) identification and labeling of processes and equipment which may risk confidentiality;
(3) respectable informed consent procedures;
(4) shredding or secure erasure of unneeded data
(5) access to clearly described vendor data collection policies and data security to relevant students, guardians, and staff;
(6) opt-out alternatives for technology; and
(7) staff training and student education on the necessity of confidentiality and privacy.
(f) Each school district providing computer access to students shall adopt an Internet Safety Policy for the safe and efficient use of online resources. For the purposes of this Section, an Internet Safety Policy shall be designed by the school committee in conjunction with the superintendent or the board of trustees of a charter school. Any such policy shall:
(1) Require the notification of the parents, guardians, students, and additional stakeholders of the policy and any changes to it every two years at the beginning of the academic year with opportunity for public input and recommendations; and
(2) Make publicly available the specific measures to block, filter, or alter websites by the Internet Protection Measures pursuant to subsection (g) of this section, the basis for including those categories, and the individuals who are responsible for making those decisions; and
(3) Make publicly available the specific measures to protect privacy pursuant to subsection (e) of this section, and the individuals who are responsible for making those decisions; and
(4) Be evaluated at least every two years by the school committee in conjunction with the superintendent or board of trustees of a charter school to ensure that the policy conforms to current law, internet practices and technical requirements of teachers, provided that the results of the evaluation are made subject to a public hearing to accept public comment and input; and
(5) Employ a digital citizenship curriculum before and during technology use that shall include, but not be limited to, age-appropriate practices in healthier, safer and more responsible technology use, behavior, and communication. For the purposes of this section, the scope and sequence of digital citizenship curriculum shall be designed by the school committee in conjunction with the superintendent or the board of trustees of a charter school, along with parents and interested teachers from the school district; and
(5) Protect students from visual depictions that are obscene, pornography, or harmful to minors (U.S.C. 54.520) within the statutes required herein addressing the use of internet protection measures for computer access in its schools; and
(g) Each school district shall adopt written practices and procedures regarding the implementation of Internet Protection Measures. For the purposes of this section, Internet Protection Measures shall be selected or designed by the school committee in conjunction with the superintendent or the board of trustees of a charter school. Any such practices and procedures shall:
(1) Be managed, maintained, and operated by the superintendent or their designee; and
(2) Maximize access to educationally appropriate online content, inquiry-based research, and universal design instruction; and
(3) Restrict access to online content that contains obscenity, pornography, or material harmful to minors (U.S.C. 54.520); and
(4) Include a procedure for teachers to override a website that has been blocked by Internet Protection Measures, provided that the website does not contain obscenity, pornography, or material harmful to minors (U.S.C. 54.520); and
(5) Establish criteria for the overruling of a request by a teacher to allow access to a website that is blocked by the internet protection measures, a procedure to provide the requesting party with an explanation of the reasons for denial of a request, and a procedure to record and submit any requests and overrulings to the school committee every two years.
(h) The Massachusetts Department of Elementary and Secondary Education shall develop a template internet protection policy for use by school districts, state schools, and charter schools. The template shall include, but not be limited to, the provisions contained in subsection (f) of this section. Upon the completion of the template, which shall be no later than July 30, 2018, all districts shall be notified of its contents and the department shall make the template available on the department website.
(i) This act shall take effect upon its passage.
SECTION 93. TECHNOLOGY PRIVACY AND SAFETY MEASURES
(a) As used in this section, the following words shall have the following meanings:
“Confidential data” is data collected on students or staff and which includes:
(1) standard identifying information:
- names of staff and students
- dates of birth
- addresses
- grades
- medical information
- exam results
- staff development reviews
- assessments
- other personal identifying information
(3) personal writings or other personal work such as art
(4) political views
(5) socioeconomic data
(6) similar information on home and family life
“Granular opt-out processes for different uses of data” is providing separate options to refuse different types of data sharing. Considerations include but are not limited to placement in a yearbook or directory, using cloud services, or using school-issued devices or personal devices.
“Opt-out alternatives for technology” is an opt-out of technology use for students and staff with a comparable non-technological assignment.
(b) Use of confidential data from public school students and staff for marketing or political identification shall be unlawful.
Except as necessary for defined bureaucratic, health, or educational functions, the gathering, sharing, or storing of confidential data on public school students and staff in the Commonwealth shall be unlawful, and data must be kept anonymous when personal identifying information is not relevant or necessary to the data collection. This law requires that school vendors and public schools collect only as much information as needed to do a particular job, take steps to avoid placing confidential data at risk, and that when the information is no longer needed that it be shredded or otherwise securely erased.
It shall be unlawful to mandate the posting of public primary and secondary student work online or in public spaces as a condition of mandatory course work. Posting student work online or in public spaces shall be lawful only with the directly specified consent of the student and relevant guardian.
Practices for protecting privacy include
- storing research data anonymously
- limiting storage of personal writings and other data online
- avoiding or appropriately segregating and labeling technologies which have the ability to record audio, image, or personal writing in student and staff areas
- following traditional practices of requiring informed guardian consent or warrants for release of confidential data
- establishing granular opt-out processes for different uses of data
- providing opt-out alternatives for technology
(d) Data gathering related to educational functions may include but not be limited to educational research, professional development, counseling functions, or improvement of instruction, provided data collection is relevant to the task, reasonable, and respects privacy. Temporary data gathering for commercial product improvement may occur provided an educational benefit exists for the student, when the student may opt out at any time, and when informed consent is obtained from the student and relevant guardian.
(e) When providing school technology access, each school committee in conjunction with the superintendent or the board of trustees of a charter school shall reduce opportunities for loss of confidential data by establishing:
(1) granular opt-out processes for different uses of data;
(2) identification and labeling of processes and equipment which may risk confidentiality;
(3) respectable informed consent procedures;
(4) shredding or secure erasure of unneeded data
(5) access to clearly described vendor data collection policies and data security to relevant students, guardians, and staff;
(6) opt-out alternatives for technology; and
(7) staff training and student education on the necessity of confidentiality and privacy.
(f) Each school district providing computer access to students shall adopt an Internet Safety Policy for the safe and efficient use of online resources. For the purposes of this Section, an Internet Safety Policy shall be designed by the school committee in conjunction with the superintendent or the board of trustees of a charter school. Any such policy shall:
(1) Require the notification of the parents, guardians, students, and additional stakeholders of the policy and any changes to it every two years at the beginning of the academic year with opportunity for public input and recommendations; and
(2) Make publicly available the specific measures to block, filter, or alter websites by the Internet Protection Measures pursuant to subsection (g) of this section, the basis for including those categories, and the individuals who are responsible for making those decisions; and
(3) Make publicly available the specific measures to protect privacy pursuant to subsection (e) of this section, and the individuals who are responsible for making those decisions; and
(4) Be evaluated at least every two years by the school committee in conjunction with the superintendent or board of trustees of a charter school to ensure that the policy conforms to current law, internet practices and technical requirements of teachers, provided that the results of the evaluation are made subject to a public hearing to accept public comment and input; and
(5) Employ a digital citizenship curriculum before and during technology use that shall include, but not be limited to, age-appropriate practices in healthier, safer and more responsible technology use, behavior, and communication. For the purposes of this section, the scope and sequence of digital citizenship curriculum shall be designed by the school committee in conjunction with the superintendent or the board of trustees of a charter school, along with parents and interested teachers from the school district; and
(5) Protect students from visual depictions that are obscene, pornography, or harmful to minors (U.S.C. 54.520) within the statutes required herein addressing the use of internet protection measures for computer access in its schools; and
(g) Each school district shall adopt written practices and procedures regarding the implementation of Internet Protection Measures. For the purposes of this section, Internet Protection Measures shall be selected or designed by the school committee in conjunction with the superintendent or the board of trustees of a charter school. Any such practices and procedures shall:
(1) Be managed, maintained, and operated by the superintendent or their designee; and
(2) Maximize access to educationally appropriate online content, inquiry-based research, and universal design instruction; and
(3) Restrict access to online content that contains obscenity, pornography, or material harmful to minors (U.S.C. 54.520); and
(4) Include a procedure for teachers to override a website that has been blocked by Internet Protection Measures, provided that the website does not contain obscenity, pornography, or material harmful to minors (U.S.C. 54.520); and
(5) Establish criteria for the overruling of a request by a teacher to allow access to a website that is blocked by the internet protection measures, a procedure to provide the requesting party with an explanation of the reasons for denial of a request, and a procedure to record and submit any requests and overrulings to the school committee every two years.
(h) The Massachusetts Department of Elementary and Secondary Education shall develop a template internet protection policy for use by school districts, state schools, and charter schools. The template shall include, but not be limited to, the provisions contained in subsection (f) of this section. Upon the completion of the template, which shall be no later than July 30, 2018, all districts shall be notified of its contents and the department shall make the template available on the department website.
(i) This act shall take effect upon its passage.