State Action to Streamline Compliance: The Connecticut Story

State Action to Streamline Compliance: The Connecticut Story

The letter and intent of privacy laws define compliance standards for school districts and other stakeholders, but who supports the translation of statute into practice? National organizations can provide general frameworks and guidelines, but — as is the case in Connecticut — the onus of achieving and maintaining compliance falls on local leaders and software providers.

The Challenge

Having 169 districts and thousands of educational technology companies separately interpret and act on our state’s student data privacy law — last year’s Public Act 16-189, with updates in this year’s PA 17-200 — has proven hugely time-intensive, duplicative, and inefficient. For example, the results of a statewide survey of district leaders by the Commission for Educational Technology, our state’s chief educational technology lead, indicates that our schools will spend an additional 80,000+ staff hours this year in the review and negotiation of vendor terms to comply with the law. And this total does not even include districts’ direct costs, such as legal fees incurred from external counsel to complete contract reviews. Nor does it reflect the “opportunity cost” many have expressed as they delayed or outright cancelled instructional initiatives that require the support of district staff entrenched in terms review and negotiations.

Solutions That Scale

The Commission has addressed these challenges and supports the use of high-quality educational software to scale personalized learning through a set of initiatives described in its recently released state Educational Technology Goals and Plan ( This work includes a comprehensive study on student-centered learning in our state (, the rollout of a program to support best practices in K – 12 privacy and security (, and a Student Data Privacy Toolkit (

The Commission has also engaged in two initiatives to minimize the direct and indirect costs of compliance to districts and software developers. Specifically, we are addressing the “long tail” of educational software use. Those familiar with this use model — which applies to music, streaming video, and other digital media — recognize the following diagram:

Source image by Hay Kranen / PD, modified with permissions from

The green section at the left represents the relatively small number of software titles that most K – 12 public districts use. In Connecticut, this includes suites of products from Google, Microsoft, Apple, and PowerSchool, which nearly 90 percent of our districts have adopted as their student information system. The yellow “long tail” to the right represents the thousands of apps, extensions, and other educational software titles that districts use, but in decreasing frequency (e.g., one or two teachers).

Connecticut’s law does not differentiate between these two categories of software applications. No matter how widely its products are used, providers of educational software must comply with all aspects of our privacy law, including data use, retention, deletion, and breach notifications. Our law also defines district requirements, primarily in the area of notifications concerning the adoption of educational software (e.g., a separate outbound communication to students and families for each new product) and data breaches.

To minimize the cost of compliance for both districts and operators, our Commission has developed solutions that address both portions of the “long tail” of educational software use:

State-Level Negotiations

To help ensure compliance among the 20 or so most widely used education software titles, our Commission has engaged directly with operators to review, clarify, and help modify their privacy terms.

The expertise behind this work comes from the technology procurement team within our Department of Administrative Services, with lead attorney Rachel Whitesell deftly reviewing and providing feedback to vendors on their privacy terms. Addressing these often-nuanced legal issues centrally, at the state level, has introduced efficiencies that benefit nearly all of our districts.

Educational Software Hub

To scale support for all districts and operators, helping them understand and comply with our student data privacy law, the Commission recently launched the Connecticut Educational Software Hub, accessible from the following site:

The Hub provides educators with a powerful search engine to find software developed by companies that have reviewed and signed our Connecticut Student Data Privacy Pledge ( The language in the Pledge serves as a checklist of requirements defined by our law and provides a straightforward path for software companies to achieve compliance with that statute. They can use the language in the Pledge as the basis for an addendum to or changes in their own contract terms. The Hub provides assurances from providers looking to do business in Connecticut, offering a level of transparency and accountability that balances the burden of compliance more equally between districts and software developers.

In a short time, the Hub has already gained the enthusiastic support of legislators, educators, and vendors. We have nearly 800 educators using the service, with more than 100,000 page views last month alone. Our state associations for boards of education, superintendents, and principals have jointly issued a statement ( urging software developers to utilize the Hub to demonstrate their commitment to student privacy. District leaders see the site as helping streamline the software review and vetting processes. Susan Moore, Supervisor of Blended Learning in Meriden Public Schools, wrote, “I am thrilled to have the Hub as a go-to resource for administrators and teachers.”

Software companies have also expressed appreciation for a platform that they can use to understand and demonstrate compliance directly to their district customers. The site serves as a virtual marketplace, with RFP features and tools to connect providers to districts based on need. Michael Swaine, Northeast Manager of Gaggle, noted that the Hub “provides districts with a single location to communicate and share valuable information about vendors as it relates to compliance, impact, and cost.”

In addition to its compliance features, the Hub helps schools share best practices and realize purchasing efficiencies. Built on LearnPlatform, it connects our state’s K – 12 community with more than 100,000 educators nationwide and a list of more than 5,000 software titles, searchable by subject, grade level, and technology platform. Users can create and share product “report cards” to make smart decisions about the value and impact of specific educational software titles.

Supporting Best Practices

Many district leaders have long espoused best practices in privacy review and controls to ensure the effective use of technology in the classroom. At the same time, educational software providers continue to develop products that help scale personalized learning and engage students. The tools and resources our Commission has developed will introduce efficiencies that support district due diligence and private innovation to the benefit of operators, teachers, parents, and learners.


As Executive Director for the CT State Commission for Educational Technology (CET), Doug Casey designs and manages strategic plans that ensure the successful integration of technology in Connecticut’s schools, libraries, universities, and towns. The CET oversees statewide programs such as its flagship research and education broadband network, the CEN.

Doug’s prior experience includes managing technology and security for a network of magnet schools that are helping to close the achievement gap between urban and suburban learners. He began his career as a middle school English teacher and brings a diversity of experience to every challenge — from managing online publications for the Smithsonian Institution to systems engineering for the U.S. House of Representatives and national security agencies. He holds a BA from the College of William & Mary, MA from Georgetown University, and MS from George Washington University. Outside of work, Doug enjoys time with family, mission work, and triathlon.

Related Resources

  • FPF Perspectives

    FPF Responds to the FTC’s COPPA Policy Statement

    May 19, 2022

    On May 19, 2022, the Federal Trade Commission (FTC) held an open meeting where it approved a policy statement prioritizing enforcement of the Children’s Online…

    Learn More
  • Higher Ed Perspectives

    The Datafication of Student Life and the Consequences for Student Data Privacy

    Apr 11, 2022Kyle M. L. Jones (MLIS, PhD) Indiana University-Indianapolis (IUPUI)

    The COVID-19 pandemic changed American higher education in more ways than many people realize: beyond forcing schools to transition overnight to fully online l…

    Learn More
  • Blog

    So Much Data: Thinking About How We Govern with Data and How We Are Governed by Data in US Higher Education

    Apr 11, 2022Michael Brown, Assistant Professor of Higher Education and Student Affairs, School of Education, Iowa State University

    As a researcher who focuses on how US higher education institutions construct data systems to support students’ success, I find myself having the same conversa…

    Learn More