Student Data Privacy

Notice of Vendor Data Security Incident


The Board of Education has received preliminary notice from PowerSchool of a data security incident that impacted employee and student information. PowerSchool has not yet provided a list of impacted students and/or employees to the Board of Education.  PowerSchool will be using Experian, a third party vendor, who may have contacted those impacted with additional information. 


More information is available in the link below:


https://www.powerschool.com/security/sis-incident/notice-of-united-states-data-breach/


For any questions regarding the PowerSchool Cybersecurity incident, please see the publicly available PowerSchool FAQ below.

 

https://www.powerschool.com/security/sis-incident/

East Haven Public Schools is committed to protecting student data in accordance with the Family Educational Rights and Privacy Act (FERPA), Children's Online Privacy Protection Act (COPPA) and Connecticut Student Data Privacy Act (CT PA 16-189).  Below are resources for parents, students and teachers including vendor contracts, terms of use and privacy policies. 

East Haven Public Schools: Approved Resources

Public Act 16-189 was put into effect by CT in coordination with FERPA law and is comprehensive in nature and incorporates several provisions to protect the privacy of student information including

FERPA is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds from the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.

The primary goal of COPPA is to place parents in control over what information is collected from their young children online. COPPA was designed to protect children under age 13 while accounting for the dynamic nature of the Internet. The Rule applies to operators of commercial websites and online services (including mobile apps) directed to children under 13 that collect, use, or disclose personal information from children, and operators of general audience websites or online services with actual knowledge that they are collecting, using, or disclosing personal information from children under 13. The Rule also applies to websites or online services that have actual knowledge that they are collecting personal information directly from users of another website or online service directed to children.