Recent events have highlighted the urgent need to protect our students' sensitive information.  A significant data breach at PowerSchool, a vendor used by several Pennsylvania school districts and intermediate units for student and personnel information management, resulted in unauthorized access to critical personal data including Social Security Numbers, medical information, birth dates, and contact details of students and personnel.

To address this growing concern, I am re-introducing legislation that will establish robust data protection frameworks for our educational institutions. This bill will create a standardized approach to safeguarding student information.

My legislation would direct the Pennsylvania Department of Education, in collaboration with the Office for Information Technology, to develop a model student data security plan. The model data security plan will include:
 

• Guidelines for access to student data and student data systems.
• Privacy compliance standards.
• Privacy and security audits.
• Procedures to follow in the event of a breach of student data.
• Data retention and disposition policies.

The model data security plan will serve as a resource and be made available to all school entities.

The bill also requires the Department of Education to designate a chief data security officer to assist school entities with the development and implementation of student data security plans and to develop best practice recommendations regarding the use, retention, and protection of student data.

This legislation represents a proactive step toward preventing future data breaches and protecting our students' privacy. As educational technology becomes increasingly integral to learning, we must ensure our schools have the resources and guidance needed to protect sensitive student information.

Please join me in sponsoring this legislation.