What is New Hampshire HB1612?

In an effort to improve data security in New Hampshire schools, House Bill 1612 was introduced to the House in November 2017 by representative Glenn Cordelli and signed by governor Sununu on June 18, 2018.

Effective August 11, 2018 each school district in New Hampshire is required to:

Create, maintain, and make publicly available an index of definitions of student personally-identifiable data fields

Develop a thorough data security plan that includes:

privacy compliance standards



privacy and security audits



breach planning, notification, and procedures



data retention and disposition policies

The data security plan must require notifications of a breach as soon as practicable to:

any teacher or student whose PII is assumed to have been part of a breach must be notified ASAP



further notifications must also be sent to the governor, state board, senate president, speaker of the house, chairperson of the senate committee with jurisdiction over education, chairperson of the house committee with jurisdiction over education, the legislative oversight committee, and the commissioner of the department of information technology

The data security plan must also require an annual data security breach report delivered to:

the governor, state board, senate president, speaker of the house, chairperson of the senate committee with primary jurisdiction over education, chairperson of the house committee with primary jurisdiction over education, legislative oversight committee, and the commissioner of the department of information technology

Make publicly available students' and parents' rights under the Family Educational Rights and Privacy Act, this include:

The right to inspect and review the student's education records



The right to request amendment of a student's education records that the parent or student believes are inaccurate or misleading



The right to provide written consent before the school discloses student personally identifiable data

These plans must be implemented by June 2019.

If you're unsure where to begin on your journey to HB1612 compliance, the bill itself recommends seeking guidance from the Department of Information Technology.

More resources for HB1612 compliance:

Family Educational Rights and Privacy Act

FCC Cybersecurity Plan Generator

IBM's Security Breach Response Plan Toolkit

National Center for Education Statistics Guide to Policy Development

U.S. Department of Education Data Governance Checklist