Understanding HB1612  – A Guide For New Hampshire Schools

What is New Hampshire HB1612?

In an effort to improve data security in New Hampshire schools, House Bill 1612 was introduced to the House in November 2017 by representative Glenn Cordelli and signed by governor Sununu on June 18, 2018.

Effective August 11, 2018 each school district in New Hampshire is required to:

  • Create, maintain, and make publicly available an index of definitions of student personally-identifiable data fields
  • Develop a thorough data security plan that includes:
    • privacy compliance standards
    • privacy and security audits
    • breach planning, notification, and procedures
    • data retention and disposition policies
  • The data security plan must require notifications of a breach as soon as practicable to:
    • any teacher or student whose PII is assumed to have been part of a breach must be notified ASAP
    • further notifications must also be sent to the governor, state board, senate president, speaker of the house, chairperson of the senate committee with jurisdiction over education, chairperson of the house committee with jurisdiction over education, the legislative oversight committee, and the commissioner of the department of information technology
  • The data security plan must also require an annual data security breach report delivered to:
    • the governor, state board, senate president, speaker of the house, chairperson of the senate committee with primary jurisdiction over education, chairperson of the house committee with primary jurisdiction over education, legislative oversight committee, and the commissioner of the department of information technology
  • Make publicly available students’ and parents’ rights under the Family Educational Rights and Privacy Act, this include:
    • The right to inspect and review the student’s education records
    • The right to request amendment of a student’s education records that the parent or student believes are inaccurate or misleading
    • The right to provide written consent before the school discloses student personally identifiable data

These plans must be implemented by June 2019. 

If you’re unsure where to begin on your journey to HB1612 compliance, the bill itself recommends seeking guidance from the Department of Information Technology. 

More resources for compliance:

Family Educational Rights and Privacy Act

FCC Cybersecurity Plan Generator 

IBM’s Security Breach Response Plan Toolkit

National Center for Education Statistics Guide to Policy Development 

U.S. Department of Education Data Governance Checklist