For users resided in the State of Connecticut, NoRedInk warrants that it complies with Connecticut Public Act No. 16-189, which has the following provisions.

• “Student information” means personally identifiable information or material of a student in any media or format that is not publicly available and is any of the following: (A) created or provided by a student or the parent or legal guardian of a student, to NoRedInk in the course of the student, parent or legal guardian using NoRedInk’s Internet web site, online service or mobile application for school purposes, (B) created or provided by an employee or agent of a local or regional board of education to NoRedInk for school purposes, or (C) gathered by NoRedInk through the operation of NoRedInk’s Internet web site, online service or mobile application and identifies a student, including, but not limited to, information in the student’s records or electronic mail account, first or last name, home address, telephone number, date of birth, electronic mail address, discipline records, test results, grades, evaluations, criminal records, medical records, health records, Social Security number, biometric information, disabilities, socioeconomic information, food purchases, political affiliations, religious affiliations, text messages, documents, student identifiers, search activity, photographs, voice recordings, survey responses or behavioral assessments;
• “Student record” means any information directly related to a student that is maintained by a local or regional board of education, the State Board of Education or the Department of Education or any information acquired from a student through the use of educational software assigned to the student by a teacher or employee of a local or regional board of education, except “student record” does not include de-identified student information allowed under the contract to be used by NoRedInk to (A) improve educational products for adaptive learning purposes and customize student learning, (B) demonstrate the effectiveness of NoRedInk’s products in the marketing of such products, and (C) develop and improve NoRedInk’s products and services;
• “Student-generated content” means any student materials created by a student including, but not limited to, essays, research papers, portfolios, creative writing, music or other audio files or photographs, except “student-generated content” does not include student responses to a standardized assessment;
• “Directory information” has the same meaning as provided in 34 CFR 99. 3, as amended from time to time;
• “School purposes” means purposes that customarily take place at the direction of a teacher or a local or regional board of education, or aid in the administration of school activities, including, but not limited to, instruction in the classroom, administrative activities and collaboration among students, school personnel or parents or legal guardians of students;
• “Student” means a person who is a resident of the state and (A) enrolled in a preschool program participating in the state-wide public school information system, pursuant to section 10-10a of the general statutes, (B) enrolled in grades kindergarten to twelve, inclusive, in a public school, (C) receiving special education and related services under an individualized education program, or (D) otherwise the responsibility of a local or regional board of education;
• “Targeted advertising” means presenting an advertisement to a student where the selection of the advertisement is based on student information, student records or student-generated content or inferred over time from the usage of NoRedInk’s Internet web site, online service or mobile application by such student or the retention of such student’s online activities or requests over time for the purpose of targeting subsequent advertisements. “Targeted advertising” does not include any advertising to a student on an Internet web site that such student is accessing at the time or in response to a student’s response or request for information or feedback;
• “De-identified student information” means any student information that has been altered to prevent the identification of an individual student; and
• “Persistent unique identifier” means a unique piece of information that can be used to recognize a user over time and across different Internet web sites, online services or mobile applications and is acquired as a result of the use of a student’s use of NoRedInk’s Internet web site, online service or mobile application.

Sec. 3. (NEW) (Effective October 1, 2016)

(a) NoRedInk shall (1) implement and maintain security procedures and practices that meet or exceed industry standards and that are designed to protect student information, student records and student-generated content from unauthorized access, destruction, use, modification or disclosure, and (2) delete any student information, student records or student-generated content within a reasonable amount of time if a student, parent or legal guardian of a student or local or regional board of education who has the right to control such student information requests the deletion of such student information, student records or student-generated content. A student or parent may log in to the student account to review and correct any student data. Student information and student-generated content may be maintained by NoRedInk after expiration of the contract with the board if the student continues using the free service.

(b) NoRedInk shall not knowingly:

(1) Engage in (A) targeted advertising on NoRedInk’s Internet web site, online service or mobile application, or (B) targeted advertising on any other Internet web site, online service or mobile application if such advertising is based on any student information, student records, student-generated content or persistent unique identifiers that NoRedInk has acquired because of the use of NoRedInk’s Internet web site, online service or mobile application for school purposes;

(2) Collect, store and use student information, student records, student-generated content or persistent unique identifiers for purposes other than the furtherance of school purposes;

(3) Sell, rent or trade student information, student records or student-generated content unless the sale is part of the purchase, merger or acquisition of NoRedInk by a successor, NoRedInk and its successor shall continue to be subject to the provisions of this section regarding student information; or

(4) Disclose student information, student records or student-generated content unless the disclosure is made (A) in furtherance of school purposes of the Internet web site, online service or mobile application, provided the recipient of the student information uses such student information to improve the operability and functionality of the Internet web site, online service or mobile application and complies with subsection (a) of this section; (B) to ensure compliance with federal or state law or regulations or pursuant to a court order; (C) in response to a judicial order; (D) to protect the safety or integrity of users or others, or the security of the Internet web site, online service or mobile application; (E) to an entity hired by NoRedInk to provide services for NoRedInk’s Internet web site, online service or mobile application, provided NoRedInk contractually (i) prohibits the entity from using student information, student records or student-generated content for any purpose other than providing the contracted service to, or on behalf of, NoRedInk, (ii) prohibits the entity from disclosing student information, student records or student-generated content provided by NoRedInk to subsequent third parties, and (iii) requires the entity to comply with subsection (a) of this section; or (F) for a school purpose or other educational or employment purpose requested by a student or the parent or legal guardian of a student, provided such student information is not used or disclosed for any other purpose. NoRedInk does not review or monitor the contents of student generated content and is not responsible if any student data or information is revealed within such content.

(c) NoRedInk may use student information (1) to maintain, support, improve, evaluate or diagnose NoRedInk’s Internet web site, online service or mobile application, (2) for adaptive learning purposes or customized student learning, (3) to provide recommendation engines to recommend content or services relating to school purposes or other educational or employment purposes, provided such recommendation is not determined in whole or in part by payment or other consideration from a third party, or (4) to respond to a request for information or feedback from a student, provided such response is not determined in whole or in part by payment or other consideration from a third party.

(d) NoRedInk may use de-identified student information or aggregated student information (1) to develop or improve NoRedInk’s Internet web site, online service or mobile application, or other Internet web sites, online services or mobile applications owned by NoRedInk, or (2) to demonstrate or market the effectiveness of NoRedInk’s Internet web site, online service or mobile application.

(e) NoRedInk may share aggregated student information or de-identified student information for the improvement and development of Internet web sites, online services or mobile applications designed for school purposes.

(f) Nothing in this section shall be construed to (1) limit the ability of a law enforcement agency to obtain student information, student records or student-generated content from NoRedInk as authorized by law or pursuant to a court order, (2) limit the ability of a student or the parent or legal guardian of a student to download, export, transfer or otherwise save or maintain student information, student records or student-generated content, (3) impose a duty upon a provider of an interactive computer service, as defined in 47 USC 230, as amended from time to time, to ensure compliance with this section by third-party information content providers, as defined in 47 USC 230, as amended from time to time, (4) impose a duty upon a seller or provider of an electronic store, gateway, marketplace or other means of purchasing or downloading software applications to review or enforce compliance with this section on such software applications, (5) limit an Internet service provider from providing a student, parent or legal guardian of a student or local or regional board of education with the ability to connect to the Internet, (6) prohibit NoRedInk from advertising other Internet web sites, online services or mobile applications that are used for school purposes to parents or legal guardians of students, provided such advertising does not result from NoRedInk’s use of student information, student records or student-generated content, or (7) apply to Internet web sites, online services or mobile applications that are designed and marketed for use by individuals generally, even if the account credentials created for NoRedInk’s Internet web site, online service or mobile application may be used to access Internet web sites, online services or mobile applications that are designed and marketed for school purposes.

Sec. 4. (NEW) (Effective October 1, 2016)

(a)

(1) Upon the discovery of a breach of security that results in the unauthorized release, disclosure or acquisition of student information, excluding any directory information contained in such student information, NoRedInk shall notify, without unreasonable delay, but not more than thirty days after such discovery, the local or regional board of education of such breach of security. During such thirty-day period, NoRedInk may (A) conduct an investigation to determine the nature and scope of such unauthorized release, disclosure or acquisition, and the identity of the students whose student information is involved in such unauthorized release, disclosure or acquisition, or (B) restore the reasonable integrity of NoRedInk’s data system.

(2) Upon the discovery of a breach of security that results in the unauthorized release, disclosure or acquisition of directory information, student records or student-generated content, NoRedInk shall notify, without unreasonable delay, but not more than sixty days after such discovery, the local or regional board of education of such breach of security. During such sixty-day period, NoRedInk may (A) conduct an investigation to determine the nature and scope of such unauthorized release, disclosure or acquisition, and the identity of the students whose directory information, student records or student-generated content is involved in such unauthorized release, disclosure or acquisition, or (B) restore the reasonable integrity of NoRedInk’s data system.

(b) Upon the discovery of a breach of security that results in the unauthorized release, disclosure or acquisition of student information, student records or student-generated content, if NoRedInk is in possession of or maintains student information, student records or student-generated content as a result of a student’s use of such NoRedInk’s Internet web site, online service or mobile application, NoRedInk shall (1) notify, without unreasonable delay, but not more than thirty days after such discovery, the student or the parents or guardians of such student of any breach of security that results in the unauthorized release, disclosure or acquisition of student information, excluding any directory information contained in such student information, of such student, and (2) notify, without unreasonable delay, but not more than sixty days after such discovery, the student or the parents or guardians of such student of any breach of security that results in the unauthorized release, disclosure or acquisition of directory information, student records or student-generated content of such student. During such thirty-day or sixty-day period, NoRedInk may (A) conduct an investigation to determine the nature and scope of such unauthorized release, disclosure or acquisition, and the identity of the students whose student information, student records or student-generated content are involved in such unauthorized release, disclosure or acquisition, or (B) restore the reasonable integrity of NoRedInk’s data system.

Version History

Effective since	Effective until	Policy
December 7, 2023		Link
September 1, 2022	December 7, 2023	Link
March 7, 2022	September 1, 2022	Link
April 1, 2021	March 7, 2022	Link
April 1, 2020	April 1, 2021	Link
April 29, 2015	April 1, 2020	Link