Rhode Island, Data Privacy, Social Media and Cloud Services

Rhode Island, Data Privacy, Social Media and Cloud Services

Rhode Island’s H 7124 is a social media and cloud service provider data privacy law that was passed in the U.S. state of Rhode Island in 2014. In contrast to many other student data privacy laws around the country, H 7124 was passed for the purpose of regulating the interactions that students, teachers, and other related faculty members have with social media websites and cloud computing services in the context of K-12 educational pursuits. To this point, the law places responsibilities on educational institutions and cloud service providers as it concerns the level of access and privacy that students, teachers, and faculty members within Rhode Island are afforded in relation to their social media and cloud computing service usage.

How are social media accounts and cloud computing defined under the law?

Under Rhode Island’s H 7124, a social media account is defined as “an electronic service or account, or electronic content, including, but not limited to, videos, still photographs, blogs, video blogs, podcasts, instant and text messages, email, online service or accounts, or Internet website profiles or locations. For the purposes of this chapter, social media account does not include an account opened at a school’s behest, or provided by the school, or intended to be used primarily on behalf of the school.” Alternatively, the law defines student data as “any information in any media or format created or provided: (i) By a student; or (ii) By a school board employee about a student in the course of using a cloud computing service, including the student’s name, email address, postal address, email message, documents, unique identifiers, and metadata.”

Conversely, the law defines a cloud computing service as “a service that enables convenient on-demand network access to a shared pool of configurable computing resources to provide a student, teacher, or staff member account-based productivity applications such as email, document storage, and document editing that can be rapidly provisioned and released with minimal management effort or cloud computing service provider interaction.” Furthermore, the law defines a cloud computing service provider as “an entity other than a public elementary or secondary school that operates a cloud computing service.”

What are the duties of educational institutions under the law?

Under the provisions of Rhode Island’s H 7124, educators, school administrators, cloud computing service providers, and associated third parties have the following duties and responsibilities as it relates to data protection and personal privacy:

What are the penalties for violating Rhode Island’s H 7124?

Educational institutions and cloud service providers that fail to comply with Rhode Island’s H 7124 are subject to a number of sanctions and penalties. Such punishments include:

Through the provisions of Rhode Island’s H 7124, students within the state were provided with a modicum of legal protection as it relates to the personal information they share via their social media accounts and cloud services. What’s more, the law also provides safeguards for teachers and other related school employees, as these individuals are also afforded legal protections in terms of the forms of personal information they disclose via the internet. While many student data privacy laws at the U.S. state-level pertain largely to the data and privacy protection of students, lawmakers around the country will have to consider the implications of failing to protect the personal information and privacy of the employees that teach students when drafting legislation moving forward.

Related Reads