<img height="1" width="1" src="https://www.facebook.com/tr?id=3323484487762706&amp;ev=PageView&amp;noscript=1">
NH RSA 189:66 Privacy & Security Standards


Meeting the NH Standards for Privacy and Security of Student and Employee Data 

What is NH RSA 189:66 (HB 1612)?

NH RSA 189:66 (HB1612 amended) mandates all education agencies develop a security plan which protects student and teacher personally identifiable data, and department records from cyberattack. The protected data includes both electronic and physical formats. 

What are the minimum data standards? 

  • Inventory and review of all software applications, digital tools, and extensions to assure standards set by the department are met or exceeded.
  • Review of infrastructure that houses applications, tool and extensions to assure standards set by the department are met or exceeded.
  • Update policies and procedures for data access and protection of privacy for students and staff including acceptable use policy for applications, digital tools, and extensions.
  • Development of response plan for a data breach (RSA 359-C:20).
  • Require all service providers to meet or exceed standards for data protection and privacy.
  • Present Data and Privacy Governance Plan to school board.

Our approach not only meets RSA 189:66 standards, but exceeds them. 

Our comprehensive plan takes it further than just a traditional Nessus scan. We assess all applications, preform risk assessments, and deliver a final report detailing vulnerabilities, compromised data and remediation suggestions. 

Our partnership includes? 

  • Internal Vulnerability Assessment of network and applications that maintain personally identifiable data and department records.
  • External Vulnerability Assessment of all public entry vectors for vulnerabilities that could lead to personally identifiable data and department records being compromised.
  • Onsite evaluation of physical security including evaluation of physical structure for potential server and data theft.
  • Process documentation review including data governance and usage policies, and incidence response plan.
  • Meeting with key stakeholders to ensure data security processes and incidence response plan are understood in case of compromise.

Secure Your SAU