Citizen Portal
Sign In

Committee debates SmartPass rollout and data retention as cybersecurity team pushes district protections

Weston School District Safety & Security Committee · February 10, 2026

Get AI-powered insights, summaries, and transcripts

Subscribe
AI-Generated Content: All content on this page was generated by AI to highlight key points from the meeting. For complete details and context, we recommend watching the full video. so we can fix them.

Summary

District cybersecurity lead Dan DeVito outlined phishing training, firewall protections and a phased SmartPass rollout; committee members raised parental concerns and requested a future policy review and a schedule for purging SmartPass data, which DeVito said currently has no automatic purge schedule.

At the Feb. 10 Safety & Security Committee meeting, the district’s cybersecurity lead described technical and human measures the Weston School District is using to protect student and staff data and explained the district’s phased rollout of SmartPass, an electronic hall‑pass system being piloted at the middle school.

Dan DeVito said the district combines technology controls (firewall country blocks and Google security investigation tools) with staff training, including simulated phishing campaigns. “The biggest part of cybersecurity is it's not just a technology issue, it's a people issue,” DeVito said.

DeVito described the SmartPass rollout: the district is placing Chromebooks in classrooms as kiosk devices for students to request passes (the transcript notes a deadline to stage Chromebooks was the next day), training teachers, and expanding access once the pilot finishes. SmartPass integrates with Raptor and the district’s student-management tools and is currently limited so kindergarten through eighth‑grade student email cannot send outside the district domain unless explicitly whitelisted.

Committee members pressed on data retention and privacy. One member said parents had emailed expressing unease about how SmartPass data are collected and used; DeVito responded that SmartPass currently has no automatic purge schedule and that data “stays there in their system, for as long as we'd have access to it or as long as we are subscribed to SmartPass.” He said the district can request vendors to purge data after a specified period but that state records‑retention mandates might constrain deletion.

Members recommended the policy committee and curriculum committee review SmartPass use, retention schedules and whether a formal look‑back (for example, in the fall) should determine whether the system meets its intended purposes. Erica and other committee members emphasized balancing safety benefits—such as supporting safety plans and emergency accountability—with privacy protections and retention limits.

DeVito cited Connecticut Public Act 16‑189 (student data/privacy obligations) as a governing law that restricts vendor selection and requires compliance when products house student data.