Utah Legislature HB0163

1     STUDENT DATA BREACH REQUIREMENTS
2     2015 GENERAL SESSION
3     STATE OF UTAH
4     Chief Sponsor: John Knotwell
5     Senate Sponsor: J. Stuart Adams
6

7     LONG TITLE
8     General Description:
9          This bill amends provisions related to student data privacy.
10     Highlighted Provisions:
11          This bill:
12          ▸     defines terms;
13          ▸     requires an education entity to make notification if there is a release of personally
14     identifiable student data due to a security breach; and
15          ▸     makes technical changes.
16     Money Appropriated in this Bill:
17          None
18     Other Special Clauses:
19          None
20     Utah Code Sections Affected:
21     AMENDS:
22          53A-13-301, as last amended by Laws of Utah 2011, Chapter 401
23

24     Be it enacted by the Legislature of the state of Utah:
25          Section 1. Section 53A-13-301 is amended to read:
26          53A-13-301. Application of state and federal law to the administration and
27     operation of public schools -- Student information confidentiality standards -- Local
28     school board and charter school governing board policies.
29          [~~(1) An employee, student aide, volunteer, or other agent of the state's public education~~

30     ~~system~~]
31          (1) As used in this section "education entity" means:
32          (a) the State Board of Education;
33          (b) a local school board or charter school governing board;
34          (c) a school district;
35          (d) a public school; or
36          (e) the Utah Schools for the Deaf and the Blind.
37          (2) An education entity and an employee, student aide, volunteer, third party
38     contractor, or other agent of an education entity shall protect the privacy of [~~students, their~~
39     ~~parents, and their families,~~] a student, the student's parents, and the student's family and support
40     parental involvement in the education of their children through compliance with the protections
41     provided for family and student privacy under Section 53A-13-302 and the Federal Family
42     Educational Rights and Privacy Act and related provisions under 20 U.S.C. Secs. 1232[g](g)
43     and 1232[h](h), in the administration and operation of all public school programs, regardless of
44     the source of funding.
45          [~~(2)~~] (3) A local school board or charter school governing board shall enact policies
46     governing the protection of family and student privacy as required by this section.
47          [~~(3)~~] (4) (a) In accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking
48     Act, the State Board of Education shall makes rules to establish standards for public education
49     employees, student aides, and volunteers in public schools regarding the confidentiality of
50     student information and student records.
51          (b) The rules described in Subsection [~~(3)~~] (4)(a) shall provide that a local school board
52     or charter school governing board may adopt policies related to public school student
53     confidentiality to address the specific needs or priorities of the school district or charter school.
54          [~~(4)~~] (5) The State Board of Education shall:
55          (a) develop resource materials for purposes of training employees, student aides, and
56     volunteers of a school district or charter school regarding the confidentiality of student
57     information and student records; and

58          (b) provide the materials described in Subsection [~~(4)~~] (5)(a) to each school district and
59     charter school.
60          (6) An education entity shall notify the parent or guardian of a student if there is a
61     release of the student's personally identifiable student data due to a security breach.