Utah Code 53B-28-502. State student data protection governance
Current as of: 2024 | Check for updates
|
Other versions
(1) The state privacy officer shall establish a higher education privacy advisory group to advise institutions and institution boards of trustees on student data protection.
Terms Used In Utah Code 53B-28-502
- Advisory group: means the institution of higher education privacy advisory group established by the state privacy officer under Section 53B-28-502. See Utah Code 53B-28-501
- Board: means the Utah Board of Higher Education described in Section 53B-1-402. See Utah Code 53B-1-101.5
- Data governance plan: means an education entity's comprehensive plan for managing education data that:(4)(a) incorporates reasonable data industry best practices to maintain and protect student data and other education-related data;(4)(b) describes the role, responsibility, and authority of the board or an institution privacy officer;(4)(c) provides for necessary technical assistance, training, support, and auditing;(4)(d) describes the process for sharing student data between the education entity and another person;(4)(e) describes the education entity's data expungement process, including how to respond to requests for expungement;(4)(f) describes the data breach response process; and(4)(g) is published annually and available on the institution's website or the Utah System of Higher Education's website. See Utah Code 53B-28-501
- Higher education privacy officer: means a privacy officer that the board designates under Section 53B-28-503. See Utah Code 53B-28-501
- Institution: means an institution of higher education described in Section 53B-1-102. See Utah Code 53B-28-501
- State: when applied to the different parts of the United States, includes a state, district, or territory of the United States. See Utah Code 68-3-12.5
- State privacy officer: means the state privacy officer described in Section 67-3-13. See Utah Code 53B-28-501
- Student: means an individual enrolled in an institution. See Utah Code 53B-28-501
- Student data: means information about a student at the individual student level. See Utah Code 53B-28-501
- Third-party contractor: means a person who:
(13)(a) is not an institution or an employee of an institution; and(13)(b) pursuant to a contract with an education entity, collects or receives student data in order to provide a product or service, as described in the contract, if the product or service is not related to school photography, yearbooks, graduation announcements, or a similar product or service. See Utah Code 53B-28-501(2) The advisory group shall consist of:(2)(a) the state privacy officer;(2)(b) the higher education privacy officer; and(2)(c) the following members, appointed by the commissioner:(2)(c)(i) at least one Utah System of Higher Education employee; and(2)(c)(ii) at least one representative of the Utah Board of Higher Education.(3) The advisory group shall:(3)(a) discuss and make recommendations to the board and institutions regarding:(3)(a)(i) existing and proposed:(3)(a)(i)(A) board rules; or(3)(a)(i)(B) board policies of the Utah Board of Higher Education or institutions; and(3)(a)(ii) training on protecting student data privacy; and(3)(b) perform other tasks related to student data protection as designated by the Utah Board of Higher Education.(4) The higher education privacy officer shall:(4)(a) provide training and support to institution boards and employees; and(4)(b) produce:(4)(b)(i) resource materials;(4)(b)(ii) model data governance plans;(4)(b)(iii) model forms for institution student data protection governance; and(4)(b)(iv) a model data collection notice.(5) The board shall:(5)(a)(5)(a)(i) create and maintain a data governance plan; and(5)(a)(ii) annually publish the data governance plan on the Utah System of Higher Education website; and(5)(b) establish standards for:(5)(b)(i) institution policies to protect student data;(5)(b)(ii) institution data governance plans; and(5)(b)(iii) a third-party contractor‘s use of student data.