Utah Code 53E-9-302. State student data protection governance
Current as of: 2024 | Check for updates
|
Other versions
(1)
Terms Used In Utah Code 53E-9-302
- Data governance plan: means an education entity's comprehensive plan for managing education data that:(6)(a) incorporates reasonable data industry best practices to maintain and protect student data and other education-related data;(6)(b) describes the role, responsibility, and authority of an education entity data governance staff member;(6)(c) provides for necessary technical assistance, training, support, and auditing;(6)(d) describes the process for sharing student data between an education entity and another person;(6)(e) describes the education entity's data expungement process, including how to respond to requests for expungement;(6)(f) describes the data breach response process; and(6)(g) is published annually and available on the education entity's website. See Utah Code 53E-9-301
- Education entity: means :
(7)(a) the state board;(7)(b) a local school board;(7)(c) a charter school governing board;(7)(d) a school district;(7)(e) a charter school; or(7)(f) the Utah Schools for the Deaf and the Blind. See Utah Code 53E-9-301- LEA: means :
(10)(a) a school district;(10)(b) a charter school; or(10)(c) the Utah Schools for the Deaf and the Blind. See Utah Code 53E-9-301- Metadata dictionary: means a record that:
(11)(a) defines and discloses all personally identifiable student data collected and shared by the education entity;(11)(b) comprehensively lists all recipients with whom the education entity has shared personally identifiable student data, including:(11)(b)(i) the purpose for sharing the data with the recipient;(11)(b)(ii) the justification for sharing the data, including whether sharing the data was required by federal law, state law, or a local directive; and(11)(b)(iii) how sharing the data is permitted under federal or state law; and(11)(c) without disclosing personally identifiable student data, is displayed on the education entity's website. See Utah Code 53E-9-301- Process: means a writ or summons issued in the course of a judicial proceeding. See Utah Code 68-3-12.5
- State: when applied to the different parts of the United States, includes a state, district, or territory of the United States. See Utah Code 68-3-12.5
- State board: means the State Board of Education. See Utah Code 53E-1-102
- Student data: means information about a student at the individual student level. See Utah Code 53E-9-301
- Student data manager: means :
(18)(a) the state student data officer; or(18)(b) an individual designated as a student data manager by an education entity under Section 53E-9-303, who fulfills the duties described in Section 53E-9-308. See Utah Code 53E-9-301- Third-party contractor: means a person who:
(20)(a) is not an education entity; and(20)(b) pursuant to a contract with an education entity, collects or receives student data in order to provide a product or service, as described in the contract, if the product or service is not related to school photography, yearbooks, graduation announcements, or a similar product or service. See Utah Code 53E-9-301(1)(a) An education entity or a third-party contractor who collects, uses, stores, shares, or deletes student data shall protect student data as described in this part.(1)(b) In accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act, the state board shall make rules to administer this part, including student data protection standards for public education employees, student aides, and volunteers.(2) The state board shall oversee the preparation and maintenance of:(2)(a) a statewide data governance plan; and(2)(b) a state-level metadata dictionary.(3)(3)(a) The state board shall establish a student data protection advisory group to oversee student data protection in the state.(3)(b) The student data protection advisory group shall be composed of:(3)(b)(i) members from the Legislature;(3)(b)(ii) members from the state board;(3)(b)(iii) the state student data officer;(3)(b)(iv) one or more LEAs;(3)(b)(v) state board employees; and(3)(b)(vi) others who use student data at the local level.(3)(c) The student data protection advisory group shall:(3)(c)(i) make recommendations to the state board regarding:(3)(c)(i)(A) enacted or proposed legislation; and(3)(c)(i)(B) state and local student data protection policies across the state;(3)(c)(ii) review and monitor the state student data governance plan; and(3)(c)(iii) perform other tasks related to student data protection as directed by the state board.(4)(4)(a) The state board shall designate a state student data officer.(4)(b) The state student data officer shall:(4)(b)(i) act as the primary point of contact for state student data protection administration in assisting the state board to administer this part;(4)(b)(ii) ensure compliance with student privacy laws throughout the public education system, including:(4)(b)(ii)(A) providing training and support to applicable state board and LEA employees; and(4)(b)(ii)(B) producing resource materials, model plans, and model forms for local student data protection governance, including a model student data collection notice;(4)(b)(iii) investigate complaints of alleged violations of this part;(4)(b)(iv) report violations of this part to:(4)(b)(iv)(A) the state board;(4)(b)(iv)(B) an applicable education entity; and(4)(b)(iv)(C) the student data protection advisory group; and(4)(b)(v) act as a state level student data manager.(5) The state board shall designate:(5)(a) at least one support manager to assist the state student data officer; and(5)(b) a student data protection auditor to assist the state student data officer.(6) The state board shall establish a research review process for a request for data for the purpose of research or evaluation. - Education entity: means :