(A) The provisions of this section must be known and may be cited as the "South Carolina Department of Education Data Use and Governance Policy".

(B) The policy of the State Department of Education with respect to use and governance of student data is to ensure that all data collected, managed, stored, transmitted, used, reported, and destroyed by the department is done so in a way to preserve and protect individual and collective privacy rights and ensure confidentiality and security of collected data. In developing this policy, the State strives to:

(1) maintain compliance with the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g, at a minimum; and

(2) be mindful that the appropriate use of data is essential to accelerating student learning, program and financial effectiveness and efficiency, and policy development.

(C) The State Department of Education shall not collect individual student data directly from students or families, except as required to meet its obligations under the Individuals with Disabilities Education Act. Each student is assigned a unique student identifier upon enrollment into the student management system to ensure compliance with the privacy rights of the student and his parents or guardians. No personally identifiable individual student data may be shared in federally required reporting.

(D) All data elements collected and transferred from the South Carolina State Department of Education to the United States Department of Education must be based on the reporting requirements contained in EDFacts as provided by the United States Department of Education, or other federal laws and regulations, and only may include aggregated data with no personally identifiable data.

(E) Data collected by the State Department of Education must be maintained within a secure infrastructure environment. Access to this data must be limited to preidentified staff who are granted clearance related to their job responsibilities of federal reporting, state financial management, program assessment, and policy development. Training in data security and student privacy laws must be provided to these specific individuals on a regular basis in order to maintain their data use clearance along with a signed Data Use Policy assurance of confidentiality and privacy.

(F) The State Department of Education shall maintain a managed external data request procedure managed through a Data Governance Committee. Each external data request is measured against a predetermined set of qualifiers that includes, but must not be limited to, applicability to the goals of the State Board of Education, data availability, report format ability, cost of report development, and adherence to FERPA requirements.

(G) Each school district in this State shall adopt, maintain, and comply with a locally adopted student records governance and use policy. These policies and their implementation shall be monitored by the State Department of Education in a manner prescribed by the department through policy.