53B-28-502.  State student data protection governance.

(1)  The state privacy officer shall establish a higher education privacy advisory group to advise institutions and institution boards of trustees on student data protection.

Terms Used In Utah Code 53B-28-502

  • Advisory group: means the institution of higher education privacy advisory group established by the state privacy officer under Section 53B-28-502. See Utah Code 53B-28-501
  • Board: means the Utah Board of Higher Education described in Section 53B-1-402. See Utah Code 53B-1-101.5
  • Commissioner: means the commissioner of higher education appointed in accordance with Section 53B-1-408. See Utah Code 53B-1-101.5
  • Data governance plan: means an education entity's comprehensive plan for managing education data that:
(a) incorporates reasonable data industry best practices to maintain and protect student data and other education-related data;
(b) describes the role, responsibility, and authority of the board or an institution privacy officer;
(c) provides for necessary technical assistance, training, support, and auditing;
(d) describes the process for sharing student data between the education entity and another person;
(e) describes the education entity's data expungement process, including how to respond to requests for expungement;
(f) describes the data breach response process; and
(g) is published annually and available on the institution's website or the Utah System of Higher Education's website. See Utah Code 53B-28-501
  • Higher education privacy officer: means a privacy officer that the board designates under Section 53B-28-503. See Utah Code 53B-28-501
  • Institution: means an institution of higher education described in Section 53B-1-102. See Utah Code 53B-28-501
  • State: when applied to the different parts of the United States, includes a state, district, or territory of the United States. See Utah Code 68-3-12.5
  • State privacy officer: means the state privacy officer described in Section 67-3-13. See Utah Code 53B-28-501
  • Student: means an individual enrolled in an institution. See Utah Code 53B-28-501
  • Student data: means information about a student at the individual student level. See Utah Code 53B-28-501
  • Third-party contractor: means a person who:
    (a) is not an institution or an employee of an institution; and
    (b) pursuant to a contract with an education entity, collects or receives student data in order to provide a product or service, as described in the contract, if the product or service is not related to school photography, yearbooks, graduation announcements, or a similar product or service. See Utah Code 53B-28-501
    (2)  The advisory group shall consist of:

    (a)  the state privacy officer;

    (b)  the higher education privacy officer; and

    (c)  the following members, appointed by the commissioner of higher education:

    (i)  at least one Utah system of higher education employee; and

    (ii)  at least one representative of the Utah Board of Higher Education.

    (3)  The advisory group shall:

    (a)  discuss and make recommendations to the board and institutions regarding:

    (i)  existing and proposed:

    (A)  board rules; or

    (B)  board policies of the Utah Board of Higher Education or institutions; and

    (ii)  training on protecting student data privacy; and

    (b)  perform other tasks related to student data protection as designated by the Utah Board of Higher Education.

    (4)  The higher education privacy officer shall:

    (a)  provide training and support to institution boards and employees; and

    (b)  produce:

    (i)  resource materials;

    (ii)  model data governance plans;

    (iii)  model forms for institution student data protection governance; and

    (iv)  a model data collection notice.

    (5)  The board shall:

    (a) 

    (i)  create and maintain a data governance plan; and

    (ii)  annually publish the data governance plan on the Utah System of Higher Education website; and

    (b)  establish standards for:

    (i)  institution policies to protect student data;

    (ii)  institution data governance plans; and

    (iii)  a third-party contractor‘s use of student data.

    Enacted by Chapter 461, 2022 General Session

      Previous section
    Next section  
     Part 5 Contents

    LawServer is used by

    New York Times, IRS, USDA, UCLA, DOT