53B-28-503.  Institution student data protection governance.

(1) 

Terms Used In Utah Code 53B-28-503

  • Board: means the Utah Board of Higher Education described in Section 53B-1-402. See Utah Code 53B-1-101.5
  • Data governance plan: means an education entity's comprehensive plan for managing education data that:
(a) incorporates reasonable data industry best practices to maintain and protect student data and other education-related data;
(b) describes the role, responsibility, and authority of the board or an institution privacy officer;
(c) provides for necessary technical assistance, training, support, and auditing;
(d) describes the process for sharing student data between the education entity and another person;
(e) describes the education entity's data expungement process, including how to respond to requests for expungement;
(f) describes the data breach response process; and
(g) is published annually and available on the institution's website or the Utah System of Higher Education's website. See Utah Code 53B-28-501
  • Higher education privacy officer: means a privacy officer that the board designates under Section 53B-28-503. See Utah Code 53B-28-501
  • Institution: means an institution of higher education described in Section 53B-1-102. See Utah Code 53B-28-501
  • State privacy officer: means the state privacy officer described in Section 67-3-13. See Utah Code 53B-28-501
  • Student: means an individual enrolled in an institution. See Utah Code 53B-28-501
  • Student data: means information about a student at the individual student level. See Utah Code 53B-28-501
    • (a)  An institution shall adopt policies to protect student data in accordance with this part and board rule, including the standards the board establishes under Subsection 53B-28-502(5).

    (b)  The policies described in Subsection (1)(a) shall take into account the specific needs and priorities of the institution.

    (2)  The board shall designate a higher education privacy officer.

    (3)  The higher education privacy officer shall:

    (a)  verify compliance with student privacy laws, rules, and policies throughout the Utah System of Higher Education;

    (b)  support institutions in developing data governance plans and student data privacy training; and

    (c)  act as the primary point of contact for the state privacy officer.

    (4)  An institution shall:

    (a)  designate an individual to act as the primary contact for the higher education privacy officer;

    (b)  create and maintain an institution:

    (i)  data governance plan that complies with the standards the board establishes under Subsection 53B-28-502(5); and

    (ii)  record of student data privacy training; and

    (c)  annually publish the institution’s data governance plan on the institution’s website.

    Enacted by Chapter 461, 2022 General Session

      Previous section
    Next section  
     Part 5 Contents