defines and discloses all personally identifiable student data collected and shared by the education entity;
(b)
comprehensively lists all recipients with whom the education entity has shared personally identifiable student data, including:
(i)
the purpose for sharing the data with the recipient;
(ii)
the justification for sharing the data, including whether sharing the data was required by federal law, state law, or a local directive; and
(iii)
how sharing the data is permitted under federal or state law; and
(c)
without disclosing personally identifiable student data, is displayed on the education entity's website. See Utah Code 53E-9-301
Process: means a writ or summons issued in the course of a judicial proceeding. See Utah Code 68-3-12.5
State: when applied to the different parts of the United States, includes a state, district, or territory of the United States. See Utah Code 68-3-12.5
Student data: means information about a student at the individual student level. See Utah Code 53E-9-301
Student data manager: means :
(a)
the state student data officer; or
(b)
an individual designated as a student data manager by an education entity under Section 53E-9-303, who fulfills the duties described in Section 53E-9-308. See Utah Code 53E-9-301
Third-party contractor: means a person who:
(a)
is not an education entity; and
(b)
pursuant to a contract with an education entity, collects or receives student data in order to provide a product or service, as described in the contract, if the product or service is not related to school photography, yearbooks, graduation announcements, or a similar product or service. See Utah Code 53E-9-301
(a)
An education entity or a third-party contractor who collects, uses, stores, shares, or deletes student data shall protect student data as described in this part.
(b)
In accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act, the state board shall make rules to administer this part, including student data protection standards for public education employees, student aides, and volunteers.
(2)
The state board shall oversee the preparation and maintenance of:
(a)
a statewide data governance plan; and
(b)
a state-level metadata dictionary.
(3)
As described in this Subsection (3), the state board shall establish advisory groups to oversee student data protection in the state and make recommendations to the state board regarding student data protection.
(a)
The state board shall establish a student data policy advisory group:
(i)
composed of members from:
(A)
the Legislature;
(B)
the state board and state board employees; and
(C)
one or more LEAs;
(ii)
to discuss and make recommendations to the state board regarding:
(A)
enacted or proposed legislation; and
(B)
state and local student data protection policies across the state;
(iii)
that reviews and monitors the state student data governance plan; and
(iv)
that performs other tasks related to student data protection as designated by the state board.
(b)
The state board shall establish a student data governance advisory group:
(i)
composed of the state student data officer and other state board employees; and
(ii)
that performs duties related to state and local student data protection, including:
(A)
overseeing data collection and usage by state board program offices; and
(B)
preparing and maintaining the state board’s student data governance plan under the direction of the student data policy advisory group.
(c)
The state board shall establish a student data users advisory group:
(i)
composed of members who use student data at the local level; and
(ii)
that provides feedback and suggestions on the practicality of actions proposed by the student data policy advisory group and the student data governance advisory group.
(4)
(a)
The state board shall designate a state student data officer.
(b)
The state student data officer shall:
(i)
act as the primary point of contact for state student data protection administration in assisting the state board to administer this part;
(ii)
ensure compliance with student privacy laws throughout the public education system, including:
(A)
providing training and support to applicable state board and LEA employees; and
(B)
producing resource materials, model plans, and model forms for local student data protection governance, including a model student data collection notice;
(iii)
investigate complaints of alleged violations of this part;
(iv)
report violations of this part to:
(A)
the state board;
(B)
an applicable education entity; and
(C)
the student data policy advisory group; and
(v)
act as a state level student data manager.
(5)
The state board shall designate:
(a)
at least one support manager to assist the state student data officer; and
(b)
a student data protection auditor to assist the state student data officer.
(6)
The state board shall establish a research review process for a request for data for the purpose of research or evaluation.
