(1) School service providers must maintain a comprehensive information security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information. The information security program should make use of appropriate administrative, technological, and physical safeguards.

Terms Used In Washington Code 28A.604.040

  • Guardian: A person legally empowered and charged with the duty of taking care of and managing the property of another person who because of age, intellect, or health, is incapable of managing his (her) own affairs.
(2) School service providers must delete student personal information within a reasonable period of time if the relevant educational institution requests deletion of the data under the control of the educational institution unless:
(a) The school service provider has obtained student consent or the consent of the student’s parent or guardian to retain information related to that student; or
(b) The student has transferred to another educational institution and that educational institution has requested that the school service provider retain information related to that student.
  Previous section
Next section  
 Chapter 28A.604 Contents