Effective 7/1/2022
53B-28-503. Institution student data protection governance.
53B-28-503. Institution student data protection governance.
- (1)
- (a) An institution shall adopt policies to protect student data in accordance with this part and board rule, including the standards the board establishes under Subsection 53B-28-502(5).
- (b) The policies described in Subsection (1)(a) shall take into account the specific needs and priorities of the institution.
- (2) The board shall designate a higher education privacy officer.
- (3) The higher education privacy officer shall:
- (a) verify compliance with student privacy laws, rules, and policies throughout the Utah System of Higher Education;
- (b) support institutions in developing data governance plans and student data privacy training; and
- (c) act as the primary point of contact for the state privacy officer.
- (4) An institution shall:
- (a) designate an individual to act as the primary contact for the higher education privacy officer;
- (b) create and maintain an institution:
- (i) data governance plan that complies with the standards the board establishes under Subsection 53B-28-502(5); and
- (ii) record of student data privacy training; and
- (c) annually publish the institution’s data governance plan on the institution’s website.
Enacted by Chapter 461, 2022 General Session