§ 22-16-101. Short Title
The short title of this article is the “Student Data Transparency and Security Act”. Source: L. 2016: Entire article added, (HB 16-1423), ch. 355, p. 1457, § 1, effective August 10.
§ 22-16-102. Legislative Declaration
The general assembly recognizes that, with the increasing use of technology in education, it is imperative that information that identifies individual students and their families is vigilantly protected from misappropriation and misuse that could harm students or their families. The general assembly also finds, however, that there are many positive ways in which a student’s […]
§ 22-16-103. Definitions
As used in this article, unless the context otherwise requires: “Aggregate data” means data collected and reported at the group, cohort, or institutional level that is aggregated using protocols that are effective for preserving the anonymity of each individual included in the data. “Department” means the department of education created and existing pursuant to section […]
§ 22-16-104. State Board of Education – Duties – Rules
The state board shall: Create, publish, and make publicly available a data inventory and dictionary or index of data elements with definitions of individual student data fields used in the student data system including: Individual student personally identifiable information that school districts and public schools are required to report by state and federal education mandates; […]
§ 22-16-105. Department of Education – Duties
The department shall assign to each student who is enrolled in a public school a unique student identifier that must neither be nor include the social security number of a student in whole or in sequential part. The department shall develop a process to consider and review all outside requests for student personally identifiable information, […]
§ 22-16-106. Department – Support for Local Education Providers
The department shall develop data security guidance that may be used by local education providers. The department’s data security guidance must include: Guidance for authorizing access to the student data system and to student personally identifiable information, including guidance for authenticating authorized access; Privacy compliance standards; Best practices for privacy and security audits; Security breach […]
§ 22-16-107. Local Education Provider – Data Collection – Data Security Policy
Each local education provider shall post and maintain on its website clear information that is understandable by a layperson explaining the data elements of student personally identifiable information that the local education provider collects and maintains in the local education provider’s data system, not including the student personally identifiable information that the local education provider […]
§ 22-16-108. School Service Contract Provider – Data Transparency
Each school service contract provider shall provide clear information that is understandable by a layperson explaining the data elements of student personally identifiable information that the school service contract provider collects, the learning purpose for which the school service contract provider collects the student personally identifiable information, and how the school service contract provider uses […]
§ 22-16-109. School Service Contract Provider – Use of Data
A school service contract provider may collect, use, and share student personally identifiable information only for the purposes authorized in the contract between the school service contract provider and a public education entity or with the consent of the student who is the subject of the information or the student’s parent. A school service contract […]
§ 22-16-110. School Service Contract Provider – Data Security – Data Destruction
Each school service contract provider shall maintain a comprehensive information security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personally identifiable information. The information security program must make use of appropriate administrative, technological, and physical safeguards. During the term of a contract between a school service contract provider […]
§ 22-16-111. Use of Data – Exceptions – Application of Article
Notwithstanding any provision of this article to the contrary, this article does not prohibit the use of student personally identifiable information to: Use adaptive learning or design personalized or customized education; Maintain, develop, support, improve, or diagnose a school service contract provider’s website, online service, online application, or mobile application; Provide recommendations for school, educational, […]
§ 22-16-112. Parent Rights – Complaint Policy
The parent of a student enrolled by a local education provider has the right: To inspect and review his or her child’s student personally identifiable information maintained by the local education provider; To request from the local education provider a paper or electronic copy of his or her child’s student personally identifiable information, including student […]