Effective 7/1/2022 53B-28-502. State student data protection governance. (1) The state privacy officer shall establish a higher education privacy advisory group to advise institutions and institution boards of trustees on student data protection. (2) The advisory group shall consist of: (a) the state privacy officer; (b) the higher education privacy officer; and (c) the following […]
Effective 7/1/2022 53B-28-503. Institution student data protection governance. (1) (a) An institution shall adopt policies to protect student data in accordance with this part and board rule, including the standards the board establishes under Subsection 53B-28-502(5). (b) The policies described in Subsection (1)(a) shall take into account the specific needs and priorities of the institution. […]
Effective 7/1/2022 53B-28-504. Notification of significant data breach. (1) If a significant data breach occurs at an institution, the institution shall notify each student whose personally-identifiable student data was disclosed. (2) In accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act, the board shall make rules to define a significant data breach described in […]
Effective 7/1/2022 53B-28-505. Third-party contractors. (1) A third-party contractor shall use personally identifiable student data received under a contract with an education entity strictly for the purpose of providing the contracted product or service within the negotiated contract terms. (2) When contracting with a third-party contractor, an education entity, or a government agency contracting on […]
Effective 1/1/2024 53B-28-506. Penalties. (1) (a) An institution that contracts with a third-party contractor that knowingly or recklessly permits unauthorized collecting, sharing, or use of student data under this part: (i) except as provided in Subsection (1)(b), may not enter into a future contract with the third-party contractor; and (ii) may be required by the […]
