1. A school service provider shall establish and carry out a detailed plan for the security of any data concerning pupils that is collected or maintained by the school service provider. The plan must include, without limitation:
(a) Procedures for protecting the security, privacy, confidentiality and integrity of personally identifiable information concerning a pupil; and
(b) Appropriate administrative, technological and physical safeguards to ensure the security of data concerning pupils.
2. A school service provider shall ensure that any successor entity understands that it is subject to the provisions of NRS 388.281 to 388.296, inclusive, and agrees to abide by all privacy and security commitments related to personally identifiable information concerning a pupil collected and maintained by the school service provider before allowing a successor entity to access such personally identifiable information.
(Added to NRS by 2015, 1854)