Student data ownership and access -- Notification in case of significant data breach.
Checkout our iOS App for a better way to browser and research.
(1)
(a) A student owns the student's personally identifiable student data.
(b) An education entity shall allow the following individuals to access a student's student data that is maintained by the education entity:
(i) the student's parent;
(ii) the student; and
(iii) in accordance with the education entity's internal policy described in Section 53E-9-303 and in the absence of a parent, an individual acting as a parent to the student.
(2)
(a) If a significant data breach occurs at an education entity, the education entity shall notify:
(i) the student, if the student is an adult student; or
(ii) the student's parent, if the student is not an adult student.
(b) In accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act, the state board shall make rules to define a significant data breach described in Subsection (2)(a).