Sharing student data -- Prohibition -- Requirements for student data manager -- Authorized student data sharing.

  1. Law
  2. Utah Code
  3. Public Education System -- State Administration
  4. Student Privacy and Data Protection
  5. Student Data Protection
  6. Sharing student data -- Prohibition -- Requirements for student data manager -- Authorized student data sharing.

Checkout our iOS App for a better way to browser and research.



  • (1)
    • (a) Except as provided in Subsection (1)(b), an education entity, including a student data manager, may not share personally identifiable student data without written consent.
    • (b) An education entity, including a student data manager, may share personally identifiable student data:
      • (i) in accordance with the Family Education Rights and Privacy Act and related provisions under 20 U.S.C. Secs. 1232g and 1232h;
      • (ii) as required by federal law; and
      • (iii) as described in Subsections (3), (5), and (6).
  • (2) A student data manager shall:
    • (a) authorize and manage the sharing, outside of the student data manager's education entity, of personally identifiable student data for the education entity as described in this section;
    • (b) act as the primary local point of contact for the state student data officer described in Section 53E-9-302; and
    • (c) fulfill other responsibilities described in the data governance plan of the student data manager's education entity.
  • (3) A student data manager may share a student's personally identifiable student data with a caseworker or representative of the Department of Human Services if:
    • (a) the Department of Human Services is:
      • (i) legally responsible for the care and protection of the student, including the responsibility to investigate a report of educational neglect, as provided in Subsection 62A-4a-409(5); or
      • (ii) providing services to the student;
    • (b) the student's personally identifiable student data is not shared with a person who is not authorized:
      • (i) to address the student's education needs; or
      • (ii) by the Department of Human Services to receive the student's personally identifiable student data; and
    • (c) the Department of Human Services maintains and protects the student's personally identifiable student data.
  • (4) The Department of Human Services, a school official, or the Utah Juvenile Court may share personally identifiable student data to improve education outcomes for youth:
    • (a) in the custody of, or under the guardianship of, the Department of Human Services;
    • (b) receiving services from the Division of Juvenile Justice Services;
    • (c) in the custody of the Division of Child and Family Services;
    • (d) receiving services from the Division of Services for People with Disabilities; or
    • (e) under the jurisdiction of the Utah Juvenile Court.
  • (5)
    • (a) A student data manager may share personally identifiable student data in response to a subpoena issued by a court.
    • (b) A person who receives personally identifiable student data under Subsection (5)(a) may not use the personally identifiable student data outside of the use described in the subpoena.
  • (6)
    • (a) A student data manager may share student data, including personally identifiable student data, in response to a request to share student data for the purpose of research or evaluation, if the student data manager:
      • (i) verifies that the request meets the requirements of 34 C.F.R. Sec. 99.31(a)(6);
      • (ii) submits the request to the education entity's research review process; and
      • (iii) fulfills the instructions that result from the review process.
    • (b)
      • (i) In accordance with state and federal law, and subject to Subsection (6)(b)(ii), the state board shall share student data, including personally identifiable student data, as requested by the Utah Registry of Autism and Developmental Disabilities described in Section 26-7-4.
      • (ii)
        • (A) At least 30 days before the state board shares student data in accordance with Subsection (6)(b)(i), the education entity from which the state board received the student data shall provide notice to the parent of each student for which the state board intends to share student data.
        • (B) The state board may not, for a particular student, share student data as described in Subsection (6)(b)(i) if the student's parent requests that the state board not share the student data.
      • (iii) A person who receives student data under Subsection (6)(b)(i):
        • (A) shall maintain and protect the student data in accordance with state board rule described in Section 53E-9-307;
        • (B) may not use the student data for a purpose not described in Section 26-7-4; and
        • (C) is subject to audit by the state student data officer described in Section 53E-9-302.





Download our app to see the most-to-date content.