The Department, in consultation with the Department of Information Technology and
county boards, shall develop and update best practices for county boards to:
(1) Manage and maintain data privacy and security practices in the processing of student
data and personally identifiable information across the county board's information
technology and records management systems;
(2) Develop and implement:
(i) A data privacy and security incident response plan;
(ii) A breach notification plan; and
(iii) Procedures and requirements for allowing access to student data and personally
identifiable information for a legitimate research purpose; and
(3) Publish information annually on:
(i) Types of student data and personally identifiable information processed by the
county board, the protocols for processing student data, and the rationales for selecting
(ii) Contracted services that involve sharing student data between a county board
and a school service contract provider; and
(iii) Procedures and rationales for vetting and selecting Internet sites, services,
FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature or via Westlaw before relying on it for your legal needs.
Was this helpful?
Response sent, thank you
Welcome to FindLaw's Cases & Codes
A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw's Learn About the Law.