Welcome to FindLaw's Cases & Codes, a free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw's Learn About the Law.
As used in this part:
(1) “Adult student” means a student who:
(a) is at least 18 years old;
(b) is an emancipated student; or
(c) qualifies under the McKinney-Vento Homeless Education Assistance Improvements Act of 2001, 42 U.S.C. Sec. 11431 et seq.
(2) “Aggregate data” means data that:
(a) are totaled and reported at the group, cohort, school, school district, region, or state level with at least 10 individuals in the level;
(b) do not reveal personally identifiable student data; and
(c) are collected in accordance with state board rule.
(3)(a) “Biometric identifier” means a:
(i) retina or iris scan;
(iii) human biological sample used for valid scientific testing or screening; or
(iv) scan of hand or face geometry.
(b) “Biometric identifier” does not include:
(i) a writing sample;
(ii) a written signature;
(iii) a voiceprint;
(iv) a photograph;
(v) demographic data; or
(vi) a physical description, such as height, weight, hair color, or eye color.
(4) “Biometric information” means information, regardless of how the information is collected, converted, stored, or shared:
(a) based on an individual's biometric identifier; and
(b) used to identify the individual.
(5) “Data breach” means an unauthorized release of or unauthorized access to personally identifiable student data that is maintained by an education entity.
(6) “Data governance plan” means an education entity's comprehensive plan for managing education data that:
(a) incorporates reasonable data industry best practices to maintain and protect student data and other education-related data;
(b) describes the role, responsibility, and authority of an education entity data governance staff member;
(c) provides for necessary technical assistance, training, support, and auditing;
(d) describes the process for sharing student data between an education entity and another person;
(e) describes the education entity's data expungement process, including how to respond to requests for expungement;
(f) describes the data breach response process; and
(g) is published annually and available on the education entity's website.
(7) “Education entity” means:
(a) the state board;
(b) a local school board;
(c) a charter school governing board;
(d) a school district;
(e) a charter school; or
(f) the Utah Schools for the Deaf and the Blind.
(8) “Expunge” means to seal or permanently delete data, as described in state board rule made in accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act, under Section 53E-9-306.
(9) “General audience application” means an Internet website, online service, online application, mobile application, or software program that:
(a) is not specifically intended for use by an audience member that attends kindergarten or a grade from 1 to 12, although an audience member may attend kindergarten or a grade from 1 to 12; and
(b) is not subject to a contract between an education entity and a third-party contractor.
(10) “Local education agency” or “LEA” means:
(a) a school district;
(b) a charter school; or
(c) the Utah Schools for the Deaf and the Blind.
(11) “Metadata dictionary” means a record that:
(a) defines and discloses all personally identifiable student data collected and shared by the education entity;
(b) comprehensively lists all recipients with whom the education entity has shared personally identifiable student data, including:
(i) the purpose for sharing the data with the recipient;
(ii) the justification for sharing the data, including whether sharing the data was required by federal law, state law, or a local directive; and
(iii) how sharing the data is permitted under federal or state law; and
(c) without disclosing personally identifiable student data, is displayed on the education entity's website.
(12) “Necessary student data” means data required by state statute or federal law to conduct the regular activities of an education entity, including:
(b) date of birth;
(d) parent contact information;
(e) custodial parent information;
(f) contact information;
(g) a student identification number;
(h) local, state, and national assessment results or an exception from taking a local, state, or national assessment;
(i) courses taken and completed, credits earned, and other transcript information;
(j) course grades and grade point average;
(k) grade level and expected graduation date or graduation cohort;
(l) degree, diploma, credential attainment, and other school exit information;
(m) attendance and mobility;
(n) drop-out data;
(o) immunization record or an exception from an immunization record;
(r) tribal affiliation;
(s) remediation efforts;
(u) information related to the Utah Registry of Autism and Developmental Disabilities, described in Section 26-7-4;
(v) student injury information;
(w) a disciplinary record created and maintained as described in Section 53E-9-306;
(x) juvenile delinquency records;
(y) English language learner status; and
(z) child find and special education evaluation data related to initiation of an IEP.
(13)(a) “Optional student data” means student data that is not:
(i) necessary student data; or
(ii) student data that an education entity may not collect under Section 53E-9-305.
(b) “Optional student data” includes:
(i) information that is:
(A) related to an IEP or needed to provide special needs services; and
(B) not necessary student data;
(ii) biometric information; and
(iii) information that is not necessary student data and that is required for a student to participate in a federal or other program.
(14) “Parent” means:
(a) a student's parent;
(b) a student's legal guardian; or
(c) an individual who has written authorization from a student's parent or legal guardian to act as a parent or legal guardian on behalf of the student.
(15)(a) “Personally identifiable student data” means student data that identifies or is used by the holder to identify a student.
(b) “Personally identifiable student data” includes:
(i) a student's first and last name;
(ii) the first and last name of a student's family member;
(iii) a student's or a student's family's home or physical address;
(iv) a student's email address or other online contact information;
(v) a student's telephone number;
(vi) a student's social security number;
(vii) a student's biometric identifier;
(viii) a student's health or disability data;
(ix) a student's education entity student identification number;
(x) a student's social media user name and password or alias;
(xi) if associated with personally identifiable student data, the student's persistent identifier, including:
(A) a customer number held in a cookie; or
(B) a processor serial number;
(xii) a combination of a student's last name or photograph with other information that together permits a person to contact the student online;
(xiii) information about a student or a student's family that a person collects online and combines with other personally identifiable student data to identify the student; and
(xiv) information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty.
(16) “School official” means an employee or agent of an education entity, if the education entity has authorized the employee or agent to request or receive student data on behalf of the education entity.
(17)(a) “Student data” means information about a student at the individual student level.
(b) “Student data” does not include aggregate or de-identified data.
(18) “Student data manager” means:
(a) the state student data officer; or
(19)(a) “Targeted advertising” means presenting advertisements to a student where the advertisement is selected based on information obtained or inferred over time from that student's online behavior, usage of applications, or student data.
(b) “Targeted advertising” does not include advertising to a student:
(i) at an online location based upon that student's current visit to that location; or
(ii) in response to that student's request for information or feedback, without retention of that student's online activities or requests over time for the purpose of targeting subsequent ads.
(20) “Third-party contractor” means a person who:
(a) is not an education entity; and
(b) pursuant to a contract with an education entity, collects or receives student data in order to provide a product or service, as described in the contract, if the product or service is not related to school photography, yearbooks, graduation announcements, or a similar product or service.
(21) “Written consent” means written authorization to collect or share a student's student data, from:
(a) the student's parent, if the student is not an adult student; or
(b) the student, if the student is an adult student.
Cite this article: FindLaw.com - Utah Code Title 53E. Public Education System--State Administration § 53E-9-301. Definitions - last updated May 05, 2022 | https://codes.findlaw.com/ut/title-53e-public-education-system-state-administration/ut-code-sect-53e-9-301.html
FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature or via Westlaw before relying on it for your legal needs.