Bill Number: S.B. 1209
Pace
Floor Amendment
Reference
to: printed bill
Amendment
drafted by: Julia Paulus
FLOOR
AMENDMENT EXPLANATION
1. Limits
access to student-level data for county school superintendents, the State Board
of Education (SBE) and the Arizona State Board for Charter Schools (ASBCS) to
students currently within their jurisdiction.
2. Removes
the ability of county school superintendents, SBE and the ASBCS to access the
education learning and accountability system.
3. Requires
the Arizona Department of Education (ADE) to develop policies that comply with
the Family Educational Rights and Privacy Act (FERPA) and other privacy laws to
be implemented by ADE, county school superintendents, SBE and ASBCS.
4.
Outlines required components of the ADE adopted privacy
policies, including:
a) a
detailed data security plan;
b)
requirements that ensure written agreements disclosing
student data meet FERPA regulations, outlined privacy requirements and federal
and state reporting laws; and
c)
requirements that ensure access to student level data
provided through an online platform is compliant with federal law.
Page 1,
strike lines 2 through 45
Strike page
2
Page 3,
strike lines 1 through 14
Renumber to
conform
Page 5, line
37, after "superintendents" insert "for students currently enrolled in school districts located in their
county of jurisdiction"
Line 38,
after "education" insert "for
students currently enrolled in a school district or charter school in this
state"
Line 39,
after "schools" insert "for
students currently enrolled in charter schools sponsored by the state board for
charter schools"
After line
39, insert:
"d. The department of education shall develop, publish, and make
publicly available policies and procedures to comply with the family
educational rights and privacy act (20 united states code 1232g), and other
relevant privacy laws and policies, including policies that manage access to
personally identifiable information to be implemented by the department of
education, the county school superintendents, the state board of education and
the state board for charter schools pursuant to this section and as defined by
interagency data-sharing agreements. The policies and procedures must comply
with all of the following:
1. Contain
a detailed data security plan that includes all of the following:
(a) guidelines
for authorizing access to the systems housing student level data and to individual
student data, including guidelines for authenticating authorized access.
(b) privacy
compliance standards.
(c) privacy
and security audits.
(d) security
breach planning, notice, and procedures.
(e) data
retention and disposition policies, which must include specific criteria for
identifying when and how the data will be destroyed.
(f) guidance
for school districts, charter schools and staff regarding data use.
(g) consequences
for security breaches.
(h) staff
training regarding the guidelines.
2.
Ensure that written agreements involving the disclosure of student level data
to the department of education, the county school superintendents, the state
board of education and the state board for charter schools must comply with all
of the following:
(a) meet
the minimum conditions prescribed by the family educational rights and privacy
act for exceptions to written parental consent as outlined in 20 united states
code section 1232g(b)
and (h) through
(j) and 34 code
of federal regulations section 99.31.
(b) specify
the purpose, scope and duration of the study or studies and the information to
be disclosed.
(c) require
the organization to use personally identifiable information from educational
records only to meet the purpose or purposes of the study as stated in the
written agreement.
(d) require
the organization to conduct the study in a manner that does not allow access to
the personally identifiable data of parents and students by anyone other than
representatives of the organization with legitimate interests.
(e) require
the organization to destroy all personally identifiable information when the
information is no longer needed for the purposes for which the study was
conducted and to specify the time period in which the information must be
destroyed.
3. Ensure
that any work products from the aforementioned use of student level data by the
department of education, the county superintendents, the state board of
education or the state board for charter schools are not in conflict with any
state and federal reporting that meets state and federal law.
4. Provide
access to student level data through an online platform within the parameters
of federal law and pursuant to the written agreements with the consent of the
required parties."
Amend title to conform