Senate Engrossed
students; data; accessibility |
State of Arizona Senate Fifty-fifth Legislature First Regular Session 2021
|
SENATE BILL 1279 |
|
|
AN ACT
amending section 15-1043, Arizona Revised Statutes; appropriating monies; relating to the student accountability information system.
(TEXT OF BILL BEGINS ON NEXT PAGE)
Be it enacted by the Legislature of the State of Arizona:
Section. 1. Section 15-1043, Arizona Revised Statutes, is amended to read:
15-1043. Student level data; allowable disclosure; policies; funds; report
A. Any disclosure of educational records compiled by the department of education pursuant to this article shall comply with the family educational rights and privacy act (20 United States Code section 1232g).
B. Student level data may not be updated unless the change is authorized by the school district, career technical education district or charter school.
C. The department of education shall adopt policies and procedures to both:
1. Allow access of student level data for currently enrolled students to all of the following:
(a) School districts. ,
(b) Career technical education districts. and
(c) Charter schools.
2. Allow access of student level data to all of the following:
(a) County school superintendents for students currently enrolled in a school district located in the superintendent's county of jurisdiction.
(b) The state board of education for students currently enrolled in a school district or charter school in this state.
(c) The state board for charter schools for students currently enrolled in a charter school sponsored by the state board for charter schools.
d. The department of education shall develop, publish and make publicly available policies and procedures to comply with the family educational rights and privacy act (20 united states code 1232g) and other relevant privacy laws and policies, including policies that manage access to personally identifiable information, to be implemented by the department of education, county school superintendents, the state board of education and the state board for charter schools pursuant to this section and as prescribed by interagency data-sharing agreements. The policies and procedures must comply with all of the following:
1. Contain a detailed data security plan that includes all of the following:
(a) guidelines for authorizing access to the systems housing student level data and to individual student data, including guidelines for authenticating authorized access.
(b) privacy compliance standards.
(c) privacy and security audits.
(d) security breach planning, notice and procedures.
(e) data retention and disposition policies, which must include specific criteria for identifying when and how the data will be destroyed.
(f) guidance for school districts, charter schools and staff regarding data use.
(g) consequences for security breaches.
(h) staff training regarding the guidelines.
2. Ensure that written agreements involving the disclosure of student level data to the department of education, county school superintendents, the state board of education and the state board for charter schools comply with all of the following:
(a) meet the minimum conditions prescribed by the family educational rights and privacy act for exceptions to written parental consent as outlined in 20 united states code section 1232g(b) and (h) through (j) and 34 code of federal regulations section 99.31.
(b) specify the purpose, scope and duration of the disclosure and the information to be disclosed.
(c) require the organization to use personally identifiable information from educational records only to meet the purpose or purposes of the disclosure as stated in the written agreement.
(d) require the organization to conduct the disclosure in a manner that does not allow access to the personally identifiable data of parents and students by anyone other than representatives of the organization with legitimate interests.
(e) require the organization to destroy all personally identifiable information when the information is no longer needed for the purposes for which the disclosure was conducted and to specify the time period in which the information must be destroyed.
3. Ensure that any work products from the use of student level data by the department of education, county school superintendents, the state board of education or the state board for charter schools are not in conflict with any state and federal reporting that meets state and federal law.
4. Provide access to student level data through an online platform within the parameters of federal law and pursuant to the written agreements with the consent of the required parties.
E. nothing in this section applies to a homeschool student with an affidavit on file pursuant to section 15-802.
F. The sum of $200,000 is appropriated from the state general fund in fiscal year 2022-2023 and each fiscal year thereafter to the department of education to adopt policies and procedures to manage access and protect student level data as prescribed in this section.
G. on or before December 31 of each year, the department of education shall report to the joint legislative budget committee on how the monies are being used to manage access and protect student level data as prescribed in this section.
Sec. 2. Appropriations; department of education; student level data
A. The sum of $350,000 is appropriated from the state general fund in fiscal year 2021-2022 to the department of education to implement section 15-1043, Arizona Revised Statutes, as amended by this act.
B. On or before December 31, 2021, the department of education shall report to the joint legislative budget committee on how the monies are being used to manage access and protect student level data as prescribed in section 15-1043, Arizona Revised Statutes.