Pub. 7 2017-2018 Issue 1

15 an internet address where it could be found. The survey would have to be given with at least a two weeks’ notice; but not more than a five-month notice. The Student Data Protection Act (2015) requires all LEAs to: 1. Designate a student data manager. The Student Data Manager is a Charter School staff member or individual that a) is the point person for USBE’s Chief Privacy Officer, b) takes the lead on complying with state and federal privacy laws, and c) authorizes and manages the external sharing of student data. 2. Publicly post an LEA Data Governance Plan. The Privacy Technical Assistance Center defines this as “organizational approach to data and information management that is formalized as a set of policies and procedures that encompass the full life cycle of data, from acquisition, to use, to disposal. This includes estab- lishing decision-making authority, policies, procedures, and stan- dards regarding data security and privacy protection, data invento- ries, content and records manage- ment, data quality control, data access, data security and risk management, data sharing and dissemination, as well as ongoing compliance monitoring of all the above-mentioned activities.” 3. Enter all disclosure of student personally identifiable infor- mation (PII) in the Metadata Dictionary. For more information on what a Metadata Dictionary is, please visit http://stream. schools.utah.gov/videoarchive/ admin/Metadata_Dictionary_ Tutorial.mp4. The Student Privacy Act (2017) requires that all employees who have access to student educational records, are trained on data confidentiality. USBE’s Student Data Privacy team has provided resources that LEAs can use for their training found on our website. We have also put together a YouTube playlist with videos that can be very helpful to teachers and administrators. In addition to those resources, we create at least one new data privacy video each month. If you would like us to come out to your LEA to provide in-person training, please contact our data privacy trainer Greg Cox at greg.cox@schools.utah.gov USBE updated Board Rule R277- 487 in May, 2017 to require all LEAs to submit an Information Technology (IT) Systems Security Plan incorporates policies and process for: a) system administration; b) application security; c) endpoint, server, and device security; d) identity, authentication, and access management; e) data protection and cryptography; f) monitoring, vulnerability, and patch management; g) high availability, disaster recov- ery, and physical protection; h) incident responses; i) acquisition and asset manage- ment; and policy, audit, and e-discovery training. Want to learn more about Student Data Privacy? Register for the November 14th or 15th inaugural Utah Data Privacy Conference by requesting an invitation from mlissa.holt@schools.utah.gov . We are a service oriented team that loves to help Charter Schools protect student data privacy. Contact us for support. Whitney Phillips, Ph.D. Chief Privacy Officer Whitney.phillips@schools.utah.gov 801-538-7523 David Sallay, M.Ed., M.P.P. Data Privacy Auditor David.sallay@schools.utah.gov Greg Cox, M.Ed. Data Privacy Trainer Greg.cox@schools.utah.gov The Student Privacy Act (2017) requires that all employees who have access to student educational records, are trained on data confidentiality. USBE’s Student Data Privacy team has provided resources that LEAs can use for their training found on our website.