HB 257: "An Act relating to restrictions on the collection, storage, and handling of student data."
00 HOUSE BILL NO. 257 01 "An Act relating to restrictions on the collection, storage, and handling of student data." 02 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF ALASKA: 03 * Section 1. AS 14.03.078 is amended to read: 04 Sec. 14.03.078. Report. The department shall provide to the legislature by 05 February 15 of each year an annual report regarding the progress of each school and 06 school district toward high academic performance by all students. The report required 07 under this section must include 08 (1) information described under AS 14.03.120(d); 09 (2) the number and percentage of students in each school who pass the 10 examination required under AS 14.03.075, and the number who pass each section of 11 the examination; 12 (3) progress of the department 13 (A) toward implementing the school accountability provisions 14 of AS 14.03.123; and 15 (B) in assisting high schools to become accredited;
01 (4) a description of the resources provided to each school and school 02 district for coordinated school improvement activities and staff training in each school 03 and school district; 04 (5) each school district's and each school's progress in aligning 05 curriculum with state education performance standards; 06 (6) a description of the efforts by the department to assist a public 07 school that receives a designation of deficient or in crisis; 08 (7) a description of intervention efforts by each school district and 09 school for students who are not meeting state performance standards; 10 (8) the number and percentage of turnover in certificated personnel and 11 superintendents; 12 (9) the number of teachers by district and by school who are teaching 13 outside the teacher's area of endorsement but in areas tested by the high school 14 competency examination; 15 (10) a description of changes made to the collection and 16 publication of student data; 17 (11) the results of privacy compliance and security audits 18 conducted in the previous year relating to student data. 19 * Sec. 2. AS 14.03.115 is amended to read: 20 Sec. 14.03.115. Access to school records [BY PARENT, FOSTER 21 PARENT, OR GUARDIAN]. Upon request of a parent, foster parent, or guardian of 22 a child under 18 years of age who is currently or was previously enrolled in a 23 municipal school district or a school district that is a regional educational attendance 24 area, the school district shall provide a written or electronic copy of the child's 25 record, including student data, based on the preference of the parent, foster 26 parent, or guardian. This section does not apply to 27 (1) a record of a child who is an emancipated minor; or 28 (2) record information that consists of the child's address if the school 29 district determines that the release of the child's address poses a threat to the health or 30 safety of the child. 31 * Sec. 3. AS 14.03.115 is amended by adding a new subsection to read:
01 (b) A school, district, or the department may use student data that contains 02 personally identifiable information for a commercial purpose only by first obtaining 03 written consent, within six months of the use, from the student or the student's parent 04 or legal guardian. Consent must be dated when signed and state the limited purpose 05 for which the consent is provided and the records that may be used. In this 06 subsection, "commercial purpose" includes marketing of products or services, 07 compilation of lists for sale or rent, development of products or services, and the 08 creation of individual, household, or group profiles. 09 * Sec. 4. AS 14.03 is amended by adding a new section to read: 10 Sec. 14.03.117. School district data security. Each school district in the state 11 shall 12 (1) adopt, implement, and monitor compliance with a data security 13 plan that includes student data security; 14 (2) implement and monitor compliance with policies and procedures 15 adopted by the board under AS 14.07.165; and 16 (3) publish and annually update on the district's Internet website, the 17 district's data security plan, data inventory, and explanation of the data inventory. 18 * Sec. 5. AS 14.03 is amended by adding a new section to article 1 to read: 19 Sec. 14.03.200. Definition. In AS 14.03.015 - 14.03.200, "student data" means 20 (1) electronic information pertaining to an individual student or group 21 of students collected or reported by a school while the student or group of students 22 was enrolled in a school in the state or that was accessed or produced by a student or 23 group of students while enrolled in a school in the state; 24 (2) electronic information pertaining to a student or group of students 25 that has been or is intended to be transmitted to or stored by a third-party contractor 26 that provides cloud computing services or other similar services to the school; and 27 (3) electronic mail communications and access information, document 28 production, and similar electronic information accessed or produced by a student on a 29 school server. 30 * Sec. 6. AS 14.07.165 is amended to read: 31 Sec. 14.07.165. Duties. The board shall adopt
01 (1) statewide goals and require each governing body to adopt written 02 goals that are consistent with local needs; 03 (2) regulations regarding the application for and award of grants under 04 AS 14.03.125; 05 (3) regulations implementing provisions of AS 14.11.014(b); 06 (4) regulations requiring approval by the board before a charter school, 07 state boarding school, or a public school may provide domiciliary services; 08 (5) regulations implementing the secondary school student competency 09 examination provisions of AS 14.03.075, including the criteria and procedure under 10 which a governing body uses a waiver to grant a diploma to a student; criteria 11 regarding granting a waiver must include provisions that a waiver may only be granted 12 for students who enter the system late or have rare or unusual circumstances meriting 13 a waiver; 14 (6) a data inventory that contains individual student data fields for 15 all educational records collected and reported by the department and by school 16 districts and public schools in the state; the board shall annually update and 17 publish on the department's Internet website the data inventory; 18 (7) an explanation of the data inventory adopted under (6) of this 19 subsection; the board shall annually update and publish on the department's 20 Internet website the explanation; the explanation must include, at a minimum, 21 the following information: 22 (A) a description of each student data field; 23 (B) the reason for the collection of each student data field; 24 (C) the entities that have access to each student data field; 25 (D) the location of the server in which the student data field 26 is being stored; 27 (E) a list of nongovernmental entities that have access to 28 one or more student data fields linked to personally identifiable 29 information; 30 (F) a description of the safeguards in place for each entity 31 listed under (E) of this paragraph that prevent unauthorized access to
01 personally identifiable information of students; 02 (8) policies and procedures consistent with relevant state and 03 federal privacy laws that 04 (A) limit access to individual and redacted student data to 05 (i) persons who require access to perform duties 06 assigned by the department, a school district, or the administrator 07 of a public school; 08 (ii) the student who is the subject of the data and the 09 student's parent, foster parent, or guardian; 10 (iii) authorized agencies as provided in state or 11 federal law or by an interagency agreement; 12 (B) restrict student data transfer except as necessary to 13 (i) comply with federal and state law; 14 (ii) fulfill student requests; 15 (iii) carry out a school transfer or student location 16 request; or 17 (iv) compare multistate assessment data; 18 (C) prohibit collecting and reporting student data 19 pertaining to 20 (i) juvenile delinquency records; 21 (ii) criminal records; 22 (iii) medical and health records; 23 (iv) biometric information; 24 (v) political or religious affiliation; 25 (D) provide for a detailed data security plan for collecting, 26 maintaining, and sharing student data that addresses 27 (i) privacy; 28 (ii) authentication; 29 (iii) breaches in security; 30 (iv) training; 31 (v) encryption; and
01 (vi) other data retention and disposition practices; 02 (E) except as otherwise provided in AS 14.03.115, prohibit 03 the sharing of student data, including electronic mail addresses and other 04 electronically stored information, for marketing or advertising purposes; 05 (F) provide for other security measures. 06 * Sec. 7. AS 14.07.165 is amended by adding a new subsection to read: 07 (b) In this section, "student data" has the meaning given in AS 14.03.200.