An operator shall: (1) Implement and maintain reasonable security procedures and practices appropriate to the nature of the student data to protect that information from unauthorized access, destruction, use, modification, or disclosure, which shall, at a minimum, comply with the Department of Technology and Information's Cloud and Offsite Hosting Policy and include the terms and conditions set forth in the Department of Technology and Information's Cloud and Offsite Hosting Template for Non-Public Data. (2) Delete a student's data within a reasonable timeframe not to exceed 45 calendar days if a school district or school requests deletion of data under the control of the school district or school.
‹ Prev All Delaware sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.