The Department, in consultation with the Department of Information Technology and county boards, shall develop and update best practices for county boards to: (1) Manage and maintain data privacy and security practices in the processing of student data and personally identifiable information across the county board's information technology and records management systems; (2) Develop and implement: (i) A data privacy and security incident response plan; (ii) A breach notification plan; and (iii) Procedures and requirements for allowing access to student data and personally identifiable information for a legitimate research purpose; and (3) Publish information annually on: (i) Types of student data and personally identifiable information processed by the county board, the protocols for processing student data, and the rationales for selecting processing protocols; (ii) Contracted services that involve sharing student data between a county board and a school service contract provider; and (iii) Procedures and rationales for vetting and selecting Internet sites, services, and applications.
‹ Prev All Maryland sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.