(1) An LEA shall report a data breach to the Cyber Center: (a) in accordance with Section 63A-19-405; and (b) consistent with standards and procedures established in rule under Subsection 63C-27-202(9). (2) In addition to the requirements in Section 63A-19-405, an LEA shall: (a) notify the state board within 24 hours of discovering the data breach; (b) coordinate with UETN if the data breach involves network infrastructure or services provided by UETN; and (c) cooperate with the Cyber Center's investigation and response efforts. (3) The Cyber Center shall provide assistance to an LEA in responding to a data breach in the same manner the Cyber Center provides assistance to a governmental entity as described in Title 63A, Chapter 16, Part 11, Utah Cyber Center. (4) An LEA shall: (a) participate in cybersecurity information sharing initiatives coordinated by the Cyber Center; (b) designate a primary point of contact for cybersecurity matters who shall interface with the Cyber Center, the state board, and UETN; and (c) cooperate with statewide cybersecurity assessments and improvement initiatives. (5) (a) A regional education service agency, as that term is defined in Section 53G-4-410, may serve as the designated primary cybersecurity contact for multiple LEAs within the service area. (b) If a regional education service agency serves as the primary contact under Subsection (5)(a), the agency shall: (i) coordinate with the Cyber Center, the state board, and UETN on behalf of the participating LEAs; (ii) ensure each participating LEA meets the minimum cybersecurity standards established under Subsection 63C-27-202(9); and (iii) maintain documentation of cybersecurity services provided to each LEA.
‹ Prev All Utah sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.