(1) The chief privacy officer shall establish a higher education privacy advisory group to advise institutions and institution boards of trustees on student data protection. (2) The advisory group shall consist of: (a) the chief privacy officer; (b) the higher education privacy officer; and (c) the following members, appointed by the commissioner: (i) at least one Utah System of Higher Education employee; and (ii) at least one representative of the Utah Board of Higher Education. (3) The advisory group shall: (a) discuss and make recommendations to the board and institutions regarding: (i) existing and proposed: (A) board rules; or (B) board policies of the Utah Board of Higher Education or institutions; and (ii) training on protecting student data privacy; and (b) perform other tasks related to student data protection as designated by the Utah Board of Higher Education. (4) The higher education privacy officer shall: (a) provide training and support to institution boards and employees; and (b) produce: (i) resource materials; (ii) model data governance plans; (iii) model forms for institution student data protection governance; and (iv) a model data collection notice. (5) The board shall: (a) (i) create and maintain a data governance plan; and (ii) annually publish the data governance plan on the Utah System of Higher Education website; and (b) establish standards for: (i) institution policies to protect student data; (ii) institution data governance plans; and (iii) a third-party contractor's use of student data.
‹ Prev All Utah sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.