252:1 New Paragraph; Student and Teacher Information Protection; Data Inventory Security Plan. Amend RSA 189:66 by inserting after paragraph IV the following new paragraph:

V. The department shall establish minimum standards for privacy and security of student and employee data, based on best practices, for local education agencies. Each local education agency shall develop a data and privacy governance plan which shall be presented to the school board for review and approval by June 30, 2019. The plan shall be updated annually and presented to the school board. The plan shall include:

(a) An inventory of all software applications, digital tools, and extensions. The inventory shall include users of the applications, the provider, purpose, publisher, privacy statement, and terms of use.

(b) A review of all software applications, digital tools, and extensions and an assurance that they meet or exceed standards set by the department.

(c) Policies and procedures for access to data and protection of privacy for students and staff including acceptable use policy for applications, digital tools, and extensions.

(d) A response plan for any breach of information.

(e) A requirement for a service provider to meet or exceed standards for data protection and privacy.

252:2 Student and Teacher Information Protection; Data Inventory Security Plan. Amend the introductory paragraph of RSA 189:66, IV to read as follows:

IV. The department and each local education agency shall make publicly available students' and parents' rights under the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. section 1232g, et seq., and applicable state law including:

252:3 Effective Date. This act shall take effect 60 days after its passage.

Approved: June 12, 2018

Effective Date: August 11, 2018

252:1 New Paragraph; Student and Teacher Information Protection; Data Inventory Security Plan. Amend RSA 189:66 by inserting after paragraph IV the following new paragraph:

V. The department shall establish minimum standards for privacy and security of student and employee data, based on best practices, for local education agencies. Each local education agency shall develop a data and privacy governance plan which shall be presented to the school board for review and approval by June 30, 2019. The plan shall be updated annually and presented to the school board. The plan shall include:

(a) An inventory of all software applications, digital tools, and extensions. The inventory shall include users of the applications, the provider, purpose, publisher, privacy statement, and terms of use.

(b) A review of all software applications, digital tools, and extensions and an assurance that they meet or exceed standards set by the department.

(c) Policies and procedures for access to data and protection of privacy for students and staff including acceptable use policy for applications, digital tools, and extensions.

(d) A response plan for any breach of information.

(e) A requirement for a service provider to meet or exceed standards for data protection and privacy.

252:2 Student and Teacher Information Protection; Data Inventory Security Plan. Amend the introductory paragraph of RSA 189:66, IV to read as follows:

IV. The department and each local education agency shall make publicly available students' and parents' rights under the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. section 1232g, et seq., and applicable state law including:

252:3 Effective Date. This act shall take effect 60 days after its passage.

Approved: June 12, 2018

Effective Date: August 11, 2018