|
|
|
A BILL TO BE ENTITLED
|
|
AN ACT
|
|
relating to student data security in public schools. |
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
SECTION 1. Chapter 32, Education Code, is amended by adding |
|
Subchapter E to read as follows: |
|
SUBCHAPTER E. STUDENT DATA SECURITY |
|
Sec. 32.201. DEFINITION. In this subchapter, "data breach" |
|
means an incident in which student information that is sensitive, |
|
protected, or confidential, as provided by state or federal law, is |
|
stolen or is copied, transmitted, viewed, or used by a person |
|
unauthorized to engage in that action. |
|
Sec. 32.202. REPORTING OF STUDENT DATA BREACH. (a) A |
|
school district shall provide written notice to a parent of or |
|
person standing in parental relation to a student enrolled in the |
|
district of a school district data breach involving the student's |
|
information not later than the 30th day after the date on which the |
|
district becomes aware of the data breach. The notice must include: |
|
(1) a description of the type of information that was |
|
the subject of the data breach; and |
|
(2) a general description of any action taken or |
|
planned to be taken by the district to: |
|
(A) reduce damage as a result of the data breach; |
|
or |
|
(B) prevent another data breach, including |
|
adopting a student privacy pledge. |
|
(b) A school district shall submit to the agency a report on |
|
a school district data breach not later than the 60th day after the |
|
date the district becomes aware of the data breach. The report must |
|
include: |
|
(1) detailed information regarding the nature of the |
|
data breach; |
|
(2) the number of students affected by the data |
|
breach; |
|
(3) a description of the type of information that was |
|
the subject of the data breach; and |
|
(4) a detailed description of any action taken or |
|
planned to be taken by the district to: |
|
(A) reduce damage as a result of the data breach; |
|
or |
|
(B) prevent another data breach, including |
|
adopting a student privacy pledge. |
|
(c) Information reported under Subsection (b)(1) or (4) is |
|
confidential and not subject to disclosure under Chapter 552, |
|
Government Code. |
|
Sec. 32.203. STUDENT DATA BREACH DATABASE. (a) The agency |
|
shall establish and maintain an electronically searchable database |
|
that contains information regarding each school district data |
|
breach reported under Section 32.202(b). |
|
(b) The database must contain the following publicly |
|
accessible information for each school district data breach: |
|
(1) the school district at which the data breach |
|
occurred; and |
|
(2) the number of students affected by the data |
|
breach. |
|
(c) The database must also contain for each school district |
|
data breach the information reported under Sections 32.202(b)(1) |
|
and (4). The agency shall ensure that only a school administrator |
|
may access information contained in the database under this |
|
subsection. |
|
Sec. 32.204. RULES. The commissioner may adopt rules as |
|
necessary to implement this subchapter. |
|
SECTION 2. Section 12.104(b), Education Code, as amended by |
|
Chapters 324 (S.B. 1488), 522 (S.B. 179), and 735 (S.B. 1153), Acts |
|
of the 85th Legislature, Regular Session, 2017, is reenacted and |
|
amended to read as follows: |
|
(b) An open-enrollment charter school is subject to: |
|
(1) a provision of this title establishing a criminal |
|
offense; and |
|
(2) a prohibition, restriction, or requirement, as |
|
applicable, imposed by this title or a rule adopted under this |
|
title, relating to: |
|
(A) the Public Education Information Management |
|
System (PEIMS) to the extent necessary to monitor compliance with |
|
this subchapter as determined by the commissioner; |
|
(B) criminal history records under Subchapter C, |
|
Chapter 22; |
|
(C) reading instruments and accelerated reading |
|
instruction programs under Section 28.006; |
|
(D) accelerated instruction under Section |
|
28.0211; |
|
(E) high school graduation requirements under |
|
Section 28.025; |
|
(F) special education programs under Subchapter |
|
A, Chapter 29; |
|
(G) bilingual education under Subchapter B, |
|
Chapter 29; |
|
(H) prekindergarten programs under Subchapter E |
|
or E-1, Chapter 29; |
|
(I) extracurricular activities under Section |
|
33.081; |
|
(J) discipline management practices or behavior |
|
management techniques under Section 37.0021; |
|
(K) health and safety under Chapter 38; |
|
(L) public school accountability under |
|
Subchapters B, C, D, F, G, and J, Chapter 39, and Chapter 39A; |
|
(M) the requirement under Section 21.006 to |
|
report an educator's misconduct; |
|
(N) intensive programs of instruction under |
|
Section 28.0213; |
|
(O) the right of a school employee to report a |
|
crime, as provided by Section 37.148; [and] |
|
(P) bullying prevention policies and procedures |
|
under Section 37.0832; |
|
(Q) the right of a school under Section 37.0052 |
|
to place a student who has engaged in certain bullying behavior in a |
|
disciplinary alternative education program or to expel the student; |
|
[and] |
|
(R) the right under Section 37.0151 to report to |
|
local law enforcement certain conduct constituting assault or |
|
harassment; |
|
(S) [(P)] a parent's right to information |
|
regarding the provision of assistance for learning difficulties to |
|
the parent's child as provided by Sections 26.004(b)(11) and |
|
26.0081(c) and (d); and |
|
(T) student data security under Subchapter E, |
|
Chapter 32. |
|
SECTION 3. To the extent of any conflict, this Act prevails |
|
over another Act of the 86th Legislature, Regular Session, 2019, |
|
relating to nonsubstantive additions to and corrections in enacted |
|
codes. |
|
SECTION 4. This Act takes effect immediately if it receives |
|
a vote of two-thirds of all the members elected to each house, as |
|
provided by Section 39, Article III, Texas Constitution. If this |
|
Act does not receive the vote necessary for immediate effect, this |
|
Act takes effect September 1, 2019. |