BILL ANALYSIS |
|
C.S.H.B. 363 |
|
By: VanDeaver |
|
Public Education |
|
Committee Report (Substituted) |
|
BACKGROUND AND PURPOSE
It has been reported that student data being transferred to certain vendors conducting business with local education agencies is insufficiently protected and is of a higher volume and specification than is necessary for the vendors to perform their services or for the agencies to use their products. Some vendors currently ask for more student data than they need to complete their contractual obligations. For example, in order to provide textbook resources, some vendors demand that public school districts provide them with detailed and unnecessary personal information about students, including their dates of birth, ethnicity, free and reduced lunch status, or English language status. Provision of these data points may be serving the private research and financial interests of the vendors rather than the interests of the students.
Additionally, vendors are not held accountable uniformly across Texas for how they use student data. As a result, private companies, some of which are national in scale, are dictating the language of data agreements with Texas schools and removing power over the data from educators and students. In order to better protect students, the amount of data that applicable vendors receive must be restricted, and vendors must be required to mask student data and to abide by data sharing agreements that articulate minimum standards of safety. C.S.H.B. 363 seeks to address these issues by restricting the acquisition and use of personally identifiable student information by certain operators of a website, online service, online application, or mobile application used for a school purpose.
|
|
CRIMINAL JUSTICE IMPACT
It is the committee's opinion that this bill does not expressly create a criminal offense, increase the punishment for an existing criminal offense or category of offenses, or change the eligibility of a person for community supervision, parole, or mandatory supervision.
|
|
RULEMAKING AUTHORITY
It is the committee's opinion that rulemaking authority is expressly granted to the commissioner of education in SECTION 1 of this bill.
|
|
ANALYSIS
C.S.H.B. 363 amends the Education Code to provide for certain data security standards for an operator of a website, online service, online application, or mobile application used primarily for a school purpose. The bill requires such an operator that has been approved by the Texas Education Agency (TEA) or has had a product adopted by TEA and possesses any covered information, as defined by statutory provisions relating to student information protection, to do the following: · mask all personally identifiable student information by using the unique identifier established by the Texas Student Data System for any account creation, data upload, data transmission, analysis, or reporting; and · adhere to a state-required student data sharing agreement that includes an applicable established unique identifier standard.
C.S.H.B. 363 authorizes an operator, in addition to including the unique identifier in releasing information, to include any other data field identified by TEA or by a public school district, open-enrollment charter school, regional education service center, or other local education agency as necessary for the information being released to be useful. The bill authorizes a local education agency to include additional data fields in an agreement with an operator or in the amendment of such an agreement. The bill authorizes an operator to agree to include the additional data fields requested by a local education agency but prohibits the operator from requiring that additional data fields be included.
C.S.H.B. 363 authorizes a local education agency to require an operator that contracts directly with the local education agency to adhere to a state-required student data sharing agreement that includes the use of an established unique identifier standard, as prescribed by TEA for all operators that are approved or whose products are adopted at the state level.
C.S.H.B. 363 exempts a national assessment provider from compliance with the bill's provisions relating to the use of a unique identifier and relating to applicable student data sharing agreements if the provider receives covered information from a student, or from a district or campus on a student's behalf, solely to provide access to employment, educational scholarships, financial aid, postsecondary educational opportunities, or certain educational resources. The bill authorizes the commissioner of education to adopt rules as necessary to administer provisions relating to the protection of covered information provided to an operator.
|
|
EFFECTIVE DATE
September 1, 2023.
|
|
COMPARISON OF ORIGINAL AND SUBSTITUTE
|
|
While C.S.H.B. 363 may differ from the original in minor or nonsubstantive ways, the following summarizes the substantial differences between the introduced and committee substitute versions of the bill.
The substitute includes the following provisions: · a provision that authorizes an operator, in addition to including the unique identifier in releasing information, to include any other data field identified as necessary by TEA or a local education agency; and · provisions relating to the inclusion of additional data fields in a local education agency's agreement with an operator.
The substitute changes the bill's effective date from August 31, 2022, to September 1, 2023. |
|
|
|
|
|
|
|
|