Bill Text: AZ HB2602 | 2015 | Fifty-second Legislature 1st Regular | Engrossed
Bill Title: School service providers; information privacy
Spectrum: Partisan Bill (Republican 1-0)
Status: (Engrossed - Dead) 2015-03-17 - Referred to Senate ED Committee [HB2602 Detail]
Download: Arizona-2015-HB2602-Engrossed.html
|
House Engrossed |
|
State of Arizona House of Representatives Fifty-second Legislature First Regular Session 2015
|
|
HOUSE BILL 2602 |
|
|
|
|
AN ACT
amending Title 15, chapter 9, article 8, Arizona Revised Statutes, by adding section 15-1046; relating to student personal information.
(TEXT OF BILL BEGINS ON NEXT PAGE)
Be it enacted by the Legislature of the State of Arizona:
Section 1. Title 15, chapter 9, article 8, Arizona Revised Statutes, is amended by adding section 15-1046, to read:
15-1046. School service providers; privacy information; definitions
A. A School service provider shall do all of the following:
1. Provide clear and easy to understand information about the types of student personal information that the school service provider collects and about how the school service provider uses and shares this student personal information.
2. Provide prominent notice before making material changes to its privacy policies for school services.
3. Facilitate access to and correction of student personal information by students and parents either directly or through the relevant school district, charter school or teacher.
4. Obtain consent before using student personal information in a manner that is inconsistent with the provider's privacy policy for the applicable school service in effect at the time of collection. If the student personal information was collected directly from students, the school service provider shall obtain consent from the student's parent or the student if the student is at least eighteen years of age. In all other cases, consent may be obtained from the school district, charter school or teacher.
5. Maintain a comprehensive information security program that is reasonably designed to protect the security, privacy, confidentiality and integrity of student personal information and that uses appropriate administrative, technological and physical safeguards.
6. Require any third party involved on the providers' behalf to adhere to and implement the requirements of this section.
7. Before permitting a successor entity to access student personal information, ensure that the successor entity will abide by all privacy and security commitments related to previously collected student personal information.
B. If the school service is offered to a school district or charter school or a teacher in a school district or charter school, the information prescribed in subsection A, paragraphs 1 and 2 of this section may be provided to the school district, charter school or teacher.
C. A school service provider may collect, use and share student personal information only for the purposes authorized by the school district, charter school or teacher, or with the consent of the student's parent or the student if the student is at least eighteen years of age.
D. A school service provider may not do any of the following:
1. Sell student personal information.
2. Use or share any student personal information for the purpose of behaviorally targeting advertisements to students.
3. Use student personal information to create a personal profile of a student other than for supporting purposes authorized by the school district, charter school or teacher, or with the consent of the student's parent or the student if the student is at least eighteen years of age.
4. Knowingly retain student personal information beyond the time period authorized by the school district, charter school or teacher, unless the school service provider has obtained consent from the student's parent or the student if the student is at least eighteen years of age.
E. If a school service provider entered into a signed, written contract with a school district, charter school or teacher before the effective date of this section, the school service provider is not required to comply with this section with respect to that contract until the next renewal date of the contract.
F. This section does not prohibit the use of student personal information for the purposes of adaptive learning or customized education.
G. For the purposes of this section:
1. "School service" means a website, mobile application or online service that is designed and marketed for use in elementary or secondary schools, that is used at the direction of teachers or other school employees and that collects, maintains or uses student personal information. School service does not include a website, mobile application or online service that is designed and marketed for use by individuals or entities generally, even if the website, mobile application or online service is also marketed to elementary or secondary schools.
2. "School service provider" means an entity that operates a school service.
3. "Student" means a student who is enrolled in a school district or charter school in this state.
4. "Student personal information" means information collected through a school service that identifies an individual student or that is linked to information that identifies an individual student.
Sec. 2. Short title
This act may be cited as the "Student User Privacy in Education Rights Act" or the "S.U.P.E.R. Act".
