Bill Text: TX HB3000 | 2019-2020 | 86th Legislature | Engrossed
Bill Title: Relating to student data security in public schools.
Sponsorship: Slight Partisan Bill (Republican 2-1)
Status: (Engrossed - Dead) 2019-05-10 - Referred to Education [HB3000 Detail]
Download: Texas-2019-HB3000-Engrossed.html
| 86R21041 MP-D | ||
| By: Talarico, Capriglione, Dean | H.B. No. 3000 | |
|
|
||
|
|
||
| relating to student data security in public schools. | ||
| BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
| SECTION 1. Chapter 32, Education Code, is amended by adding | ||
| Subchapter E to read as follows: | ||
| SUBCHAPTER E. STUDENT DATA SECURITY | ||
| Sec. 32.201. DEFINITION. In this subchapter, "data breach" | ||
| means an incident in which student information that is sensitive, | ||
| protected, or confidential, as provided by state or federal law, is | ||
| stolen or is copied, transmitted, viewed, or used by a person | ||
| unauthorized to engage in that action. | ||
| Sec. 32.202. REPORTING OF STUDENT DATA BREACH. (a) A | ||
| school district shall provide written notice to a parent of or | ||
| person standing in parental relation to a student enrolled in the | ||
| district of a school district data breach involving the student's | ||
| information not later than the 30th day after the date on which the | ||
| district becomes aware of the data breach. The notice must include: | ||
| (1) a description of the type of information that was | ||
| the subject of the data breach; and | ||
| (2) a general description of any action taken or | ||
| planned to be taken by the district to: | ||
| (A) reduce damage as a result of the data breach; | ||
| or | ||
| (B) prevent another data breach, including | ||
| adopting a student privacy pledge. | ||
| (b) A school district shall submit to the agency a report on | ||
| a school district data breach not later than the 60th day after the | ||
| date the district becomes aware of the data breach. The report must | ||
| include: | ||
| (1) detailed information regarding the nature of the | ||
| data breach; | ||
| (2) the number of students affected by the data | ||
| breach; | ||
| (3) a description of the type of information that was | ||
| the subject of the data breach; and | ||
| (4) a detailed description of any action taken or | ||
| planned to be taken by the district to: | ||
| (A) reduce damage as a result of the data breach; | ||
| or | ||
| (B) prevent another data breach, including | ||
| adopting a student privacy pledge. | ||
| (c) Information reported under Subsection (b)(1) or (4) is | ||
| confidential and not subject to disclosure under Chapter 552, | ||
| Government Code. | ||
| Sec. 32.203. STUDENT DATA BREACH DATABASE. (a) The agency | ||
| shall establish and maintain an electronically searchable database | ||
| that contains information regarding each school district data | ||
| breach reported under Section 32.202(b). | ||
| (b) The database must contain the following publicly | ||
| accessible information for each school district data breach: | ||
| (1) the school district at which the data breach | ||
| occurred; and | ||
| (2) the number of students affected by the data | ||
| breach. | ||
| (c) The database must also contain for each school district | ||
| data breach the information reported under Sections 32.202(b)(1) | ||
| and (4). The agency shall ensure that only a school administrator | ||
| may access information contained in the database under this | ||
| subsection. | ||
| Sec. 32.204. RULES. The commissioner may adopt rules as | ||
| necessary to implement this subchapter. | ||
| SECTION 2. Section 12.104(b), Education Code, as amended by | ||
| Chapters 324 (S.B. 1488), 522 (S.B. 179), and 735 (S.B. 1153), Acts | ||
| of the 85th Legislature, Regular Session, 2017, is reenacted and | ||
| amended to read as follows: | ||
| (b) An open-enrollment charter school is subject to: | ||
| (1) a provision of this title establishing a criminal | ||
| offense; and | ||
| (2) a prohibition, restriction, or requirement, as | ||
| applicable, imposed by this title or a rule adopted under this | ||
| title, relating to: | ||
| (A) the Public Education Information Management | ||
| System (PEIMS) to the extent necessary to monitor compliance with | ||
| this subchapter as determined by the commissioner; | ||
| (B) criminal history records under Subchapter C, | ||
| Chapter 22; | ||
| (C) reading instruments and accelerated reading | ||
| instruction programs under Section 28.006; | ||
| (D) accelerated instruction under Section | ||
| 28.0211; | ||
| (E) high school graduation requirements under | ||
| Section 28.025; | ||
| (F) special education programs under Subchapter | ||
| A, Chapter 29; | ||
| (G) bilingual education under Subchapter B, | ||
| Chapter 29; | ||
| (H) prekindergarten programs under Subchapter E | ||
| or E-1, Chapter 29; | ||
| (I) extracurricular activities under Section | ||
| 33.081; | ||
| (J) discipline management practices or behavior | ||
| management techniques under Section 37.0021; | ||
| (K) health and safety under Chapter 38; | ||
| (L) public school accountability under | ||
| Subchapters B, C, D, F, G, and J, Chapter 39, and Chapter 39A; | ||
| (M) the requirement under Section 21.006 to | ||
| report an educator's misconduct; | ||
| (N) intensive programs of instruction under | ||
| Section 28.0213; | ||
| (O) the right of a school employee to report a | ||
| crime, as provided by Section 37.148; [ |
||
| (P) bullying prevention policies and procedures | ||
| under Section 37.0832; | ||
| (Q) the right of a school under Section 37.0052 | ||
| to place a student who has engaged in certain bullying behavior in a | ||
| disciplinary alternative education program or to expel the student; | ||
| [ |
||
| (R) the right under Section 37.0151 to report to | ||
| local law enforcement certain conduct constituting assault or | ||
| harassment; | ||
| (S) [ |
||
| regarding the provision of assistance for learning difficulties to | ||
| the parent's child as provided by Sections 26.004(b)(11) and | ||
| 26.0081(c) and (d); and | ||
| (T) student data security under Subchapter E, | ||
| Chapter 32. | ||
| SECTION 3. To the extent of any conflict, this Act prevails | ||
| over another Act of the 86th Legislature, Regular Session, 2019, | ||
| relating to nonsubstantive additions to and corrections in enacted | ||
| codes. | ||
| SECTION 4. This Act takes effect immediately if it receives | ||
| a vote of two-thirds of all the members elected to each house, as | ||
| provided by Section 39, Article III, Texas Constitution. If this | ||
| Act does not receive the vote necessary for immediate effect, this | ||
| Act takes effect September 1, 2019. | ||
