Skip to main content Skip to office menu Skip to footer
Capital IconMinnesota Legislature

SF 2994

as introduced - 89th Legislature (2015 - 2016) Posted on 03/22/2016 09:14am

KEY: stricken = removed, old language.
underscored = added, new language.

Current Version - as introduced

Line numbers 1.1 1.2 1.3 1.4 1.5
1.6 1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 1.21 1.22 1.23 1.24 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.12 2.13
2.14

A bill for an act
relating to education; directing the commissioner of education to develop a
detailed plan to ensure the privacy and security of students' personally identifiable
information, including education and workforce data.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:

Section 1. new text begin DATA SECURITY PLAN.
new text end

new text begin Subdivision 1. new text end

new text begin Plan components. new text end

new text begin To protect education and related workforce
data on individual students maintained by public schools, school districts, and state
agencies, and consistent with Minnesota Statutes, chapter 13, and sections 116J.401,
120B.11, 120B.12, 120B.30, 120B.31, 120B.35, 120B.36, 124D.49, 124D.52, 124D.861,
125A.085, and 127A.70, subdivision 2, among other student data-related provisions, the
commissioner of education must develop, publish, and oversee a detailed data security
plan combining administrative, physical, and technical safeguards that includes:
new text end

new text begin (1) guidelines for:
new text end

new text begin (i) authorizing access to the Statewide Longitudinal Education Data System and
other data systems containing personally identifiable information on students;
new text end

new text begin (ii) authenticating authorized access to and the processing of personally identifiable
information on students; and
new text end

new text begin (iii) sanctions for employees, contractors, grantees, researchers, and vendors who
fail to comply with the guidelines;
new text end

new text begin (2) minimum privacy compliance standards based on reasonable and enforceable
security measures and practices, including background checks, training opportunities
and resources, physical and technical safeguards, and privacy and security agreements
for employees, contractors, grantees, researchers, and vendors with access to personally
identifiable information on students, among other privacy and security measures and
practices;
new text end

new text begin (3) regular privacy and security compliance audits of the Statewide Longitudinal
Education Data System and other data systems; and
new text end

new text begin (4) data retention, storage, disposal, and security policies and protocols that include:
new text end

new text begin (i) safeguards for protecting, managing, accessing, and destroying students'
personally identifiable data; and
new text end

new text begin (ii) plans, notices, and mitigation procedures for responding to data breaches, among
other such policies and protocols.
new text end

new text begin Subd. 2. new text end

new text begin Plan costs. new text end

new text begin The commissioner of education must develop the data security
plan under subdivision 1 using existing Department of Education resources.
new text end

new text begin Subd. 3. new text end

new text begin Plan implementation. new text end

new text begin The commissioner of education may not proceed to
implement the data security plan under this section until the plan is approved by law.
new text end

new text begin EFFECTIVE DATE. new text end

new text begin This section is effective the day following final enactment.
new text end