(1) A third-party contractor shall use personally identifiable student data received under a contract with an education entity strictly for the purpose of providing the contracted product or service within the negotiated contract terms.
(2) When contracting with a third-party contractor, an education entity shall require the following provisions in the contract: (a) requirements and restrictions related to the collection, use, storage, or sharing of student data by the third-party contractor that are necessary for the education entity to ensure compliance with the provisions of this part and state board rule; (b) a description of a person, or type of person, including an affiliate of the third-party contractor, with whom the third-party contractor may share student data; (c) provisions that, at the request of the education entity, govern the deletion of the student data received by the third-party contractor; (d) except as provided in Subsection (4) and if required by the education entity, provisions that prohibit the secondary use of personally identifiable student data by the third-party contractor; and (e) an agreement by the third-party contractor that, at the request of the education entity that is a party to the contract, the education entity or the education entity's designee may audit the third-party contractor to verify compliance with the contract.
(a) requirements and restrictions related to the collection, use, storage, or sharing of student data by the third-party contractor that are necessary for the education entity to ensure compliance with the provisions of this part and state board rule;
(b) a description of a person, or type of person, including an affiliate of the third-party contractor, with whom the third-party contractor may share student data;
(c) provisions that, at the request of the education entity, govern the deletion of the student data received by the third-party contractor;
(d) except as provided in Subsection (4) and if required by the education entity, provisions that prohibit the secondary use of personally identifiable student data by the third-party contractor; and
(e) an agreement by the third-party contractor that, at the request of the education entity that is a party to the contract, the education entity or the education entity's designee may audit the third-party contractor to verify compliance with the contract.
(3) As authorized by law or court order, a third-party contractor shall share student data as requested by law enforcement.
(4) A third-party contractor may: (a) use student data for adaptive learning or customized student learning purposes; (b) market an educational application or product to a parent of a student if the third-party contractor did not use student data, shared by or collected on behalf of an education entity, to market the educational application or product; (c) use a recommendation engine to recommend to a student: (i) content that relates to learning or employment, within the third-party contractor's application, if the recommendation is not motivated by payment or other consideration from another party; or (ii) services that relate to learning or employment, within the third-party contractor's application, if the recommendation is not motivated by payment or other consideration from another party; (d) respond to a student request for information or feedback, if the content of the response is not motivated by payment or other consideration from another party; (e) use student data to allow or improve operability and functionality of the third-party contractor's application; or (f) identify for a student nonprofit institutions of higher education or scholarship providers that are seeking students who meet specific criteria: (i) regardless of whether the identified nonprofit institutions of higher education or scholarship providers provide payment or other consideration to the third-party contractor; and (ii) only if the third-party contractor obtains authorization in writing from: (A) a student's parent through the student's school or LEA; or (B) for an adult student, the student.
(a) use student data for adaptive learning or customized student learning purposes;
(b) market an educational application or product to a parent of a student if the third-party contractor did not use student data, shared by or collected on behalf of an education entity, to market the educational application or product;
(c) use a recommendation engine to recommend to a student: (i) content that relates to learning or employment, within the third-party contractor's application, if the recommendation is not motivated by payment or other consideration from another party; or (ii) services that relate to learning or employment, within the third-party contractor's application, if the recommendation is not motivated by payment or other consideration from another party;
(i) content that relates to learning or employment, within the third-party contractor's application, if the recommendation is not motivated by payment or other consideration from another party; or
(ii) services that relate to learning or employment, within the third-party contractor's application, if the recommendation is not motivated by payment or other consideration from another party;
(d) respond to a student request for information or feedback, if the content of the response is not motivated by payment or other consideration from another party;
(e) use student data to allow or improve operability and functionality of the third-party contractor's application; or
(f) identify for a student nonprofit institutions of higher education or scholarship providers that are seeking students who meet specific criteria: (i) regardless of whether the identified nonprofit institutions of higher education or scholarship providers provide payment or other consideration to the third-party contractor; and (ii) only if the third-party contractor obtains authorization in writing from: (A) a student's parent through the student's school or LEA; or (B) for an adult student, the student.
(i) regardless of whether the identified nonprofit institutions of higher education or scholarship providers provide payment or other consideration to the third-party contractor; and
(ii) only if the third-party contractor obtains authorization in writing from: (A) a student's parent through the student's school or LEA; or (B) for an adult student, the student.
(A) a student's parent through the student's school or LEA; or
(B) for an adult student, the student.
(5) At the completion of a contract with an education entity, if the contract has not been renewed, a third-party contractor shall return or delete upon the education entity's request all personally identifiable student data under the control of the education entity unless a student or the student's parent consents to the maintenance of the personally identifiable student data.
(6) (a) A third-party contractor may not: (i) except as provided in Subsection (6)(b), sell student data; (ii) collect, use, or share student data, if the collection, use, or sharing of the student data is inconsistent with the third-party contractor's contract with the education entity; or (iii) use student data for targeted advertising. (b) A person may obtain student data through the purchase of, merger with, or otherwise acquiring a third-party contractor if the third-party contractor remains in compliance with this section.
(a) A third-party contractor may not: (i) except as provided in Subsection (6)(b), sell student data; (ii) collect, use, or share student data, if the collection, use, or sharing of the student data is inconsistent with the third-party contractor's contract with the education entity; or (iii) use student data for targeted advertising.
(i) except as provided in Subsection (6)(b), sell student data;
(ii) collect, use, or share student data, if the collection, use, or sharing of the student data is inconsistent with the third-party contractor's contract with the education entity; or
(iii) use student data for targeted advertising.
(b) A person may obtain student data through the purchase of, merger with, or otherwise acquiring a third-party contractor if the third-party contractor remains in compliance with this section.
(7) The provisions of this section do not: (a) apply to the use of a general audience application, including the access of a general audience application with login credentials created by a third-party contractor's application; (b) apply to the providing of Internet service; or (c) impose a duty on a provider of an interactive computer service, as defined in 47 U.S.C. Sec. 230, to review or enforce compliance with this section.
(a) apply to the use of a general audience application, including the access of a general audience application with login credentials created by a third-party contractor's application;
(b) apply to the providing of Internet service; or
(c) impose a duty on a provider of an interactive computer service, as defined in 47 U.S.C. Sec. 230, to review or enforce compliance with this section.
(8) A provision of this section that relates to a student's student data does not apply to a third-party contractor if the third-party contractor obtains authorization from the following individual, in writing, to waive that provision: (a) the student's parent, if the student is not an adult student; or (b) the student, if the student is an adult student.
(a) the student's parent, if the student is not an adult student; or
(b) the student, if the student is an adult student.
Copyright ©2024 LegalFix. All rights reserved. LegalFix is not a law firm, is not licensed to practice law, and does not provide legal advice, services, or representation. The information on this website is an overview of the legal insurance products you can purchase—or that may be provided by your employer as an employee benefit or by your credit union or other membership group as a membership benefit.
LegalFix provides its members with access to legal services through a network of provider law firms. LegalFix, its corporate entity, and its officers, directors, employees, agents, and contractors do not provide legal advice, services, or representation—directly or indirectly.
The articles and information on the site are not legal advice and should not be relied upon—they are for information purposes only. You should become a LegalFix member to get legal services from one of our provider law firms.
You should not disclose confidential or potentially incriminating information to LegalFix—you should only communicate such information to your provider law firm.
The benefits and legal services described in the LegalFix legal plans are not always available in all states or with all plans. See the legal plan Benefit Overview and the more comprehensive legal plan contract during checkout for coverage details in your state.
Use of this website, the purchase of legal insurance products, and access to the LegalFix network of provider law firms are subject to the LegalFix Terms of Service and Privacy Policy.
