Bill Text: TX HB3000 | 2019-2020 | 86th Legislature | Engrossed


Bill Title: Relating to student data security in public schools.

Spectrum: Slight Partisan Bill (Republican 2-1)

Status: (Engrossed) 2019-05-10 - Referred to Education [HB3000 Detail]

Download: Texas-2019-HB3000-Engrossed.html
  86R21041 MP-D
 
  By: Talarico, Capriglione, Dean H.B. No. 3000
 
 
 
A BILL TO BE ENTITLED
 
AN ACT
  relating to student data security in public schools.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  Chapter 32, Education Code, is amended by adding
  Subchapter E to read as follows:
  SUBCHAPTER E.  STUDENT DATA SECURITY
         Sec. 32.201.  DEFINITION. In this subchapter, "data breach"
  means an incident in which student information that is sensitive,
  protected, or confidential, as provided by state or federal law, is
  stolen or is copied, transmitted, viewed, or used by a person
  unauthorized to engage in that action.
         Sec. 32.202.  REPORTING OF STUDENT DATA BREACH. (a)  A
  school district shall provide written notice to a parent of or
  person standing in parental relation to a student enrolled in the
  district of a school district data breach involving the student's
  information not later than the 30th day after the date on which the
  district becomes aware of the data breach.  The notice must include:
               (1)  a description of the type of information that was
  the subject of the data breach; and
               (2)  a general description of any action taken or
  planned to be taken by the district to:
                     (A)  reduce damage as a result of the data breach;
  or
                     (B)  prevent another data breach, including
  adopting a student privacy pledge.
         (b)  A school district shall submit to the agency a report on
  a school district data breach not later than the 60th day after the
  date the district becomes aware of the data breach.  The report must
  include:
               (1)  detailed information regarding the nature of the
  data breach;
               (2)  the number of students affected by the data
  breach;
               (3)  a description of the type of information that was
  the subject of the data breach; and
               (4)  a detailed description of any action taken or
  planned to be taken by the district to:
                     (A)  reduce damage as a result of the data breach;
  or
                     (B)  prevent another data breach, including
  adopting a student privacy pledge.
         (c)  Information reported under Subsection (b)(1) or (4) is
  confidential and not subject to disclosure under Chapter 552,
  Government Code.
         Sec. 32.203.  STUDENT DATA BREACH DATABASE. (a)  The agency
  shall establish and maintain an electronically searchable database
  that contains information regarding each school district data
  breach reported under Section 32.202(b).
         (b)  The database must contain the following publicly
  accessible information for each school district data breach:
               (1)  the school district at which the data breach
  occurred; and
               (2)  the number of students affected by the data
  breach.
         (c)  The database must also contain for each school district
  data breach the information reported under Sections 32.202(b)(1)
  and (4).  The agency shall ensure that only a school administrator
  may access information contained in the database under this
  subsection.
         Sec. 32.204.  RULES. The commissioner may adopt rules as
  necessary to implement this subchapter.
         SECTION 2.  Section 12.104(b), Education Code, as amended by
  Chapters 324 (S.B. 1488), 522 (S.B. 179), and 735 (S.B. 1153), Acts
  of the 85th Legislature, Regular Session, 2017, is reenacted and
  amended to read as follows:
         (b)  An open-enrollment charter school is subject to:
               (1)  a provision of this title establishing a criminal
  offense; and
               (2)  a prohibition, restriction, or requirement, as
  applicable, imposed by this title or a rule adopted under this
  title, relating to:
                     (A)  the Public Education Information Management
  System (PEIMS) to the extent necessary to monitor compliance with
  this subchapter as determined by the commissioner;
                     (B)  criminal history records under Subchapter C,
  Chapter 22;
                     (C)  reading instruments and accelerated reading
  instruction programs under Section 28.006;
                     (D)  accelerated instruction under Section
  28.0211;
                     (E)  high school graduation requirements under
  Section 28.025;
                     (F)  special education programs under Subchapter
  A, Chapter 29;
                     (G)  bilingual education under Subchapter B,
  Chapter 29;
                     (H)  prekindergarten programs under Subchapter E
  or E-1, Chapter 29;
                     (I)  extracurricular activities under Section
  33.081;
                     (J)  discipline management practices or behavior
  management techniques under Section 37.0021;
                     (K)  health and safety under Chapter 38;
                     (L)  public school accountability under
  Subchapters B, C, D, F, G, and J, Chapter 39, and Chapter 39A;
                     (M)  the requirement under Section 21.006 to
  report an educator's misconduct;
                     (N)  intensive programs of instruction under
  Section 28.0213;
                     (O)  the right of a school employee to report a
  crime, as provided by Section 37.148; [and]
                     (P)  bullying prevention policies and procedures
  under Section 37.0832;
                     (Q)  the right of a school under Section 37.0052
  to place a student who has engaged in certain bullying behavior in a
  disciplinary alternative education program or to expel the student;
  [and]
                     (R)  the right under Section 37.0151 to report to
  local law enforcement certain conduct constituting assault or
  harassment;
                     (S) [(P)]  a parent's right to information
  regarding the provision of assistance for learning difficulties to
  the parent's child as provided by Sections 26.004(b)(11) and
  26.0081(c) and (d); and
                     (T)  student data security under Subchapter E,
  Chapter 32.
         SECTION 3.  To the extent of any conflict, this Act prevails
  over another Act of the 86th Legislature, Regular Session, 2019,
  relating to nonsubstantive additions to and corrections in enacted
  codes.
         SECTION 4.  This Act takes effect immediately if it receives
  a vote of two-thirds of all the members elected to each house, as
  provided by Section 39, Article III, Texas Constitution. If this
  Act does not receive the vote necessary for immediate effect, this
  Act takes effect September 1, 2019.
feedback