|
|
|
A BILL TO BE ENTITLED
|
|
AN ACT
|
|
relating to requirements for providers of certain technology |
|
services in public schools. |
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
SECTION 1. Chapter 32, Education Code, is amended by adding |
|
Subchapter G to read as follows: |
|
SUBCHAPTER G. SCHOOL TECHNOLOGY SERVICE PROVIDERS |
|
Sec. 32.301. DEFINITIONS. In this subchapter: |
|
(1) "Parent" includes a person standing in parental |
|
relation to a student. |
|
(2) "School service" means an Internet website, mobile |
|
application, or online service designed and marketed for use in |
|
primary and secondary schools at the direction of teachers or other |
|
school employees and designed to collect, maintain, or use student |
|
personal information. |
|
(3) "School service provider" means an entity that |
|
operates a school service. |
|
(4) "Student personal information" means information |
|
that identifies a student or that is linked to information that |
|
identifies a student. |
|
Sec. 32.302. TRANSPARENCY OF STUDENT PERSONAL INFORMATION. |
|
A school service provider must provide to students, parents, |
|
schools, or teachers: |
|
(1) clear information regarding the type of student |
|
personal information collected by the school service provider and |
|
the manner in which student personal information is used or shared |
|
by the school service; |
|
(2) notice of any change to the privacy policy of the |
|
school service; and |
|
(3) access to student personal information collected |
|
by the school service provider and a method to correct any incorrect |
|
student personal information. |
|
Sec. 32.303. CONTROL OF STUDENT PERSONAL INFORMATION. (a) |
|
A school service provider may collect, use, or share student |
|
personal information only for purposes authorized by the school or |
|
teacher using the school service, or with the consent of a student |
|
using the school service or the student's parent. |
|
(b) A school service provider may not: |
|
(1) sell student personal information; |
|
(2) use or share student personal information for the |
|
purpose of behaviorally targeting advertisements to students; or |
|
(3) use student personal information to create a |
|
personal profile of a student other than for supporting purposes |
|
authorized by the school or teacher, or with the consent of the |
|
student or the student's parent. |
|
(c) Before a school service provider uses student personal |
|
information in a manner that is inconsistent with the privacy |
|
policy of the school service in effect at the time the student |
|
personal information is collected, the school service provider must |
|
obtain consent from: |
|
(1) the student or the student's parent, if the student |
|
personal information is collected directly from the student; or |
|
(2) the school or teacher using the school service, if |
|
the student personal information is not collected directly from the |
|
student. |
|
Sec. 32.304. DUTY TO SAFEGUARD STUDENT PERSONAL |
|
INFORMATION. (a) A school service provider must maintain a |
|
comprehensive information security program to protect the |
|
security, privacy, confidentiality, and integrity of student |
|
personal information. The information security program must make |
|
use of appropriate administrative, technological, and physical |
|
safeguards. |
|
(b) A school service provider may not knowingly retain |
|
student personal information beyond the period that the school or |
|
teacher has authorized the provider to retain the information, |
|
unless the provider has received consent to retain the information |
|
from the student or the student's parent. |
|
SECTION 2. This Act takes effect September 1, 2015. |