84R10493 MK-F
By: VanDeaver H.B. No. 2156
A BILL TO BE ENTITLED
AN ACT
relating to requirements for providers of certain technology
services in public schools.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Chapter 32, Education Code, is amended by adding
Subchapter G to read as follows:
SUBCHAPTER G. SCHOOL TECHNOLOGY SERVICE PROVIDERS
Sec. 32.301. DEFINITIONS. In this subchapter:
(1) "Parent" includes a person standing in parental
relation to a student.
(2) "School service" means an Internet website, mobile
application, or online service designed and marketed for use in
primary and secondary schools at the direction of teachers or other
school employees and designed to collect, maintain, or use student
personal information.
(3) "School service provider" means an entity that
operates a school service.
(4) "Student personal information" means information
that identifies a student or that is linked to information that
identifies a student.
Sec. 32.302. TRANSPARENCY OF STUDENT PERSONAL INFORMATION.
A school service provider must provide to students, parents,
schools, or teachers:
(1) clear information regarding the type of student
personal information collected by the school service provider and
the manner in which student personal information is used or shared
by the school service;
(2) notice of any change to the privacy policy of the
school service; and
(3) access to student personal information collected
by the school service provider and a method to correct any incorrect
student personal information.
Sec. 32.303. CONTROL OF STUDENT PERSONAL INFORMATION. (a)
A school service provider may collect, use, or share student
personal information only for purposes authorized by the school or
teacher using the school service, or with the consent of a student
using the school service or the student's parent.
(b) A school service provider may not:
(1) sell student personal information;
(2) use or share student personal information for the
purpose of behaviorally targeting advertisements to students; or
(3) use student personal information to create a
personal profile of a student other than for supporting purposes
authorized by the school or teacher, or with the consent of the
student or the student's parent.
(c) Before a school service provider uses student personal
information in a manner that is inconsistent with the privacy
policy of the school service in effect at the time the student
personal information is collected, the school service provider must
obtain consent from:
(1) the student or the student's parent, if the student
personal information is collected directly from the student; or
(2) the school or teacher using the school service, if
the student personal information is not collected directly from the
student.
Sec. 32.304. DUTY TO SAFEGUARD STUDENT PERSONAL
INFORMATION. (a) A school service provider must maintain a
comprehensive information security program to protect the
security, privacy, confidentiality, and integrity of student
personal information. The information security program must make
use of appropriate administrative, technological, and physical
safeguards.
(b) A school service provider may not knowingly retain
student personal information beyond the period that the school or
teacher has authorized the provider to retain the information,
unless the provider has received consent to retain the information
from the student or the student's parent.
SECTION 2. This Act takes effect September 1, 2015.