R277-487-2 - Definitions

R277-487-2. Definitions

(1) "Classroom-level assessment data" means student scores on state-required tests, aggregated in groups of more than 10 students at the classroom level or, if appropriate, at the course level, without individual student identifiers of any kind.

(2) "Comprehensive Administration of Credentials for Teachers in Utah Schools" or "CACTUS" means the electronic file maintained and owned by the Board on all licensed Utah educators, which includes information such as:

(a) personal directory information;

(b) educational background;

(c) endorsements;

(d) employment history; and

(e) a record of disciplinary action taken against the educator.

(3) "Confidentiality" refers to an obligation not to disclose or transmit information to unauthorized parties.

(4) "Cyber security framework" means:

(a) the cyber security framework developed by the Center for Internet Security found at http://www.cisecurity.org/controls/; or

(b) a IT security framework that is comparable to the cyber security framework described in Subsection (6)(a).

(5) "Data governance plan" has the same meaning as defined in Subsection 53E-9-301(6).

(6) "Destroy" means to remove data or a record:

(a) in accordance with current industry best practices; and

(b) rendering the data or record irretrievable in the normal course of business of an LEA or a third-party contractor.

(7) "Disclosure" includes permitting access to, revealing, releasing, transferring, disseminating, or otherwise communicating all or any part of any individual record orally, in writing, electronically, or by any other communication method.

(8) "Expunge" means to seal a record so as to limit its availability to all except authorized individuals.

(9) "Enrollment verification data" includes:

(a) a student's birth certificate or other verification of age;

(b) verification of immunization or exemption from immunization form;

(c) proof of Utah public school residency;

(d) family income verification; or

(e) special education program information, including:

(i) an individualized education program;

(ii) a Section 504 accommodation plan; or

(iii) an English language learner plan.

(10) "FERPA" means the Family Educational Rights and Privacy Act of 1974, 20 U.S.C. 1232g, and its implementing regulations found at 34 C.F.R., Part 99.

(11) "LEA" includes, for purposes of this rule, the Utah Schools for the Deaf and the Blind.

(12) "Metadata dictionary" means any tool, document, or display that meets the requirements of Subsection 53E-9-301(11).

(13) "Personally identifiable student data" has the same meaning as defined in Subsection 53E-9-301(14) and 34 CFR 99.3.

(14) "Significant data breach" means a data breach where:

(a) an intentional data breach successfully compromises student records;

(b) a large number of student records are compromised;

(c) sensitive records are compromised, regardless of number; or

(d) a data breach an LEA deems to be significant based on the surrounding circumstances.

(15) "Student performance data" means data relating to student performance, including:

(a) data on state, local and national assessments;

(b) course-taking and completion;

(c) grade-point average;

(d) remediation;

(e) retention;

(f) degree, diploma, or credential attainment; and

(g) enrollment and demographic data.

(16) "Third party contractor" has the same meaning as defined in Subsection 53E-9-301(23).

(Amended by Utah State Bulletin Number 2015-3, effective 1/7/2015 Amended by Utah State Bulletin Number 2015-15, effective 7/8/2015 Amended by Utah State Bulletin Number 2017-15, effective 7/10/2017 Amended by Utah State Bulletin Number 2019-1, effective 12/10/2018 Amended by Utah State Bulletin Number 2019-7, effective 3/13/2019 Amended by Utah State Bulletin Number 2019-23, effective 11/8/2019)