Utah Admin. Code R765-1010-5 - Notification of Significant Data Breaches
(1)
(a) If
a significant data breach occurs either at an educational entity or a
third-party contractor using data disclosed by an educational entity, the
educational entity shall notify each student in writing whose personally
identifiable student data was disclosed.
(b) The notification shall include all
components of the model data breach notification prepared under Subsection
53B-28-502(4)(b)(iii).
An education entity may add additional content to the notification.
(c) The educational entity may communicate
the notification by any written means that the education entity routinely uses
for official communications with individual students.
(2) An education entity that provides notice
of a data breach to affected individuals as required under any other law is
deemed to have met the requirements of this rule with regard to the individuals
so notified.
(3) For notifications
regarding release, access, or disclosure of a record containing protected
health information as defined in 45 CFR Part 164, Standards for Privacy of
Individually Identifiable Health Information, the education entity shall comply
with that part.
(4) The Office of
the Commissioner of Higher Education may develop and communicate to each
institution guidelines for compliance with this rule.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.