(1)
- (a) An institution shall adopt policies to protect student data in accordance with this part and board rule, including the standards the board establishes under Subsection 53H-14-502(5).
- (b) The policies described in Subsection (1)(a) shall take into account the specific needs and priorities of the institution.
- (2) The board shall designate a higher education privacy officer.
(3) The higher education privacy officer shall:
- (a) verify compliance with student privacy laws, rules, and policies throughout the Utah System of Higher Education;
- (b) support institutions in developing data governance plans and student data privacy training; and
- (c) act as the primary point of contact for the state privacy auditor.
(4) An institution shall:
- (a) designate an individual to act as the primary contact for the higher education privacy officer;
(b) create and maintain an institution:
- (i) data governance plan that complies with the standards the board establishes under Subsection 53H-14-502(5); and
- (ii) record of student data privacy training; and
- (c) annually publish the institution's data governance plan on the institution's website.
Renumbered and Amended by Chapter 8, 2025 Special Session 1