(a) The Board shall have the following powers and duties:
(1) Develop an implementation plan to phase in the establishment and operation of the System.
(2) Provide general oversight and direction to the System.
(3) Approve the annual budget for the System.
(4) Before the use of any individual data in the System, the Board shall do the following:
a. Create an inventory of the individual student data proposed to be accessible in the System and required to be reported by State and federal education mandates.
b. Develop and implement policies to comply with FERPA and any other privacy measures, as required by law or the Board.
c. Develop a detailed data security and safeguarding plan that includes the following:
1. Authorized access and authentication for authorized access.
2. Privacy compliance standards.
3. Privacy and security audits.
4. Breach notification and procedures.
5. Data retention and disposition policies.
(5) Oversee routine and ongoing compliance with FERPA and other relevant privacy laws and policies.
(6) Ensure that any contracts that govern databases that are outsourced to private vendors include express provisions that safeguard privacy and security and include penalties for noncompliance.
(7) Designate a standard and compliance time line for electronic transcripts that includes the use of UID to ensure the uniform and efficient transfer of student data between local school administrative units and institutions of higher education.
(8) Review research requirements and set policies for the approval of data requests from State and local agencies, the General Assembly, and the public.
(9) Establish an advisory committee on data quality to advise the Board on issues related to data auditing and tracking to ensure data validity.
(b) The Board shall adopt rules according to Chapter 150B of the General Statutes as provided in G.S. 116E-6 to implement the provisions of this Article.
(c) The Board shall report quarterly to the Joint Legislative Education Oversight Committee, the Joint Legislative Commission on Governmental Operations, and the Joint Legislative Oversight Committee on Information Technology beginning September 30, 2013. The report shall include the following:
(1) An update on the implementation of the System's activities.
(2) Any proposed or planned expansion of System data.
(3) Any other recommendations made by the Board, including the most effective and efficient configuration for the System. (2012-133, s. 1(a); 2013-80, s. 5; 2013-410, s. 22.)
Sections: Previous 116E-1 116E-2 116E-3 116E-4 116E-5 116E-6 Next
Last modified: March 23, 2014