ID S1033

State Board of Education may adopt rules to implement a student information management system and educational data system, with all longitudinal educational data housed and maintained in the educational data system.

Clarifies that student data reported in aggregate form that cannot be tied to an individual student is not personally identifiable data, even if multiple aggregate requests could be combined to identify a student.

Prohibits collection of certain sensitive student data including juvenile delinquency records, medical and health records, social security numbers, biometric information, gun ownership records, sexual orientation, religious affiliation, and affective computing data from statewide assessments.

Requires State Board of Education and Department of Education to develop data security plans including access guidelines, administrative safeguards, encryption provisions, privacy compliance standards, and breach notification procedures.

Establishes civil penalties up to $50,000 per violation for unauthorized release of student data and requires districts and charter schools to adopt and implement a state model policy for data collection, access, security and use.