MN HF2762

Commissioner of Education must develop, publish, and oversee a detailed data security plan combining administrative, physical, and technical safeguards for student education and workforce data maintained by public schools, school districts, and state agencies.

Plan must include guidelines for authorizing and authenticating access to the Statewide Longitudinal Education Data System and other student data systems, plus sanctions for non-compliance by employees, contractors, grantees, researchers, and vendors.

Plan must establish minimum privacy compliance standards including background checks, training resources, physical and technical safeguards, and privacy agreements for those accessing student personally identifiable information.

Plan must include regular privacy and security compliance audits of data systems and comprehensive data retention, storage, disposal, and security policies with procedures for responding to data breaches.

Commissioner must develop the plan using existing Department of Education resources and may not implement the plan until it is approved by law; effective the day following final enactment.