TKK:jld
2017 - 2018 LEGISLATURE
February 17, 2017 - Introduced by
Joint Legislative Council. Referred to
Committee on Education.
AB72,1,2
1An Act to create 115.285 of the statutes;
relating to: responsibilities of state
2superintendent related to privacy and security of pupil data.
Analysis by the Legislative Reference Bureau
This bill is explained in the Notes provided by the Joint Legislative Council in
the bill.
The people of the state of Wisconsin, represented in senate and assembly, do
enact as follows:
Joint Legislative Council Prefatory note: This bill was prepared for the Joint
Legislative Council Study Committee on School Data. The bill establishes duties of the
State Superintendent regarding privacy and security of pupil data. The bill requires the
Superintendent to provide guidance and training to school districts and schools in
implementing and administering a data privacy and security plan and in complying with
state and federal laws governing privacy and security of pupil data, including parental
complaint procedures and other provisions of the federal Family Educational Rights and
Privacy Act and the Wisconsin Pupil Records Law. The bill also requires the
Superintendent to take certain steps to engage with members of the public and
governmental officials regarding data privacy and security issues.
AB72,1
3Section
1. 115.285 of the statutes is created to read:
AB72,1,4
4115.285 Privacy of pupil data. (1) Definition. In this section:
AB72,2,2
1(a) “Parental choice program” means either or both of the programs under ss.
2118.60 and 119.23.
AB72,2,33
(b) “Pupil data” means all of the following:
AB72,2,441. Information contained in education records, as defined in
34 CFR 99.3.
AB72,2,55
2. Information contained in pupil records, as defined in s. 118.125 (1) (d).
AB72,2,13
6(2) Compliance with laws governing privacy of pupil data. The state
7superintendent shall provide guidance and training to school districts and charter
8schools in complying with state and federal privacy or security laws, including
9parental complaint procedures and other provisions of the federal Family
10Educational Rights and Privacy Act,
20 USC 1232g, and s. 118.125. To the extent
11private schools participating in a parental choice program are required to comply
12with these state and federal privacy and security laws, the state superintendent
13shall provide the same guidance and training to these private schools.
AB72,2,15
14(3) Data privacy and security plan. (a) The state superintendent shall work
15in collaboration with the department of administration to develop all of the following:
AB72,2,1816
1. A data privacy and security plan for the protection of pupil data collected by
17the department. The state superintendent shall administer the plan prepared under
18this subdivision.
AB72,2,2319
2. A model data privacy and security plan for the protection of pupil data
20collected or maintained by a school, school district, charter school, or private school
21participating in a parental choice program. The state superintendent shall provide
22guidance on the implementation and administration of a data privacy and security
23plan to the extent that the department has expertise.
AB72,3,2
1(b) The state superintendent shall include all of the following in each plan
2required under this subsection:
AB72,3,63
1. Guidelines for access to pupil data and to the student information system
4under s. 115.383 and the longitudinal data system of student information under s.
5115.297, including guidelines for authentication of individuals authorized to access
6pupil data and these pupil data systems.
AB72,3,77
2. Procedures for data privacy and security audits.
AB72,3,108
3. Procedures to ensure that incidents involving the unauthorized disclosure
9of pupil data are reported to relevant stakeholders, investigated, and mitigated, as
10appropriate.
AB72,3,1211
4. Data security training protocols and policies, including technical, physical,
12and administrative safeguards against unauthorized access or disclosure.
AB72,3,1313
5. Data retention and disposition policies.
AB72,3,1514
6. A process for evaluating and updating the data privacy and security plan on
15at least an annual basis.
AB72,3,21
16(4) Stakeholder engagement. The state superintendent shall engage with
17members of the public and governmental officials regarding the quality, usefulness,
18openness, privacy, and security of pupil data. In collaboration with cooperative
19educational service agencies and other relevant stakeholders, the state
20superintendent shall develop and promote best practices regarding the quality,
21usefulness, openness, privacy, and security of pupil data.
