About Us | Contact Us
View Cart

From Arizona to Wyoming: An Inventory of State Laws

By Vigilize | Monday, February 17, 2020 - 2 Comments

What do you need to be compliant in your state?


An article review.


ServIcons_ITAudit_01

One subprocess to incident response many of our banking Clients are currently wrestling with is how to address customers living in “other states.” If we’re on the border between Indiana and Ohio, we already know the laws of these two states and have incorporated these laws into our incident response plans (and fortunately both states exempt banks from compliance.) But what if we have one customer who resides in Florida? Alaska? Rhode Island?

We have found an inventory of state laws that seems to be rather current. It is actually a subset of a larger guidance document about FERPA, something our school Clients are concerned with, so we have excerpted just the inventory for our bank Clients:

Arizona: SB1450, HB2088, SB1314 – Requires consent from students before providing information to military recruiters, and prohibits targeted advertising based on student data.
Arkansas: HB1241, HB1961 – Prohibits massing public school student profiles for certain purposes, or selling covered information.
California: SB1177, SB244 – Prohibits the collection of personally identifiable information for advertising purposes, and specifies requirements for disclosing data breaches.
Colorado: HB1294, HB1423 – Requires the state to create a data security plan, prohibits the collection of health records and biometric information.
Connecticut: HB5469, HB7207, HB5170, HB5444 – Prohibits school employees for taking custody of a student’s mobile electronic device to access data, requires breach notification procedures.
Delaware: SB79, SB208 – Requires service providers to implement security procedures, and limits disclosure of student records.
Florida: SB188, HB501, HB731 – Prohibits storing personally identifiable information for home schooled students, prohibits including social security numbers or other personal information in school databases.
Georgia: SB89 – Prohibits service providers from using data for commercial purposes.
Hawaii: SB2607 – Limits the way providers who work with the Department of Education can store and use student data.
Idaho: SB1372 – Requires the state to develop a data security policy, and limits the disclosure of student records.
Indiana: 
HB 1003 – Requires compliance with FERPA and implements a data security plan including breach, retention and disposition procedures.
Illinois: SB 887, SB 1796 – Prohibits providing personally identifiable information on individual students, except in specific cases as specified by FERPA.
Iowa: HF2354 – Prohibits targeted advertising of students, and the sale of personal information.
Kansas: SB367, HB2008, HB2209 – Requires the state to purchase cybersecurity insurance, prohibits targeted advertising and the disclosure of personal information to third parties. 
Kentucky:
HB 232 – Requires notification of any breach of personally identifiable information, limits data storage in the cloud and prohibits use of student data for advertising or other commercial purposes.
Louisiana: HB340 – Prohibits schools from requesting login information from students for social media and other sites.
Maine: LD678, LD1616 – Regulates the use of social security numbers and other personal information, requires disclosure of breaches.
Maryland: SB1165, HB568 – Requires the Board of Education to create best practices regarding the use of student data.
Michigan: S33, SB510 – Prohibits the use of targeted advertising at students, prohibits the sale of information from the permanent records of students.
Missouri: HB1490 – Mandates the state create rules on data accessibility and accountability, and requires compliance with FERPA.
Montana: HB745 – Places restrictions on how student data can be used and disclosed, by school districts and third parties.
Nebraska: LB262, LB512 – Regulates access to student records and mandates the destruction of discipline data after graduation.
Nevada: SB463, AB221 – Regulates targeted advertising to students, and the release of student records and other personal information.
New Hampshire: HB1587, HB206 – Regulates release of student data to testing agencies and other third parties, requires the disclosure of breaches.
New York: SB6356 – Regulates the storage and disclosure of personally identifiable information, and establishes a parents’ bill of rights regarding student records.
North Carolina: SB815, HB1030 – Establishes penalties for education institutions that misuse personal data, and requires compliance with FERPA.
North Dakota: SB2295 – Requires data inventories and regulations on what data is collected and how it can be accessed.
Ohio:
 HB 487 – Requires annual reporting of breach related incidents, safeguards for confidentiality and allows for sanctions against districts which fail to protect personally identifiable information.
Oregon: HB2655, SB187 – Requires rules to be developed regarding when records can be transferred by a school, prohibits the use of student data for commercial or other secondary purposes.
Rhode Island: HB7124 – Prohibits schools from requiring students to provide login data for social media and other sites, requires compliance with FERPA.
South Dakota: SB63 – Mandates the creation of a uniform system to report on the use of educational data, prohibits the collection of lifestyle data on students.
Tennessee: SB1835, HB4046 – Regulates the use of data collected for standardized testing, regulates the disclosure of personally identifiable information and prohibits targeted advertising.
Texas: HB4046, HB2087 – Restricts the use of student records, and requires school districts to create a cybersecurity infrastructure. Requires compliance with FERPA.
Utah: HB163, SB204 – Requires notification in the event of a breach of personally identifiable information, requires schools to establish cybersecurity and data security policies.
Washington: SB5419 – Requires service providers to have clear privacy policies and requires notification of policy changes.
West Virginia: HB4316, HB4261 – Prohibits the transfer or sale of student records to a third party, requires compliance with FERPA and mandates the creation of a cybersecurity policy.
Wyoming: HB0008, HB0009 – Establishes an expectation of privacy act for student records, limits the transfer or disclosure of student data.

 


Original article by FERPA Sherpa, a project of the Future of Privacy Forum.


same_strip_012513


 

2 Responses to “From Arizona to Wyoming: An Inventory of State Laws”

Comment from Roger Chalkley
Time 02/18/2020 at 3:11 pm

Please find a listing for your financial bank customers! This list would be fantastic!

Comment from Roger Chalkley
Time 02/21/2020 at 1:54 pm

I would be afraid to use this listing from states that only talks about student privacy. Are you saying what schools need to do is identical to financial banks?

Latest News
    Reasons why we should be considered! infotex provides a number of services that can be checked out if you click over to offerings.infotex.com! We even made a movie with all the reasons why infotex should be your next MSOC!  
    infotex and GoTo To all infotex managed security service Clients: As recently reported by major news outlets there was a data breach affecting GoTo (formerly LogMeIn) wherein attackers stole encrypted backups containing customer information in November 2022.  Based on the advisory from GoTo the products they offer that are affected include LogMeIn Pro, LogMeIn Central, […]
    An option for increasing security for ALL organizations. . . The threat landscape is evolving daily, and it is becoming increasingly difficult for even large organizations providing cyber defense services to keep up. As Brandao (2021) notes, it is important for organizations to adapt holistic technologies that can correlate all attack events. Therefore, developing XDR […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape) You are welcome to print out and distribute this around your […]
    A relic of the internet’s less secure past, many small firms struggle to secure their email systems… An article review. With a great deal of cybersecurity related news focused on new threats and similarly new techniques aimed at combating them, it can be easy to forget some of the older threats that have never gone […]
    Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcome to the Magnificent Seven, my annual predictive article about the seven trends in technology that will impact the Information Security Officers of […]
    System Security and Cybersecurity are not the same thing. . . Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Regarding “information security,” the last thirty years have seen an evolution of frameworks, laws, and assessment approaches which intimidate the management team with their complexity.  […]
    The cryptographic algorithm is vulnerable to attack and is no longer considered secure… An article review. NIST has announced that it plans to retire the SHA-1 cryptographic algorithm by the end of 2030, citing multiple vulnerabilities in the standard, effectively ending its use after nearly 30 years.  Introduced in 1995, SHA-1 used a 160-bit hash […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape) You are welcome to print out and distribute this around your […]
    Trending: Awareness Posters Meet Infographics Here are the top seven posters as of the last twelve months! As always, our Awareness Posters were a hit in 2022! So we decided to run some reports to see what our most popular posters were since November 2021. As everybody loves top ten lists and contests, we thought […]