An Act To Enact the Student Information Privacy Act
Sec. 1. 20-A MRSA c. 13 is enacted to read:
THE STUDENT INFORMATION PRIVACY ACT
§ 951. Short title
This chapter may be known and cited as "the Student Information Privacy Act."
§ 952. Definitions
As used in this chapter, unless the context otherwise indicates, the following terms have the following meanings.
(1) The student's first and last names;
(2) The names of the student's parent and other family members;
(3) The physical address, e-mail address, phone number and any other information that allows contact with the student or the student's family;
(4) A student's personal identifier, such as the state-assigned student identifier, when used for identification purposes;
(5) Other indirect identifiers, such as the student's date of birth, place of birth and mother's maiden name;
(6) Results of assessments administered by the State, school administrative unit, school or teacher, including participation information;
(7) Course transcript information, including, but not limited to, courses taken and completed, course grades and grade point average, credits earned and degree, diploma, credential attainment or other school exit information;
(8) Attendance and mobility information between and within school administrative units within the State;
(9) The student's gender, race and ethnicity;
(10) Educational program participation information required by state or federal law;
(11) The student's disability status;
(12) The student's socioeconomic information;
(13) The student's food purchases; and
(14) The student's e-mails, text messages, documents, search activity, photos, voice recordings and geolocation information; and
(1) Is created by a student or the student's parent or provided to an employee or agent of the school, school administrative unit, the department or an operator in the course of the student's or parent's use of the operator's website, service or application for kindergarten to grade 12 school purposes;
(2) Is created or provided by an employee or agent of the school or school administrative unit, including information provided to an operator in the course of the employee's or agent's use of the operator's website, service or application for kindergarten to grade 12 school purposes; or
(3) Is gathered by an operator through the operation of an operator's website, service or application for kindergarten to grade 12 school purposes.
§ 953. Restrictions on operator's use of student data
(1) To advance the kindergarten to grade 12 school purposes of the website, service or application, as long as the recipient of the student data disclosed:
(a) May not further disclose the student data except to allow or improve operability and functionality of the website, service or application within that student's classroom or school; and
(b) Is legally required to comply with the requirements of this chapter;
(2) To ensure legal or regulatory compliance or protect against liability;
(3) To respond to or participate in judicial process;
(4) To protect the security or integrity of the operator's website, service or application;
(5) To protect the safety of users or others; or
(6) To a service provider, as long as the operator contractually:
(a) Prohibits the service provider from using any student data for any purpose other than providing the contracted service to, or on behalf of, the operator;
(b) Requires the service provider to impose the restrictions of this subsection on its own service providers; and
(c) Requires the service provider to implement and maintain reasonable security procedures and practices as provided in subsection 2.
(1) If another provision of federal or state law requires the operator to disclose the student data and the operator complies with applicable requirements of federal and state law in protecting and disclosing that information;
(2) For legitimate research purposes:
(a) As required by state or federal law and subject to the restrictions under applicable state and federal law; or
(b) As allowed by state or federal law and under the direction of a school, school administrative unit or the department; or
(3) To a state agency, school administrative unit or school for kindergarten to grade 12 purposes, as permitted by state or federal law.
(1) For maintaining, delivering, developing, supporting, evaluating, improving or diagnosing the operator's website, service or application;
(2) Within other websites, services or applications owned by the operator and intended for school or student use, to evaluate and improve educational products or services intended for school or student use;
(3) For adaptive learning or customized student learning purposes;
(4) For recommendation engines to recommend additional content or services for educational, other learning or job opportunities to students within the operator's website, service or application without the response being determined in whole or in part by payment or other consideration from a 3rd party; or
(5) To ensure legal or regulatory compliance or to retain student data for these purposes.
(1) For the development and improvement of the operator's website, service or application or other educational websites, services or applications; or
(2) To demonstrate or market the effectiveness of the operator's products or services.
Sec. 2. Transition. Pursuant to the Maine Revised Statutes, Title 20-A, chapter 13, an operator who enters into a signed, written contract with a school, teacher or local educational agency prior to the effective date of this Act must meet the requirements of this Act by the beginning of the 2016-17 school year.