ACT754

This law will go into effect on June 1, 2024. School districts and software vendors who use student personally identifiable information (PII) are required to adhere to the rules set forth in the law. The full law can be download and/or read by clicking here.

Brief overview of important elements of the law:

• Effective June 1, 2024

• School service contract providers (pg. 4, line 15)

  • Districts must maintain a list of contract providers that include or make available student PII

    • List updated at the beginning and midpoint of the year

    • List should be provided to parents upon request

  • Districts must maintain a copy of each contract

• School service contract providers must include clear information explaining:

  • Elements of student PII collected

  • Purpose for the collection of PII

  • How PII is used and shared

• School service contract providers

  • Contract providers must maintain a comprehensive information security program

  • Contracts must contain minimum data destruction standards as outlined in Act 754

• School service on-demand providers (pg. 5, line 20)

  • Districts must maintain a list of on-demand providers used by the district or an employee that includes student PII

    • List updated at the beginning and midpoint of the year

    • List should be provided to parents upon request

    • District must assist parents in obtaining the provider’s data privacy policy

• Additional language covering:

  • Allowable uses for PII (pg. 7, line 27)

  • Responding to a provider that doesn’t follow the requirements

  • Exceptions (pg. 10, line 34)