Section 7-2102 - Best practices for data privacy and security incident response planThe Department, in consultation with the Department of Information Technology and county boards, shall develop and update best practices for county boards to:
(1) Manage and maintain data privacy and security practices in the processing of student data and personally identifiable information across the county board's information technology and records management systems;(2) Develop and implement: (i) A data privacy and security incident response plan;(ii) A breach notification plan; and(iii) Procedures and requirements for allowing access to student data and personally identifiable information for a legitimate research purpose; and(3) Publish information annually on: (i) Types of student data and personally identifiable information processed by the county board, the protocols for processing student data, and the rationales for selecting processing protocols;(ii) Contracted services that involve sharing student data between a county board and a school service contract provider; and(iii) Procedures and rationales for vetting and selecting Internet sites, services, and applications.Added by 2018 Md. Laws, Ch. 381,Sec. 1, eff. 7/1/2018.