Section 53E-9-304 - Student data ownership and access - Notification in case of significant data breach(1)(a) A student owns the student's personally identifiable student data.(b) An education entity shall allow the following individuals to access a student's student data that is maintained by the education entity: (i) the student's parent;(iii) in accordance with the education entity's internal policy described in Section 53E-9-303 and in the absence of a parent, an individual acting as a parent to the student.(2)(a) If a significant data breach occurs at an education entity, the education entity shall notify: (i) the student, if the student is an adult student; or(ii) the student's parent, if the student is not an adult student.(b) In accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act, the state board shall make rules to define a significant data breach described in Subsection (2)(a).Amended by Chapter 408, 2020 General Session ,§ 29, eff. 5/12/2020.Amended by Chapter 186, 2019 General Session ,§ 141, eff. 5/14/2019.Amended by Chapter 304, 2018 General Session ,§ 3, eff. 5/8/2018.Renumbered from § 53A-1-1405 by Chapter 1, 2018 General Session ,§ 222, eff. 1/24/2018.Added by Chapter 221, 2016 General Session ,§ 7, eff. 5/10/2016.