Privacy Compliance for Education Technology Vendors

1. **ONE-SENTENCE SUMMARY:** This bill requires education technology vendors in Utah to implement privacy protections for student data. 2. **KEY REQUIREMENTS:** - Establish and maintain data privacy policies that protect student information. - Provide clear terms of service that outline data use and sharing practices. - Implement security measures to safeguard student data from unauthorized access. - Allow parents and guardians to access and correct their child's data. - Report any data breaches to affected parties promptly. 3. **DEADLINES:** - Effective date: January 1, 2024. - Compliance deadline: All requirements must be met by the effective date. 4. **PENALTIES:** - Fines for non-compliance can range from $1,000 to $10,000 per violation. - Enforcement may include investigations by state authorities. 5. **SMB IMPACT:** Small businesses that provide educational technology services will need to invest in privacy policies and security measures to comply with the new law, which may require additional resources or changes to their operations. Compliance is essential to avoid significant fines and maintain trust with schools and parents.