Cybersecurity and Student Data Privacy Legislation in Texas

Texas SB 820 is a student data and cybersecurity law that was enacted in 2019. As the state of Texas has a very robust legal framework as it pertains to personal data protection, SB 820 protects the personal information of K-12 students within the state as it concerns the adverse effects of being involved in a data breach. With this being said, the law establishes the steps and measures that educators within the state are charged with taking as it relates to safeguarding the personal data of students, ranging from risk assessments to mitigating measures and planning.

How is the term cyberattack defined under the law?

Under Texas SB 820, a cyberattack is defined as “an attempt to damage, disrupt, or gain unauthorized access to a computer, computer network, or computer system.” On the other end of the spectrum, the law defines cybersecurity as “the measures taken to protect a computer, computer network, or computer system against unauthorized use or access.” To this point, the law sets forth the cybersecurity responsibilities that educators are required to adhere to when using, accessing, or disclosing personal information pertaining to K-12 students.

What are the cybersecurity duties of educators under the law?

The cybersecurity and data protection responsibilities that educators have under the provisions of Texas SB 820 include the following:

• School districts within Texas are required to develop, implement, and maintain a cybersecurity infrastructure that can be used to protect students from the unauthorized access, use, or dissemination of their personal information.
• This cybersecurity infrastructure must be consistent with the information security standards that were established by the Texas Department of Information Resources under Chapters 2054 and 2059, Government Code.
• The superintendent of each school district is responsible for appointing a cybersecurity coordinator that can act as a liaison between the school and the parents and guardians of their respective students.
• This cybersecurity coordinator is responsible for creating a strategy that educators can use to secure the personal data of their students. Moreover, the cybersecurity coordinator is also responsible for reporting any cyberattacks, attempted cyberattacks, or other related security breaches to all appropriate and applicable parties as soon as possible after the discovery of such an incident.
• The cybersecurity coordinator is responsible for utilizing both risk assessments and mitigation strategies when looking to secure student data.

Cybersecurity and redaction

In terms of maintaining compliance with the law, one way in which educators and cybersecurity coordinators within the state of Texas can protect the personal information of their students from cyberattacks is through the use of redaction software. Automatic redaction software can be used to render various forms of personal data, such as social security numbers, transcript data, or contact information, inaccessible, ensuring that said data cannot be used for nefarious purposes. What’s more, as these programs are intuitive and easy to use, all members of a particular school district can have the power to protect the very students that they serve on a daily basis.

As 2021 saw the highest number of data breaches that had ever been reported in U.S. history, additional steps and measures must be taken to safeguard the personal data of the American populace. As it relates to the personal data of students that attend K-12 educational institutions across the state of Texas, the provisions of Texas SB 820 ensure that educators take the necessary precautions needed to both prevent and mitigate the consequences of being involved in a data breach. More importantly, however, the law also gives parents within Texas the opportunity to be notified of any breach of the personal information of their children.