destruction, use, modification or disclosure.
(3) Deletion of student data if the educational entity
requests deletion of student data that is under the control
of the educational entity.
(4) Assurance that any contract the provider enters with
any subcontractor will contain the same binding provisions
that the provider is subject to and the same protections and
prohibited uses of student data for the subcontractor.
(b.1) Damages.--The use of student data contrary to the
provisions of this subarticle shall subject the provider to all
remedies and damages available to the student or the student's
parent or legal guardian and the educational entity. The payment
of damages for actual costs incurred by the educational entity
for any and all occurrences of a violation or a compromise of
student information, records or content, shall be the
responsibility of the provider if damages were caused by the
provider's failure to protect student data.
(c) Duties to be included.--A contract for goods or services
with a provider shall contain, at a minimum, the duties and
requirements under section 1326-C.
(d) Use of model contract.--An educational entity, in its
sole discretion, may base its contract on the model contract
developed by the department or may develop an original contract
to meet the requirements of this subarticle.
(e) Limitation.--Except when applicable in Federal or State
law, or clearly expressed in this subarticle, the selling or
disclosing of student data prohibition does not apply to a
merger or acquisition of a provider by another provider when the
acquiring or successor provider continues to be subject to this
subarticle and the prohibition of acts, uses or disclosures of
20240SB0342PN1315 - 18 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30