§ 116E‑4.  Powers and duties of the Center.

(a) The Center shall have the following powers and duties with respect to the System:

(1) Develop an implementation plan to phase in the establishment and operation of the System.

(2) Provide general oversight and direction to the System.

(3) Approve the annual budget for the System.

(4) Before the use of any individual data in the System, the Center shall do the following:

a. Create an inventory of the individual student data proposed to be accessible in the System and required to be reported by State and federal education mandates.

b. Develop and implement policies to comply with FERPA and any other privacy measures, as required by law or the Center.

c. Develop a detailed data security and safeguarding plan that includes the following:

1. Authorized access and authentication for authorized access.

2. Privacy compliance standards.

3. Privacy and security audits.

4. Breach notification and procedures.

5. Data retention and disposition policies.

(5) Oversee routine and ongoing compliance with FERPA and other relevant privacy laws and policies.

(6) Ensure that any contracts that govern databases that are outsourced to private vendors include express provisions that safeguard privacy and security and include penalties for noncompliance.

(7) Designate a standard and compliance time line for electronic transcripts that includes the use of UID to ensure the uniform and efficient transfer of student data between local school administrative units and institutions of higher education.

(8) Review research requirements and set policies for the approval of data requests from State and local agencies, the General Assembly, and the public.

(9) Establish an advisory committee on data quality to advise the Center on issues related to data auditing and tracking to ensure data validity.

(b) The Center shall adopt rules according to Chapter 150B of the General Statutes as provided in G.S. 116E‑6 to implement the provisions of this Article.

(c) The Center shall report annually to the Joint Legislative Education Oversight Committee, the Joint Legislative Commission on Governmental Operations, and the Joint Legislative Oversight Committee on Information Technology beginning July 1, 2019. The report shall include the following:

(1) An update on the implementation of the System's activities.

(2) Any proposed or planned expansion of System data.

(3) Any other recommendations made by the Center, including the most effective and efficient configuration for the System. (2012‑133, s. 1(a); 2013‑80, s. 5; 2013‑410, s. 22; 2016‑94, s. 7.14(b); 2019‑165, s. 2.5.)