(2) The ERC under review shall be required to pay all
reasonable costs to the CB for time necessary to re-audit and ensure
appropriate security measures are in place after a possible breech
occurs.
(3) An ERC may be terminated by the CB for failure
to meet the requirements of state or federal law, of this subchapter,
or of the terms of a contract establishing the ERC. An ERC shall be
entitled to an informal review of a determination to terminate its
status by a designee of the Commissioner of Higher Education prior
to the effective date of the termination. An ERC shall return all
confidential data to the CB within five (5) days of its receipt of
a notice of termination and shall not retain a copy, replica, or duplicate
thereof, whether in whole or in part. The Commissioner of Higher Education
may suspend an ERC while determining whether the ERC's failure to
meet the requirements of state or federal law, of this subchapter,
or of the terms of a contract establishing the ERC are of such significance
to warrant termination. An ERC may not operate during any period of
time it is suspended.
(4) Notice of termination under paragraphs (1) and
(2) of this subsection shall be provided to the ERC's designated representative
and shall contain information regarding the reasons for the termination.
(5) A termination made pursuant to this section shall
become final and binding unless, within 30 days of its receipt of
the notice of termination, the ERC invokes the administrative remedies
contained in Subchapter B of this chapter (relating to Dispute Resolution).
If this chapter is so invoked, any ultimate recommendations regarding
termination shall be made to the CB which, in turn, shall render its
decision in due course. The ERC shall be suspended during the pendency
of any such proceedings.
(f) Security.
(1) An ERC must comply with all requirements of FERPA
in accessing confidential information to conduct research. Notwithstanding
any other provision in this subchapter, failure to maintain adequate
security to avoid the unauthorized disclosure of confidential information
provided to the ERC shall be grounds for immediate termination of
the authorization to access such data.
(2) The CB may suspend access to confidential information
provided to an ERC based on a significant risk of unauthorized disclosure
of confidential information.
|
Source Note: The provisions of this §1.18 adopted to be effective August 15, 2007, 32 TexReg 4968; amended to be effective February 18, 2008, 33 TexReg 1324; amended to be effective November 21, 2013, 38 TexReg 8191; amended to be effective June 6, 2016, 41 TexReg 3995; amended to be effective August 16, 2020, 45 TexReg 5510 |