Ark. Code Ann. § 25-1-128 (Act 504 of 2023) requires public entities to create a Technology Resources Policy and a Cyber Security Policy, with specific language for public school districts and open-enrollment charter schools described below:
Technology Resources Policy:
Although public entities listed within Act 504 must create a Technology Resources Policy, public school districts and open-enrollment charter schools are additionally required to utilize the policy issued by the Arkansas Department of Education (ADE). Districts are not required to write their own policy. The ADE policy can be found in the attachments, and can be incorporated as either a standalone or as an addition to a district’s Acceptable Use Policy.
Cyber Security Policy:
Separate from the Technology Resources Policy, the required Cyber Security Policy must be submitted by ADE to the State Cyber Security Office for approval by October 1 of each even numbered year. The approved policy from ADE must be utilized by public school districts and open-enrollment charter schools. An approved Cyber Security Policy is still being developed and will be communicated to the state when available.
Act 504 requires districts to provide training on both the Technology Resources and Cyber Security Policies. A training presentation for the Technology Resources Policy is attached below, although districts are not specifically required to use ADE’s training. Training for the Cyber Security Policy will be released at a later date.
Districts are required to have disciplinary procedures in place for a violation of either the Technology Resources Policy or Cyber Security Policy. In addition, districts must have reporting procedures for a suspected violation of the Cyber Security Policy.
Follow the link below for a summary of new Arkansas Cyber Security Laws: