State board approves Prevent Child Abuse Utah contract after debate over student surveys and data privacy

The State Board of Education on a voice vote approved a five-year contract with Prevent Child Abuse Utah to provide student prevention curriculum and follow-up measurement, after members raised concerns about a short student survey, data privacy and access to curriculum materials.

The approval moves agenda item 11.1.0.7 forward after a motion by Member Earl and a second; the motion passed 11 in favor, three opposed (Member Green, Member Longacre and Member Boggess) and one absent. Member Earl asked that staff report back on how privacy protections were implemented.

Board context: The contract is structured as a multi-year arrangement that staff described as roughly $1 million per year, tied to legislative funding and expansion. Board members said the contract is time-sensitive because the legislature expects implementation and outcomes reporting for fiscal-year funding and staff said the vendor needs time to scale statewide. Staff said the RFP required a method to measure effectiveness and the contractor proposed short follow-up surveys as that method.

What the vendor will measure: Tanya Alvernoz, coordinator for prevention, described the follow-up as “more of a comprehensive check and retention of the message check.” She said, “PCAU conducts follow-up surveys on 1 classroom each, second, fourth, and sixth grade at 10 selected schools statewide. Surveys are administered 3 months after initial instruction. Surveys are sent via, forms with physical copies available. Responses are anonymous containing no names or identifiable information. And the surveys ask comprehensive based questions. It's 5 questions total.” Alvernoz and other staff supplied three example questions: “who owns your body,” “Do you remember your 5 trusted adults?” and a question about whether to keep an “uh-oh” feeling secret; staff later confirmed the remaining two questions are “what are the 5 types of abuse you learned about” and “what's the best way to report abuse.”

Data privacy and collection method: Board members pressed whether Google Forms would be used and whether responses can truly be anonymous. Katie Challis, director of privacy, said the student data privacy team reviewed those issues and staff added planning-phase language so methodology and data protection requirements would be negotiated before implementation. Challis said, “In our in our contract language with this vendor, there's an assurance that the data will be used only for the purpose of administering the services. In this case, the administration of the services providing the curriculum, to the students. So if the if the organization went beyond that, that would be a breach of contract. Certainly, using the data to train AI would be a really clear violation of that. There's nothing in this contract that would allow them to do that.”

Staff also said some protections were included in the contract: multifactor authentication is required to reduce unauthorized access. Staff said a clause requiring the vendor to provide an affidavit certifying data destruction is not included in this contract; staff explained they gave local education agencies discretion about timing for data destruction rather than forcing automatic destruction in all cases.

Translation, access and copyright: Members asked how parents can view curriculum and whether materials would be available in languages other than English and Spanish. Staff said statute requires curriculum be available to parents for review but that historically parents often must view copyrighted materials at the school; staff said they believe parents can request translated materials and that staff can coordinate translations the LEA requests. On NDAs and copyrighted content, staff explained some vendor materials are copyrighted and that nondisclosure agreements (NDAs) had been used when the board reviewed vendor proposals in a competitive process; parents reviewing copyrighted materials are not required to sign NDAs, staff said, but they are not allowed automatically to make copies or photographs.

Enforcement and breach notification: Board members asked what happens if a vendor breaks the contract or misuses data. Staff said a misuse would constitute a breach of contract and could result in termination; they also cited a statutory option (unused so far) that allows the state to penalize third parties who knowingly or recklessly disclose student data and bar them from use in the state. On notification, staff said under the Utah Student Data Protection Act and the Government Records and Access Management Act, schools must notify parents in the event of a significant data breach.

Board direction and follow-up: Member Earl moved the contract forward after staff assured the board that survey methodology and privacy protections would be negotiated during the planning phase. Earl asked for a later report so the board can confirm the measures were implemented. Staff said they must move now to meet legislative funding and implementation timelines so vendors have time to scale statewide and deliver outcome data this fiscal year.

Votes at a glance: Agenda item 11.1.0.7 — Prevent Child Abuse Utah contract: motion to advance approved 11–3 with 1 absent. Opposed: Member Green, Member Longacre, Member Boggess. Absent: not specified.

Why this matters: The board said it needs data on curriculum effectiveness to satisfy legislative reporting and to ensure training reaches students statewide; several members said privacy protections and translation/access issues must be resolved before broad rollout.

What remains open: Staff said contract language will be amended during planning to document survey methodology and data protections, and staff will continue coordinating with the student data privacy team. Member Earl requested a follow-up report on the final privacy approach.