As we reported in a blog post earlier this month, student data privacy continues to be a hot topic on Capitol Hill with a whopping five legislative proposals in circulation. While earlier bills focused on education technology companies and their use of student data, the new proposals would reauthorize the Family Educational Rights and Privacy Act (FERPA) and have a great impact on principals and how they run their schools.
House Education and the Workforce Committee Chairman John Kline (R-MN) and Ranking Member Bobby Scott (D-VA) released a discussion draft to totally rewrite FERPA in early April. The draft would grant parents the right to inspect and review their children’s education records and require educators to grant requests within 30 days. Educational agencies would be prohibited from releasing education records or personally identifiable information (PII) of students without written consent of their parents with few exceptions. Unidentifiable student data could be released for the purpose of education research, but the draft proposes a requirement that parents be notified of the studies and be given a reasonable amount of time to opt out. Educational agencies would be required to establish policies and procedures to protect the education records, and the draft proposes fines of $2,000 per student if there are violations. The draft would also prohibit marketing and advertising directly to students based on any information collected from education records.
NASSP and a number of other national education organizations submitted informal comments to Kline and Scott in which we outlined concerns with the discussion draft.
We offered recommendations to support capacity building for educators at the state, district, and school levels; require parents to access and review their child’s education records only through their local school or district; clarify how educators should notify parents about new operator contracts; and ensure that schools, districts, and states do not have to disclose information that could open up their secure data systems to hackers.
On May 13, Sens. Edward Markey (D-MA) and Orrin Hatch (R-UT) reintroduced the Protecting Student Privacy Act (S. 1322), which had first been introduced in 2014. The bill would amend FERPA to ensure that educational agencies implement information security policies and procedures that protect PII included in education records and require any outside party with access to student data to have a comprehensive security program designed to protect PII.
The following day, Sen. David Vitter (R-LA) introduced the Student Privacy Protection Act (S. 1341), which would ensure that parents and students retain control of their education records. While the text is not yet available, a summary on his website says the bill would:
- Reinstate protections originally outlined under FERPA by clarifying who can access student data and what information is accessible.
- Require educational agencies to gain prior consent from students or parents and implement measures to ensure records remain private.
- Extend FERPA’s protections to ensure records of homeschooled students are treated equally.
- Prohibit educational agencies, schools, and the US Secretary of Education from including PII obtained from federal or state agencies through data matches in student data.
NASSP will continue to review all of the legislative proposals and meet with congressional staff to ensure they include the policy recommendations approved by our Board of Directors in February 2015.