Scribd Logo
Upload

Welcome to Scribd!

  • 996 views

    S. 2690

    Uploaded by

    kirkilsen
    This bill aims to strengthen privacy protections for student data handled by private companies. It would prohibit federal funding for educational institutions that do not implement strong information security policies to protect student data. It also bans using student data for advertising or marketing without consent. Additionally, it ensures parents can access and correct student data held by outside companies, and requires companies to delete student data when it is no longer needed. The goal is to safeguard student privacy when their information is shared with or held by third parties.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    S. 2690

    Uploaded by

    kirkilsen
    996 views5 pages
    This bill aims to strengthen privacy protections for student data handled by private companies. It would prohibit federal funding for educational institutions that do not implement strong information security policies to protect student data. It also bans using student data for advertising or marketing without consent. Additionally, it ensures parents can access and correct student data held by outside companies, and requires companies to delete student data when it is no longer needed. The goal is to safeguard student privacy when their information is shared with or held by third parties.

    Original Description:

    S. 2690

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This bill aims to strengthen privacy protections for student data handled by private companies. It would prohibit federal funding for educational institutions that do not implement strong information security policies to protect student data. It also bans using student data for advertising or marketing without consent. Additionally, it ensures parents can access and correct student data held by outside companies, and requires companies to delete student data when it is no longer needed. The goal is to safeguard student privacy when their information is shared with or held by third parties.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    996 views5 pages

    S. 2690

    Uploaded by

    kirkilsen
    This bill aims to strengthen privacy protections for student data handled by private companies. It would prohibit federal funding for educational institutions that do not implement strong information security policies to protect student data. It also bans using student data for advertising or marketing without consent. Additionally, it ensures parents can access and correct student data held by outside companies, and requires companies to delete student data when it is no longer needed. The goal is to safeguard student privacy when their information is shared with or held by third parties.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 5

    ROM14363

    S.L.C.

    113TH CONGRESS
    2D SESSION

    S. ll

    To amend the Family Educational Rights and Privacy Act of 1974 to ensure
    that student data handled by private companies is protected, and for
    other purposes.

    IN THE SENATE OF THE UNITED STATES


    llllllllll
    Mr. MARKEY (for himself, Mr. HATCH, Mr. WALSH, and Mr. KIRK) introduced the following bill; which was read twice and referred to the Committee on llllllllll

    A BILL
    To amend the Family Educational Rights and Privacy Act
    of 1974 to ensure that student data handled by private
    companies is protected, and for other purposes.
    1

    Be it enacted by the Senate and House of Representa-

    2 tives of the United States of America in Congress assembled,


    3
    4

    SECTION 1. SHORT TITLE.

    This Act may be cited as the Protecting Student

    5 Privacy Act of 2014.


    6
    7

    SEC. 2. FERPA IMPROVEMENTS.

    Subsection (b) of section 444 of the General Edu-

    8 cation Provisions Act (20 U.S.C. 1232g) (commonly re-

    ROM14363

    S.L.C.

    2
    1 ferred to as the Family Educational Rights and Privacy
    2 Act of 1974) is amended
    3
    4
    5

    (1) by redesignating paragraphs (4) through


    (7) as paragraphs (8) through (11), respectively;
    (2) by inserting after paragraph (3) the fol-

    lowing:

    (4)(A) No funds shall be made available under any

    8 applicable program to any educational agency or institu9 tion that has not implemented information security poli10 cies and procedures that
    11

    (i) protect personally identifiable information

    12

    from education records maintained by the edu-

    13

    cational agency or institution; and

    14

    (ii) require each outside party to whom per-

    15

    sonally identifiable information from education

    16

    records is disclosed to have information security poli-

    17

    cies and procedures that include a comprehensive se-

    18

    curity program designed to protect the personally

    19

    identifiable information from education records.

    20

    (B) For purposes of this subsection, the term out-

    21 side party means a person that is not an employee, offi22 cer, or volunteer of the educational agency or institution
    23 or of a Federal, State, or local governmental agency and
    24 includes any contractor or consultant acting as a school

    ROM14363

    S.L.C.

    3
    1 official or authorized representative or in any other capac2 ity.
    3

    (5) Notwithstanding any other provision of this sec-

    4 tion or paragraph (2)(A), no funds shall be made available


    5 under any applicable program to any educational agency
    6 or institution that has a policy or practice of using, know7 ingly releasing, or otherwise knowingly providing access to
    8 personally identifiable information, as described in para9 graph (2), in the education records of a student to adver10 tise or market a product or service.
    11

    (6) Each State educational agency receiving funds

    12 under an applicable program, and each educational agency


    13 or institution, shall ensure that any outside party with ac14 cess to education records with personally identifiable infor15 mation complies with the following:
    16

    (A) Any education records that are held by the

    17

    outside party shall be held in a manner that pro-

    18

    vides, as directed by the educational agency or insti-

    19

    tution, parents with

    20

    (i) the right to access the personally iden-

    21

    tifiable information held about their students by

    22

    the outside party, to the same extent and in the

    23

    same manner as provided in subsection (a)(1);

    24

    and

    ROM14363

    S.L.C.

    4
    1

    (ii) a process to challenge, correct, or de-

    lete any inaccurate, misleading, or otherwise in-

    appropriate data in any education records of

    such student that are held by the outside party,

    through an opportunity for a hearing by the

    agency or institution providing the outside

    party with access, in accordance with subsection

    (a)(2).

    (B) The outside party shall maintain a record

    10

    of all individuals, agencies, or organizations that

    11

    have requested or obtained access to the education

    12

    records of a student held by the outside party, in the

    13

    same manner as is required under paragraph (8).

    14

    (C) The outside party shall have policies or

    15

    procedures in place regarding information security

    16

    practices regarding the education records, in accord-

    17

    ance with paragraph (4).

    18

    (7) No funds under any applicable program shall be

    19 made available to any educational agency or institution,


    20 or any State educational agency, unless the agency or in21 stitution has a policy or practice that
    22

    (A) promotes data minimization in order to

    23

    safeguard individual privacy by meeting any request

    24

    for student information with non-personally identifi-

    25

    able information, if the purpose of any appropriate

    ROM14363

    S.L.C.

    5
    1

    request can be effectively met with non-personally

    identifiable information; and

    (B) requires that all personally identifiable in-

    formation on an individual student held by any out-

    side party be destroyed when the information is no

    longer needed for the specified purpose.; and

    7
    8

    (3) in paragraph (8)(A), as redesignated by


    paragraph (1)

    (A) by inserting who are employees, offi-

    10

    cers, or volunteers of the agency or institution

    11

    after of this subsection;

    12
    13
    14
    15

    (B) by striking or organizations and inserting organizations, or outside parties;


    (C) by striking or organization and inserting organization, or outside party; and

    16

    (D) by inserting and will describe the in-

    17

    formation shared with such person, outside

    18

    party, agency, or organization after obtaining

    19

    this information.

    You might also like