Student Privacy Protection Act (H.R. 3157)
This bill would update and amend FERPA, and was introduced by Rep. Todd Rokita (R-IN) with important co-sponsorship from Reps. John Kline (R-MN) and Robert “Bobby” Scott (D-VA), the chairman and ranking minority member, respectively, of the House education committee. Rep. Marcia Fudge (D-OH) is also an original co-sponsor. Much of this bill mirrors current FERPA language, or is conceptually similar but updated to reflect current recordkeeping practices, but it also contains new requirements and restrictions in several key areas. Specifically, it imposes additional requirements for sharing student data with third party vendors performing school services and entities that perform college testing and financial aid analyses, including requiring education agencies/institutions to ensure such vendors have appropriate information security practices, requiring them to enter into written agreements with the vendors and mandating that such agreements are made available to parents. Additional key proposed changes from current law include: an express prohibition on the use of student information initially obtained to provide schools services for marketing or direct advertising to those students (with certain exceptions); a mandate to designate the school official responsible for education records security and establish a data breach notification policy; and a requirement that each State educational authority verify that institutions and local educational agencies under its jurisdiction have complied with the notice and procedural requirements of FERPA and certify to the U.S. Department of Education (the “Department”) that such institutions and agencies are in compliance.