Bill SponsorBILLSPONSOR
Bill Sponsor
Politicians
Bills
Senate Bill 877
115th Congress(2017-2018)
Protecting Student Privacy Act of 2017
Introduced
Introduced
Introduced in Senate on Apr 6, 2017
Overview
Text
Introduced in Senate 
Apr 6, 2017
Not Scanned for Linkage
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Introduced in Senate(Apr 6, 2017)
Apr 6, 2017
Not Scanned for Linkage
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Jump To
S. 877 (Introduced-in-Senate)


115th CONGRESS
1st Session
S. 877


To amend the Family Educational Rights and Privacy Act of 1974 to ensure that student data handled by private companies is protected, and for other purposes.

IN THE SENATE OF THE UNITED STATES

April 6 (legislative day, April 4), 2017

Mr. Markey (for himself and Mr. Hatch) introduced the following bill; which was read twice and referred to the Committee on Health, Education, Labor, and Pensions

A BILL

To amend the Family Educational Rights and Privacy Act of 1974 to ensure that student data handled by private companies is protected, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Protecting Student Privacy Act of 2017”.

SEC. 2. FERPA improvements.

Subsection (b) of section 444 of the General Education Provisions Act (20 U.S.C. 1232g) (commonly referred to as the “Family Educational Rights and Privacy Act of 1974”) is amended—

(1) by redesignating paragraphs (4) through (7) as paragraphs (8) through (11), respectively;

(2) by inserting after paragraph (3) the following:

“(4) (A) No funds shall be made available under any applicable program to any educational agency or institution that has not implemented information security policies and procedures that—

“(i) protect personally identifiable information from education records maintained by the educational agency or institution; and

“(ii) require each outside party to whom personally identifiable information from education records is disclosed to have information security policies and procedures that include a comprehensive security program designed to protect the personally identifiable information from education records.

“(B) For purposes of this subsection, the term ‘outside party’ means a person that is not an employee, officer, or volunteer of the educational agency or institution or of a Federal, State, or local governmental agency and includes any contractor or consultant acting as a school official or authorized representative or in any other capacity.

“(5) Notwithstanding any other provision of this section or paragraph (2)(A), no funds shall be made available under any applicable program to any educational agency or institution that has a policy or practice of using, knowingly releasing, or otherwise knowingly providing access to personally identifiable information, as described in paragraph (2), in the education records of a student to advertise or market a product or service.

“(6) Each State educational agency receiving funds under an applicable program, and each educational agency or institution, shall ensure that any outside party with access to education records with personally identifiable information complies with the following:

“(A) Any education records that are held by the outside party shall be held in a manner that provides, as directed by the educational agency or institution, parents with—

“(i) the right to access the personally identifiable information held about their students by the outside party, to the same extent and in the same manner as provided in subsection (a)(1); and

“(ii) a process to challenge, correct, or delete any inaccurate, misleading, or otherwise inappropriate data in any education records of such student that are held by the outside party, through an opportunity for a hearing by the agency or institution providing the outside party with access, in accordance with subsection (a)(2).

“(B) The outside party shall maintain a record of all individuals, agencies, or organizations that have requested or obtained access to the education records of a student held by the outside party, in the same manner as is required under paragraph (8).

“(C) The outside party shall have policies or procedures in place regarding information security practices regarding the education records, in accordance with paragraph (4).

“(7) No funds under any applicable program shall be made available to any educational agency or institution, or any State educational agency, unless the agency or institution has a policy or practice that—

“(A) promotes data minimization in order to safeguard individual privacy by meeting any request for student information with non-personally identifiable information, if the purpose of any appropriate request can be effectively met with non-personally identifiable information; and

“(B) requires that all personally identifiable information on an individual student held by any outside party be destroyed when the information is no longer needed for the specified purpose.”; and

(3) in paragraph (8)(A), as redesignated by paragraph (1)—

(A) by inserting “who are employees, officers, or volunteers of the agency or institution” after “of this subsection”;

(B) by striking “or organizations” and inserting “organizations, or outside parties”;

(C) by striking “or organization” and inserting “organization, or outside party”; and

(D) by inserting “and will describe the information shared with such person, outside party, agency, or organization” after “obtaining this information”.