On May 14, Senators Orrin Hatch (R-UT) and Edward Markey (D-MA) released draft legislation that would amend the Family Educational Rights and Privacy Act of 1974, or FERPA, to increase regulation of students’ personal and private information that has been or may be accessed by private companies. The draft bill, entitled the Protecting Student Privacy Act of 2014, was issued in response to recent changes in the interpretation of FERPA—changes that allowed schools and educational institutions to increase the sharing of student data with outside companies. The bill will largely address the K-12 space, but postsecondary institutions should remain aware of these changes and consider future implications for their own practices.
In February, the Department of Education released guidance for schools and school districts on how to use, store, and secure the data they possess through the online educational resources and applications used by students. Many critics—including the authors of the Protecting Student Privacy Act of 2014—believe the regulations do not provide sufficient safeguards, and that legislative changes are therefore needed to better protect students in an increasingly technology-oriented educational system.
The Protecting Student Privacy Act of 2014 would require schools to maintain a record of all outside companies that have access to their students’ data and make the list publicly available. Parents would also be able to review and correct any information collected on their children through the use of educational apps, learning management systems, educational websites, or other resources.
The draft bill would limit the amount of personally identifiable information that can be provided to outside companies and prohibit the use of this data to market specific products or services to students. Companies would also be required to have data security safeguards in place to protect all sensitive information obtained.