Senate ESEA Amendment Calls for Student Privacy Commission

min read

Summary: (July 21, 2015) The Senate recently passed its Elementary and Secondary Education Act (ESEA) reauthorization bill, the Every Child Achieves Act. It includes an amendment calling for the formation of a commission to study how to update federal student privacy laws and regulations in light of contemporary technologies and related issues. Such an effort would likely impact student privacy requirements at the higher education level as well. So, even though the prospects for a final ESEA bill to take shape and become law are unclear, the possibility that a student privacy commission could emerge from it makes this year's ESEA reauthorization of greater than usual interest to higher education.

Colleges and universities are traditionally (and understandably) much more interested in the reauthorization of the Higher Education Act (HEA) than in the renewal of its K-12 analogue, the Elementary and Secondary Education Act (ESEA). Given that consideration of HEA reauthorization has been blocked by the need for Congress to first reauthorize ESEA, though, this month’s passage of ESEA bills in the House (the “Student Success Act”) and Senate (the “Every Child Achieves Act”) at least raises the possibility that HEA reauthorization might proceed later this summer. (The House and Senate will have to reconcile their separate bills into a single piece of legislation that can pass both houses of Congress and avoid a presidential veto; it’s far from certain that Congress can clear either of those hurdles.)

An amendment to the Senate ESEA bill, though, creates an additional point of interest for higher education, specifically in relation to student privacy. In passing the Every Child Achieves Act, the Senate approved an amendment from Senator Orrin Hatch (R-UT) calling for the formation of a commission to examine student data privacy issues in relation to existing laws and current data practices. While the amendment doesn’t specifically refer to the Family Educational Rights and Privacy Act (FERPA), any reexamination of federal student privacy requirements would necessarily involve FERPA. Likewise, while the amendment is clearly written with K-12 student data privacy in mind, revisiting FERPA in any substantive way would necessarily draw higher education’s attention since it governs the privacy of student educational records at colleges and universities as well.

It remains to be seen whether the Hatch amendment will survive the process of merging the House and Senate ESEA bills into one. For example, the chair of the House education committee has floated a discussion draft of a bill to revamp FERPA, so the House leadership could be inclined to address student privacy concerns via that potential legislation. The inclusion of the Hatch amendment in the Senate’s bill, however, means that the conversation will be on the table when a conference committee is convened to reconcile the House and Senate ESEA bills. And those interested in student data security and privacy will probably have more of an interest in ESEA reauthorization than they otherwise might.

For the full text of the Hatch amendment, please see below:

Amendment No. 2080


     (Purpose: To establish a committee on student privacy policy)


       At the end of title I, add the following:




       (a) Establishment of a Committee on Student Privacy

     Policy.--Not later than 60 days after the date of enactment

     of this Act, there is established a committee to be known as

     the ``Student Privacy Policy Committee'' (referred to in this

     section as the ``Committee'').

       (b) Membership.--

       (1) Composition.--The Committee shall be composed of--

       (A) 3 individuals appointed by the Secretary of Education;

       (B) not less than 8 and not more than 13 individuals

     appointed by the Comptroller General of the United States,


       (i) experts in education data and student privacy;

       (ii) educators and parents;

       (iii) State and local government officials responsible for

     managing student information;

       (iv) education technology leaders in the State or a local

     educational agency;

       (v) experts with practical experience dealing with data

     privacy management at the State or local level;

       (vi) experts with a background in academia or research in

     data privacy and education data; and

       (vii) education technology providers and education data

     storage providers; and

       (C) 4 members appointed by--

       (i) the majority leader of the Senate;

       (ii) the minority leader of the Senate;

       (iii) the Speaker of the House of Representatives; and

       (iv) the minority leader of the House of Representatives.

       (D) Chairperson.--The Committee shall select a Chairperson

     from among its members.

       (E) Vacancies.--Any vacancy in the Committee shall not

     affect the powers of the Committee and shall be filled in the

     same manner as an initial appointment described in

     subparagraphs (A) through (C).

       (c) Meetings.--The Committee shall hold, at the call of the

     Chairperson, not less than 5 meetings before completing the

     study required under subsection (e) and the report required

     under subsection (f).

       (d) Personnel Matters.--

       (1) Compensation of members.--Each member of the Committee

     shall serve without compensation in addition to any such

     compensation received for the member's service as an officer

     or employee of the United States, if applicable.

       (2) Travel expenses.--The members of the Committee shall be

     allowed travel expenses, including per diem in lieu of

     subsistence, at rates authorized for employees of agencies

     under subchapter 1 of chapter 57 of title 5, United States

     Code, while away from their homes or regular places of

     business in the performance of services for the Committee.

       (e) Duties of the Committee.--

       (1) Study.--The Committee shall conduct a study on the

     effectiveness of Federal laws and enforcement mechanisms of--

       (A) student privacy; and

       (B) parental rights to student information.

       (2) Recommendations.--Based on the findings of the study

     under paragraph (1), the Committee shall develop

     recommendations addressing issues of student privacy and

     parental rights and how to improve and enforce Federal laws

     regarding student privacy and parental rights, including

     recommendations that--

       (A) provide or update standard definitions, if needed, for

     relevant terms related to student privacy, including--

       (i) education record;

       (ii) personally identifiable information;

       (iii) aggregated, de-identified, or anonymized data;

       (iv) third-party; and

       (v) educational purpose;

       (B) identify--

       (i) which Federal laws should be updated; and

       (ii) the appropriate Federal enforcement authority to

     execute the laws identified in clause (i);

       (C) address the sharing of data in an increasingly

     technological world, including--

       (i) evaluations of protections in place for student data

     when it is used for research purposes;

       (ii) establishing best practices for any entity that is

     charged with handling, or that comes into contact with,

     student education records;

       (iii) ensuring that identifiable data cannot be used to

     target students for advertising or marketing purposes; and

       (iv) establishing best practices for data deletion and


       (D) discuss transparency and parental access to personal

     student information by establishing best practices for--

       (i) ensuring parental knowledge of any entity that stores

     or accesses their student's information;

       (ii) parents to amend, delete, or modify their student's

     information; and

       (iii) a central designee in a State or a political

     subdivision of a State who can oversee transparency and serve

     as a point of contact for interested parties;

       (E) establish best practices for the local entities who

     handle student privacy, which may include professional

     development for those who come into contact with identifiable

     data; and

       (F) discuss how to improve coordination between Federal and

     State laws.

       (f) Report.--Not later than 270 days after the date of

     enactment of this Act, the Committee shall prepare and submit

     a report to the Secretary of Education and to Congress

     containing the findings of the study under subsection (e)(1)

     and the recommendations developed under subsection (e)(2).