Protecting Student Privacy Act of 2017 2017-04-06 Introduced in Senate Protecting Student Privacy Act of 2017

This bill amends the Family Educational Rights and Privacy Act of 1974 to prohibit programs administered by the Department of Education from making funds available to any educational agency or institution that has not implemented information security policies that: (1) protect personally identifiable information (PII) from education records, and (2) require each outside party to whom PII from education records is disclosed to have a comprehensive security program to protect such information.

An "outside party" is defined as a person that is not an employee, officer, or volunteer of the educational agency or institution or of a government agency. The term includes any contractor or consultant acting as a school official or authorized representative or in any other capacity.

The bill prohibits such funds from being made available to any educational agency or institution that has a policy or practice of using, releasing, or providing access to PII to advertise or market a product or service.

State agencies receiving such funds, and each educational agency or institution, must ensure that any outside party with access to such records: (1) provides parents access to any PII it holds about their students; (2) provides a process to challenge, correct, or delete any inaccurate, misleading, or inappropriate data through a hearing by the agency or institution providing the outside party with access; (3) maintains a record of all individuals, agencies, or organizations that have requested or obtained access to the education records of a student; and (4) has information security procedures in place.

The bill prohibits funds from being made available to any educational agency or institution, or any state educational agency, unless the agency or institution has a practice that: (1) promotes data minimization by meeting requests for student information with non-PII; and (2) requires that PII held by any outside party be destroyed when the information is no longer needed for the specified purpose.

Educational agencies and institutions must maintain a record of all outside parties that request or obtain access to a student's education records. Such a record must describe the information shared and indicate specifically the party's legitimate interest in obtaining this information.

]]> text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain. Congressional Research Service, Library of Congress This file contains bill summaries for federal legislation. A bill summary describes the most significant provisions of a piece of legislation and details the effects the legislative text may have on current law and federal programs. Bill summaries are authored by the Congressional Research Service (CRS) of the Library of Congress. As stated in Public Law 91-510 (2 USC 166 (d)(6)), one of the duties of CRS is "to prepare summaries and digests of bills and resolutions of a public general nature introduced in the Senate or House of Representatives". For more information, refer to the User Guide that accompanies this file.