[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 800 Introduced in Senate (IS)]

<DOC>






116th CONGRESS
  1st Session
                                 S. 800

           To establish a postsecondary student data system.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             March 14, 2019

Mr. Cassidy (for himself, Ms. Warren, Mr. Scott of South Carolina, Mr. 
 Whitehouse, Ms. Ernst, Mr. Kaine, Mr. Tillis, Mr. Murphy, Mr. Cornyn, 
   Mr. Jones, Mr. Gardner, Ms. Hassan, Mr. Roberts, Ms. Baldwin, Mr. 
Graham, Mr. Romney, Mr. Brown, and Mr. Perdue) introduced the following 
  bill; which was read twice and referred to the Committee on Health, 
                     Education, Labor, and Pensions

_______________________________________________________________________

                                 A BILL


 
           To establish a postsecondary student data system.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``College Transparency Act''.

SEC. 2. POSTSECONDARY STUDENT DATA SYSTEM.

    Section 132 of the Higher Education Act of 1965 (20 U.S.C. 1015a) 
is amended--
            (1) by redesignating subsection (l) as subsection (m); and
            (2) by inserting after subsection (k) the following:
    ``(l) Postsecondary Student Data System.--
            ``(1) In general.--
                    ``(A) Establishment of system.--The Commissioner of 
                the National Center for Education Statistics (referred 
                to in this subsection as the `Commissioner') shall 
                develop and maintain a secure, privacy-protected 
                postsecondary student-level data system in order to--
                            ``(i) accurately evaluate student 
                        enrollment patterns, progression, completion, 
                        and postcollegiate outcomes, and higher 
                        education costs and financial aid;
                            ``(ii) assist with transparency, 
                        institutional improvement, and analysis of 
                        Federal aid programs;
                            ``(iii) provide more accurate, complete, 
                        and customizable information for students and 
                        families making decisions about postsecondary 
                        education; and
                            ``(iv) reduce the reporting burden on 
                        institutions of higher education, in accordance 
                        with section 5(b) of the College Transparency 
                        Act.
                    ``(B) Avoiding duplicated reporting.--
                Notwithstanding any other provision of this section, to 
                the extent that another provision of this section 
                requires the same reporting or collection of data that 
                is required under this subsection, a postsecondary 
                institution, or the Secretary or Commissioner, may use 
                the reporting or data required for the postsecondary 
                student data system under this subsection to satisfy 
                both requirements.
                    ``(C) Development process.--In developing the 
                postsecondary student data system described in this 
                subsection, the Commissioner shall--
                            ``(i) focus on the needs of--
                                    ``(I) users of the data system; and
                                    ``(II) entities, including 
                                postsecondary institutions, reporting 
                                to the data system;
                            ``(ii) take into consideration, to the 
                        extent practicable--
                                    ``(I) the guidelines outlined in 
                                the U.S. Web Design Standards 
                                maintained by the General Services 
                                Administration and the Digital Services 
                                Playbook and TechFAR Handbook for 
                                Procuring Digital Services Using Agile 
                                Processes of the U.S. Digital Service; 
                                and
                                    ``(II) the relevant successor 
                                documents or recommendations of such 
                                guidelines;
                            ``(iii) use modern, relevant privacy- and 
                        security-enhancing technology, and enhance and 
                        update the data system as necessary to carry 
                        out the purpose of this subsection;
                            ``(iv) ensure data privacy and security is 
                        consistent with any Federal law relating to 
                        privacy or data security, including--
                                    ``(I) the requirements of 
                                subchapter II of chapter 35 of title 
                                44, United States Code, specifying 
                                security categorization under the 
                                Federal Information Processing 
                                Standards or any relevant successor of 
                                such standards;
                                    ``(II) security requirements that 
                                are consistent with the Federal agency 
                                responsibilities in section 3554 of 
                                title 44, United States Code, or any 
                                relevant successor of such 
                                responsibilities; and
                                    ``(III) security requirements, 
                                guidelines, and controls consistent 
                                with cybersecurity standards and best 
                                practices developed by the National 
                                Institute of Standards and Technology, 
                                including frameworks, consistent with 
                                section 2(c) of the National Institute 
                                of Standards and Technology Act (15 
                                U.S.C. 272(c)), or any relevant 
                                successor of such frameworks;
                            ``(v) follow Federal data minimization 
                        practices to ensure only the minimum amount of 
                        data is collected to meet the system's goals, 
                        in accordance with Federal data minimization 
                        standards and guidelines developed by the 
                        National Institute of Standards and Technology; 
                        and
                            ``(vi) provide notice to students outlining 
                        the data included in the system and how the 
                        data are used.
            ``(2) Data elements.--
                    ``(A) In general.--The Commissioner, in 
                consultation with the Postsecondary Student Data System 
                Advisory Committee described in subparagraph (B), shall 
                determine--
                            ``(i) the data elements to be included in 
                        the postsecondary student data system, in 
                        accordance with subparagraphs (C) and (D); and
                            ``(ii) how to include the data elements 
                        required under subparagraph (C), and any 
                        additional data elements selected under 
                        subparagraph (D), in the postsecondary student 
                        data system.
                    ``(B) Postsecondary student data system advisory 
                committee.--
                            ``(i) Establishment.--The Commissioner 
                        shall establish a Postsecondary Student Data 
                        System Advisory Committee (referred to in this 
                        subsection as the `Advisory Committee'), whose 
                        members shall include--
                                    ``(I) the Chief Privacy Officer of 
                                the Department or an official of the 
                                Department delegated the duties of 
                                overseeing data privacy at the 
                                Department;
                                    ``(II) the Chief Security Officer 
                                of the Department or an official of the 
                                Department delegated the duties of 
                                overseeing data security at the 
                                Department;
                                    ``(III) representatives of diverse 
                                postsecondary institutions, which shall 
                                include equal representation between 2-
                                year and 4-year institutions of higher 
                                education, and from public, nonprofit, 
                                and proprietary institutions of higher 
                                education, including minority-serving 
                                institutions;
                                    ``(IV) representatives from State 
                                higher education agencies, entities, 
                                bodies, or boards;
                                    ``(V) representatives of 
                                postsecondary students;
                                    ``(VI) representatives from 
                                relevant Federal agencies; and
                                    ``(VII) other stakeholders 
                                (including individuals with expertise 
                                in data privacy and security, consumer 
                                protection, and postsecondary education 
                                research).
                            ``(ii) Requirements.--The Commissioner 
                        shall ensure that the Advisory Committee--
                                    ``(I) adheres to all requirements 
                                under the Federal Advisory Committee 
                                Act (5 U.S.C. App.);
                                    ``(II) establishes operating and 
                                meeting procedures and guidelines 
                                necessary to execute its advisory 
                                duties; and
                                    ``(III) is provided with 
                                appropriate staffing and resources to 
                                execute its advisory duties.
                    ``(C) Required data elements.--The data elements in 
                the postsecondary student data system shall include, at 
                a minimum, the following:
                            ``(i) Student-level data elements necessary 
                        to calculate the information within the surveys 
                        designated by the Commissioner as `student-
                        related surveys' in the Integrated 
                        Postsecondary Education Data System (IPEDS), as 
                        such surveys are in effect on the day before 
                        the date of enactment of the College 
                        Transparency Act, except that in the case that 
                        collection of such elements would conflict with 
                        subparagraph (F), such elements in conflict 
                        with subparagraph (F) shall be included in the 
                        aggregate instead of at the student level.
                            ``(ii) Student-level data elements 
                        necessary to allow for reporting student 
                        enrollment, persistence, retention, transfer, 
                        and completion measures for all credential 
                        levels separately (including certificate, 
                        associate, baccalaureate, and advanced degree 
                        levels), within and across postsecondary 
                        institutions (including across all categories 
                        of institution level, control, and predominant 
                        degree awarded). The data elements shall allow 
                        for reporting about all such data disaggregated 
                        by the following categories:
                                    ``(I) Enrollment status as a first-
                                time student, recent transfer student, 
                                or other non-first-time student.
                                    ``(II) Attendance intensity, 
                                whether full-time or part-time.
                                    ``(III) Credential-seeking status, 
                                by credential level.
                                    ``(IV) Race or ethnicity.
                                    ``(V) Age intervals.
                                    ``(VI) Gender.
                                    ``(VII) Program of study (as 
                                applicable).
                                    ``(VIII) Military or veteran 
                                benefit status (as determined based on 
                                receipt of veteran's education 
                                benefits, as defined in section 
                                480(c)).
                                    ``(IX) Status as a distance 
                                education student, whether exclusively 
                                or partially enrolled in distance 
                                education.
                                    ``(X) Federal Pell Grant and 
                                Federal loan recipient status, provided 
                                that the collection of such information 
                                complies with paragraph (1)(B).
                    ``(D) Other data elements.--
                            ``(i) In general.--The Commissioner may, 
                        after consultation with the Advisory Committee 
                        and provision of a public comment period, 
                        include additional data elements in the 
                        postsecondary student data system, such as 
                        those described in clause (ii), if those data 
                        elements--
                                    ``(I) are necessary to ensure that 
                                the postsecondary data system fulfills 
                                the purposes described in paragraph 
                                (1)(A); and
                                    ``(II) are consistent with data 
                                minimization principles, including the 
                                collection of only those additional 
                                elements that are necessary to ensure 
                                such purposes.
                            ``(ii) Data elements.--The data elements 
                        described in clause (i) may include--
                                    ``(I) status as a first generation 
                                college student, as defined in section 
                                402A(h);
                                    ``(II) economic status;
                                    ``(III) participation in 
                                postsecondary remedial coursework or 
                                gateway course completion; or
                                    ``(IV) other data elements that are 
                                necessary in accordance with clause 
                                (i).
                    ``(E) Reevaluation.--Not less than once every 3 
                years after the implementation of the postsecondary 
                student data system described in this subsection, the 
                Commissioner, in consultation with the Advisory 
                Committee described in subparagraph (B), shall review 
                the data elements included in the postsecondary student 
                data system and may revise the data elements to be 
                included in such system.
                    ``(F) Prohibitions.--The Commissioner shall not 
                include individual health data (including data relating 
                to physical health or mental health), student 
                discipline records or data, elementary and secondary 
                education data, an exact address, citizenship status, 
                migrant status, or national origin status for students 
                or their families, course grades, postsecondary 
                entrance examination results, political affiliation, or 
                religion in the postsecondary student data system under 
                this subsection.
            ``(3) Periodic matching with other federal data systems.--
                    ``(A) Data sharing agreements.--
                            ``(i) The Commissioner shall ensure secure, 
                        periodic data matches by entering into data 
                        sharing agreements with each of the following 
                        Federal agencies and offices:
                                    ``(I) The Secretary of the Treasury 
                                and the Commissioner of the Internal 
                                Revenue Service, in order to calculate 
                                aggregate program- and institution-
                                level earnings of postsecondary 
                                students.
                                    ``(II) The Secretary of Defense, in 
                                order to assess the use of 
                                postsecondary educational benefits and 
                                the outcomes of servicemembers.
                                    ``(III) The Secretary of Veterans 
                                Affairs, in order to assess the use of 
                                postsecondary educational benefits and 
                                outcomes of veterans.
                                    ``(IV) The Director of the Census 
                                Bureau, in order to assess the 
                                occupational and earnings outcomes of 
                                former postsecondary education 
                                students.
                                    ``(V) The Chief Operating Officer 
                                of the Office of Federal Student Aid, 
                                in order to analyze the use of 
                                postsecondary educational benefits 
                                provided under this Act.
                            ``(ii) The heads of Federal agencies and 
                        offices described under clause (i) shall enter 
                        into data sharing agreements with the 
                        Commissioner to ensure secure, periodic data 
                        matches as described in this paragraph.
                    ``(B) Categories of data.--The Commissioner shall, 
                at a minimum, seek to ensure that the secure periodic 
                data system matches described in subparagraph (A) 
                permit consistent reporting of the following categories 
                of data for all postsecondary students:
                            ``(i) Enrollment, retention, transfer, and 
                        completion outcomes for all postsecondary 
                        students.
                            ``(ii) Financial indicators for 
                        postsecondary students receiving Federal grants 
                        and loans, including grant and loan aid by 
                        source, cumulative student debt, loan repayment 
                        status, and repayment plan.
                            ``(iii) Post-completion outcomes for all 
                        postsecondary students, including earnings, 
                        employment, and further education, by program 
                        of study and credential level and as measured--
                                    ``(I) immediately after leaving 
                                postsecondary education; and
                                    ``(II) at time intervals 
                                appropriate to the credential sought 
                                and earned.
                    ``(C) Periodic data match streamlining and 
                confidentiality.--
                            ``(i) Streamlining.--In creating the secure 
                        periodic data system matches described in this 
                        paragraph, the Commissioner shall--
                                    ``(I) ensure that such matches are 
                                not continuous, but occur at 
                                appropriate intervals, as determined by 
                                the Commissioner; and
                                    ``(II) seek to--
                                            ``(aa) streamline the data 
                                        collection and reporting 
                                        requirements for postsecondary 
                                        institutions;
                                            ``(bb) minimize duplicative 
                                        reporting across or within 
                                        Federal agencies or 
                                        departments, including 
                                        reporting requirements 
                                        applicable to postsecondary 
                                        institutions under the 
                                        Workforce Innovation and 
                                        Opportunity Act (29 U.S.C. 3101 
                                        et seq.) and the Carl D. 
                                        Perkins Career and Technical 
                                        Education Act of 2006;
                                            ``(cc) protect student 
                                        privacy; and
                                            ``(dd) streamline the 
                                        application process for student 
                                        loan benefit programs available 
                                        to borrowers based on data 
                                        available from different 
                                        Federal data systems.
                            ``(ii) Review.--Not less often than once 
                        every 3 years after the establishment of the 
                        postsecondary student data system under this 
                        subsection, the Commissioner, in consultation 
                        with the Advisory Committee, shall review 
                        methods for streamlining data collection from 
                        postsecondary institutions and minimizing 
                        duplicative reporting within the Department and 
                        across Federal agencies that provide data for 
                        the postsecondary student data system.
                            ``(iii) Confidentiality.--The Commissioner 
                        shall ensure that any periodic matching or 
                        sharing of data through periodic data system 
                        matches established in accordance with this 
                        paragraph--
                                    ``(I) complies with the security 
                                and privacy protections described in 
                                paragraph (1)(C)(iv) and other Federal 
                                data protection protocols;
                                    ``(II) follows industry best 
                                practices commensurate with the 
                                sensitivity of specific data elements 
                                or metrics;
                                    ``(III) does not result in the 
                                creation of a single standing, linked 
                                Federal database at the Department that 
                                maintains the information reported 
                                across other Federal agencies; and
                                    ``(IV) discloses to postsecondary 
                                students what data are included in the 
                                data system and periodically matched 
                                and how the data are used.
                            ``(iv) Correction.--The Commissioner, in 
                        consultation with the Advisory Committee, shall 
                        establish a process for students to request 
                        access to only their personal information for 
                        inspection and request corrections to 
                        inaccuracies in a manner that protects the 
                        student's personally identifiable information. 
                        The Commissioner shall respond in writing to 
                        every request for a correction from a student.
            ``(4) Publicly available information.--
                    ``(A) In general.--The Commissioner shall make the 
                summary aggregate information described in subparagraph 
                (C), at a minimum, publicly available through a user-
                friendly consumer information website and analytic tool 
                that--
                            ``(i) provides appropriate mechanisms for 
                        users to customize and filter information by 
                        institutional and student characteristics;
                            ``(ii) allows users to build summary 
                        aggregate reports of information, including 
                        reports that allow comparisons across multiple 
                        institutions and programs, subject to 
                        subparagraph (B);
                            ``(iii) uses appropriate statistical 
                        disclosure limitation techniques necessary to 
                        ensure that the data released to the public 
                        cannot be used to identify specific 
                        individuals; and
                            ``(iv) provides users with appropriate 
                        contextual factors to make comparisons, which 
                        may include national median figures of the 
                        summary aggregate information described in 
                        subparagraph (C).
                    ``(B) No personally identifiable information 
                available.--The summary aggregate information described 
                in this paragraph shall not include personally 
                identifiable information.
                    ``(C) Summary aggregate information available.--The 
                summary aggregate information described in this 
                paragraph shall, at a minimum, include each of the 
                following for each postsecondary institution:
                            ``(i) Measures of student access, 
                        including--
                                    ``(I) admissions selectivity and 
                                yield; and
                                    ``(II) enrollment, disaggregated by 
                                each category described in paragraph 
                                (2)(C)(ii).
                            ``(ii) Measures of student progression, 
                        including retention rates and persistence 
                        rates, disaggregated by each category described 
                        in paragraph (2)(C)(ii).
                            ``(iii) Measures of student completion, 
                        including--
                                    ``(I) transfer rates and completion 
                                rates, disaggregated by each category 
                                described in paragraph (2)(C)(ii); and
                                    ``(II) number of completions, 
                                disaggregated by each category 
                                described in paragraph (2)(C)(ii).
                            ``(iv) Measures of student costs, 
                        including--
                                    ``(I) tuition, required fees, total 
                                cost of attendance, and net price after 
                                total grant aid, disaggregated by in-
                                State tuition or in-district tuition 
                                status (if applicable), program of 
                                study (if applicable), and credential 
                                level; and
                                    ``(II) typical grant amounts and 
                                loan amounts received by students 
                                reported separately from Federal, 
                                State, local, and institutional 
                                sources, and cumulative debt, 
                                disaggregated by each category 
                                described in paragraph (2)(C)(ii) and 
                                completion status.
                            ``(v) Measures of postcollegiate student 
                        outcomes, including employment rates, mean and 
                        median earnings, loan repayment and default 
                        rates, and further education rates. These 
                        measures shall--
                                    ``(I) be disaggregated by each 
                                category described in paragraph 
                                (2)(C)(ii) and completion status; and
                                    ``(II) be measured immediately 
                                after leaving postsecondary education 
                                and at time intervals appropriate to 
                                the credential sought or earned.
                    ``(D) Development criteria.--In developing the 
                method and format of making the information described 
                in this paragraph publicly available, the Commissioner 
                shall--
                            ``(i) focus on the needs of the users of 
                        the information, which will include students, 
                        families of students, potential students, 
                        researchers, and other consumers of education 
                        data;
                            ``(ii) take into consideration, to the 
                        extent practicable, the guidelines described in 
                        paragraph (1)(C)(ii)(I), and relevant successor 
                        documents or recommendations of such 
                        guidelines;
                            ``(iii) use modern, relevant technology and 
                        enhance and update the postsecondary student 
                        data system with information, as necessary to 
                        carry out the purpose of this paragraph;
                            ``(iv) ensure data privacy and security in 
                        accordance with standards and guidelines 
                        developed by the National Institute of 
                        Standards and Technology, and in accordance 
                        with any other Federal law relating to privacy 
                        or security, including complying with the 
                        requirements of subchapter II of chapter 35 of 
                        title 44, United States Code, specifying 
                        security categorization under the Federal 
                        Information Processing Standards, and security 
                        requirements, and setting of National Institute 
                        of Standards and Technology security baseline 
                        controls at the appropriate level; and
                            ``(v) conduct consumer testing to determine 
                        how to make the information as meaningful to 
                        users as possible.
            ``(5) Permissible disclosures of data.--
                    ``(A) Data reports and queries.--
                            ``(i) In general.--The Commissioner shall 
                        develop and implement a secure process for 
                        making student-level, non-personally 
                        identifiable information, with direct 
                        identifiers removed, from the postsecondary 
                        student data system available for vetted 
                        research and evaluation purposes approved by 
                        the Commissioner in a manner compatible with 
                        practices for disclosing National Center for 
                        Education Statistics restricted-use survey data 
                        as in effect on the day before the date of 
                        enactment of the College Transparency Act, or 
                        by applying other research and disclosure 
                        restrictions to ensure data privacy and 
                        security. Such process shall be approved by the 
                        National Center for Education Statistics' 
                        Disclosure Review Board or its successor body.
                            ``(ii) Providing data reports and queries 
                        to institutions and states.--
                                    ``(I) In general.--The Commissioner 
                                shall provide feedback reports, at 
                                least annually, to each postsecondary 
                                institution, each postsecondary 
                                education system that fully 
                                participates in the postsecondary 
                                student data system, and each State 
                                higher education body as designated by 
                                the governor.
                                    ``(II) Feedback reports.--The 
                                feedback reports provided under this 
                                clause shall include program-level and 
                                institution-level information from the 
                                postsecondary student data system 
                                regarding students who are associated 
                                with the institution or, for State 
                                representatives, the institutions 
                                within that State, on or before the 
                                date of the report, on measures 
                                including student mobility and 
                                workforce outcomes, provided that the 
                                feedback aggregate summary reports 
                                protect the privacy of individuals.
                                    ``(III) Determination of content.--
                                The content of the feedback reports 
                                shall be determined by the Commissioner 
                                in consultation with the Advisory 
                                Committee.
                            ``(iii) Permitting state data queries.--The 
                        Commissioner shall, in consultation with the 
                        Advisory Committee and as soon as practicable, 
                        create a process through which States may 
                        submit lists of secondary school graduates 
                        within the State to receive summary aggregate 
                        outcomes for those students who enrolled at a 
                        postsecondary institution, including 
                        postsecondary enrollment and college 
                        completion, provided that those data protect 
                        the privacy of individuals and that the State 
                        data submitted to the Commissioner are not 
                        stored in the postsecondary education system.
                            ``(iv) Regulations.--The Commissioner shall 
                        promulgate regulations to ensure fair, secure, 
                        and equitable access to data reports and 
                        queries outlined in this paragraph.
                    ``(B) Disclosure limitations.--In carrying out the 
                public reporting and disclosure requirements of this 
                Act, the Commissioner shall use appropriate statistical 
                disclosure limitation techniques necessary to ensure 
                that the data released to the public cannot include 
                personally identifiable information or be used to 
                identify specific individuals.
                    ``(C) Sale of data prohibited.--Data collected 
                under this subsection, including the public-use data 
                set and data comprising the summary aggregate 
                information available under paragraph (4), shall not be 
                sold to any third party by the Commissioner, including 
                any postsecondary institution or any other entity.
                    ``(D) Limitation on use by other federal 
                agencies.--
                            ``(i) In general.--The Commissioner shall 
                        not allow any other Federal agency to use data 
                        collected under this subsection for any purpose 
                        except--
                                    ``(I) for vetted research and 
                                evaluation conducted by the other 
                                Federal agency, as described in 
                                subparagraph (A)(i); or
                                    ``(II) for a purpose explicitly 
                                authorized by this Act.
                            ``(ii) Prohibition on limitation of 
                        services.--The Secretary, or the head of any 
                        other Federal agency, shall not use data 
                        collected under this subsection to limit 
                        services to students.
                    ``(E) Law enforcement.--Personally identifiable 
                information collected under this subsection shall not 
                be used for any Federal, State, or local law 
                enforcement activity or any other activity that would 
                result in adverse action against any student or a 
                student's family, including debt collection activity or 
                enforcement of immigration laws.
                    ``(F) Limitation of use for federal rankings or 
                summative rating system.--The comprehensive data 
                collection and analysis necessary for the postsecondary 
                student data system under this subsection shall not be 
                used by the Secretary or any Federal entity to 
                establish any Federal ranking system of postsecondary 
                institutions or a system that results in a summative 
                Federal rating of postsecondary institutions.
                    ``(G) Rule of construction.--Nothing in this 
                paragraph shall be construed to prevent the use of 
                individual categories of aggregate information to be 
                used for accountability purposes, such as for the 
                calculation of the cohort default rate under section 
                435(m).
                    ``(H) Rule of construction regarding commercial use 
                of data.--Nothing in this paragraph shall be construed 
                to prohibit third-party entities from using publicly-
                available information in this data system for 
                commercial use.
            ``(6) Submission of data.--
                    ``(A) Required submission.--Each institution of 
                higher education participating in a program under title 
                IV, or the assigned agent of such institution, shall, 
                in accordance with section 487(a)(17), collect, and 
                submit to the Commissioner, the data requested by the 
                Commissioner to carry out this subsection.
                    ``(B) Voluntary submission.--Any postsecondary 
                institution not participating in a program under title 
                IV may voluntarily participate in the postsecondary 
                student data system under this subsection by collecting 
                and submitting data to the Commissioner, as the 
                Commissioner may request to carry out this subsection.
                    ``(C) Personally identifiable information.--In 
                accordance with paragraph (2)(C)(i), if the submission 
                of an element of student-level data is prohibited under 
                paragraph (2)(F) (or otherwise prohibited by law), the 
                institution of higher education shall submit that data 
                to the Commissioner in the aggregate.
            ``(7) Unlawful willful disclosure.--
                    ``(A) In general.--It shall be unlawful for any 
                person who obtains or has access to personally 
                identifiable information in connection with the 
                postsecondary student data system described in this 
                subsection to willfully disclose to any person (except 
                as authorized in this Act or any Federal law) such 
                personally identifiable information.
                    ``(B) Penalty.--Any person who violates 
                subparagraph (A) shall be subject to a penalty 
                described under section 513 of the Confidential 
                Information Protection and Statistical Efficiency Act 
                of 2002 (44 U.S.C. 3501 note) and section 183(d)(6) of 
                the Education Sciences Reform Act of 2002 (20 U.S.C. 
                9573(d)(6)).
                    ``(C) Employee of officer of the united states.--If 
                a violation of subparagraph (A) is committed by any 
                officer or employee of the United States, the officer 
                or employee shall be dismissed from office or 
                discharged from employment upon conviction for the 
                violation.
            ``(8) Data security.--The Commissioner shall produce and 
        update as needed guidance and regulations relating to privacy, 
        security, and access which shall govern the use and disclosure 
        of data collected in connection with the activities authorized 
        in this subsection. The guidance and regulations developed and 
        reviewed shall protect data from unauthorized access, use, and 
        disclosure, and shall include--
                    ``(A) an audit capability, including mandatory and 
                regularly conducted audits;
                    ``(B) access controls;
                    ``(C) requirements to ensure sufficient data 
                security, quality, validity, and reliability;
                    ``(D) student confidentiality protection in 
                accordance with the Confidential Information Protection 
                and Statistical Efficiency Act;
                    ``(E) appropriate and applicable privacy and 
                security protection, including data retention and 
                destruction protocols and data minimization, in 
                accordance with the most recent Federal standards 
                developed by the National Institute of Standards and 
                Technology; and
                    ``(F) protocols for managing a breach, including 
                breach notifications, in accordance with the standards 
                of National Center for Education Statistics.
            ``(9) Data collection.--The Commissioner shall ensure that 
        data collection, maintenance, and use under this subsection 
        complies with section 552a of title 5, United States Code.
            ``(10) Definitions.--In this subsection:
                    ``(A) Institution of higher education.--The term 
                `institution of higher education' has the meaning given 
                the term in section 102.
                    ``(B) Personally identifiable information.--The 
                term `personally identifiable information' has the 
                meaning given the term in section 444 of the General 
                Education Provisions Act (20 U.S.C. 1232g).
                    ``(C) Postsecondary institution.--The term 
                `postsecondary institution' includes an institution of 
                higher education.''.

SEC. 3. REPEAL OF PROHIBITION ON STUDENT DATA SYSTEM.

    Section 134 of the Higher Education Act of 1965 (20 U.S.C. 1015c) 
is repealed.

SEC. 4. INSTITUTIONAL REQUIREMENTS.

    Paragraph (17) of section 487(a) of the Higher Education Act of 
1965 (20 U.S.C. 1094(a)) is amended to read as follows:
            ``(17) The institution or the assigned agent of the 
        institution will collect and submit data to the Commissioner 
        for Education Statistics in accordance with section 132(l), the 
        nonstudent related surveys within the Integrated Postsecondary 
        Education Data System (IPEDS), or any other Federal 
        postsecondary institution data collection effort (as designated 
        by the Secretary), in a timely manner and to the satisfaction 
        of the Secretary.''.

SEC. 5. EFFECTIVE DATE; TRANSITION PROVISIONS.

    (a) Effective Date.--Sections 1, 2, and 4 of this Act, and the 
amendments made by such sections, shall take effect on the date that is 
4 years after the date of enactment of this Act.
    (b) In General.--The Secretary of Education and the Commissioner 
for Education Statistics shall take such steps as are necessary to 
ensure that the transition to, and implementation of, the postsecondary 
student data system required under section 132(l) of the Higher 
Education Act of 1965, as added by section 2 of this Act, happens in a 
manner that reduces the reporting burden for postsecondary institutions 
that reported into the Integrated Postsecondary Education Data System 
(IPEDS).
                                 <all>