The wheels have begun turning for an update to the Family Education Rights and Privacy Act and schools may foot the bill.
In a February hearing, the U.S. House of Representatives discussed the exploitation of student information by educational technologies, and the idea that third parties have abused student information for data mining and marketing purposes has gained traction in other areas of the government as well. The president is backing a federal student privacy bill, being drafted by Representatives Jared Polis and Luke Messer, which would further protect student information, according to a press release from Lockpath, Inc.
The Family Education Rights and Privacy Act, also known as FERPA, protects the privacy of students’ educational records. But the act has not been updated to account for computer technology since it was passed in 1974.
If FERPA updates are passed, they will likely include specific restrictions on what data organizations can collect and how it can be used. This would probably force schools to spend more time and money ensuring third party’s access to information is vetted and compliant with any new regulations. Schools may be forced to spend time updating security and training personnel on data breach policies and procedures. Failure to comply with any new regulations could also result in fines.
Fordham University Law Professor Joel Reidenberg urged lawmakers to include certain provisions in any FERPA update. These provisions included expanding the legal definition of “educational record” to include data generated by software, apps, online learning platforms and more; applying FERPA to vendors in addition to schools; enforcing a graduated series of penalties for FERPA violations; and setting specific requirements on data security and data breach notification.