Congress' proposed FERPA amendments restrict use of student data for "marketing," while leaving public-records access problems unaddressed

This may be the year Congress amends the Family EducationalRights and Privacy Act, with proposed legislation looking to bring FERPA intothe age of cyber-hacking and targeted advertising. But, at first glance, theproposals seem to mean little change — good or bad — for student journalistsand other public-records seekers.

Four bills — two in the House and two in the Senate — have been filed so far seeking to add greater protection for student data. All four bills would prevent schools and their partner technology companies from selling or using student data for marketing purposes. The bills would also require those entities handling the data to create minimum security measures. Two of the proposals (H.R. 3157 and S. 1322) would accomplish those goals by amending FERPA, while the other two (H.R. 2092 and S. 1788) would do so separately, without affecting the existing student privacy law.


One important question for student media outlets is whether their agreements with outside vendors, such as yearbook companies or photographers, will be affected by the proposed bans on marketing to students. All of the proposals prohibit schools from using or sharing students’ personal information for advertising purposes. That would conceivably apply to scenarios as simple as providing email addresses to the yearbook vendor so that the company could send out information about yearbook purchases.

The proposal most friendly to student media, H.R. 3157, provides an exception for “official school pictures, class rings, yearbooks, or other traditional school-sanctioned commemorative products, events, or activities.” That exemption would cover a lot of student media needs — but what is “traditional” in one school may not be “traditional” in another.

H.R. 2092 and S. 1788, which are essentially identical companion bills, make an exception for “contextually relevant” advertising online or on mobile applications, as long as the operator does not store information about the student’s online behavior. The bills are sponsored in the House by Rep. Jared Polis, D-Colo., and Rep. Luke Messer, R-Ind., and in the Senate by  Sens. Richard Blumenthal, D-Conn., and Steve Daines, R-Mont.

S. 1322 includes no exceptions to its advertising ban. The bill would prevent schools from using or providing entities access to students’ personal information “to advertise or market a product or service.”


Noticeably absent from the proposed FERPA changes is any attempt to clarify what records are actually covered. Open government advocates have repeatedly criticized FERPA’s definition of “education record” as so broad that it’s practically inviting abuse by schools. Indeed, schools have regularly hidden behind the law to deny access to records related to scandals, crime and other issues they wish to hide from the public.

H.R. 3157 would make the most changes to FERPA, but it does nothing to address the concerns about abuse. Its only major change to the definition of “education record” would be an expansion to include records maintained for the school by private companies, such as technology vendors. H.R. 3157 was introduced in July by Rep. Todd Rokita, R-Ind., and Rep. Marcia Fudge, D-Ohio, bipartisan leaders in the House Subcommittee on Early Childhood, Elementary and Secondary Education.

S. 1322 likewise would make few changes to FERPA, except to add new sections concerning information security and targeted advertising. The definition of “education record” would be unchanged. S. 1322 is sponsored by Sens. Orrin Hatch, R-Utah, and Edward Markey, D-Mass.


The biggest differences in the proposals come down to how they would be enforced.

H.R. 3157 would give the Department of Education the added enforcement powers of imposing fines of $100 to $1.5 million for violating FERPA. Currently, the only statutory penalty for a FERPA violation is total disqualification from eligibility for federal money, which under Department rules can only be imposed if the Department determines that the school won’t voluntarily remedy its violations in the future. The Department has never imposed a financial penalty on anyone for a FERPA violation.

H.R. 2092 and S. 1788 would be enforced by the Federal Trade Commission, with the cooperation of the Department of Education. Supporters have implied that they avoided adding these measures to FERPA because of the Department of Education’s track record (or lack thereof) of enforcement.

Because these proposals creates a new law, instead of altering FERPA, the enforcement powers would apply only to violations of the ban on marketing or the required security procedures, which can be enforced by the FTC.

S. 1322 does not address enforcement, leaving the Department of Education’s existing enforcement regime unchanged.


All four bills have bipartisan sponsorship, suggesting it isn’t just one political party wanting to add protections for student data. Blumenthal, one the prime sponsors of S. 1788, told The Hill that he hopes lawmakers will be able to combine their efforts into a single bill, which could pass this fall.

With many in Congress eager to make these changes to FERPA, it may be the best opportunity to fix the other broken parts of the law. It would be a shame if Congress did major surgery on FERPA without addressing the statute’s well-documented history of misapplication to obstruct citizens’ access to non-confidential public records.

For more information about how FERPA affects access to records from colleges and schools, consult the SPLC’s FERPA White Paper, or submit your own FERPA records roadblock to be fact-checked by the award-winning “FERPA Fact” blog.