senate Bill S2357B

Amended

Relates to notification of parents when student directory personal contact information is released to third parties; provides an opportunity to opt-out

download pdf

Sponsor

Co-Sponsors

Bill Status


  • Introduced
  • In Committee
  • On Floor Calendar
    • Passed Senate
    • Passed Assembly
  • Delivered to Governor
  • Signed/Vetoed by Governor
view actions

actions

  • 19 / Jan / 2011
    • REFERRED TO EDUCATION
  • 04 / May / 2011
    • AMEND (T) AND RECOMMIT TO EDUCATION
  • 04 / May / 2011
    • PRINT NUMBER 2357A
  • 06 / Jun / 2011
    • AMEND (T) AND RECOMMIT TO EDUCATION
  • 06 / Jun / 2011
    • PRINT NUMBER 2357B
  • 16 / Jun / 2011
    • COMMITTEE DISCHARGED AND COMMITTED TO RULES
  • 16 / Jun / 2011
    • ORDERED TO THIRD READING CAL.1337
  • 17 / Jun / 2011
    • PASSED SENATE
  • 17 / Jun / 2011
    • DELIVERED TO ASSEMBLY
  • 17 / Jun / 2011
    • REFERRED TO EDUCATION
  • 04 / Jan / 2012
    • DIED IN ASSEMBLY
  • 04 / Jan / 2012
    • RETURNED TO SENATE
  • 04 / Jan / 2012
    • REFERRED TO EDUCATION
  • 11 / Jan / 2012
    • AMEND AND RECOMMIT TO EDUCATION
  • 11 / Jan / 2012
    • PRINT NUMBER 2357C
  • 05 / Jun / 2012
    • 1ST REPORT CAL.1030
  • 06 / Jun / 2012
    • 2ND REPORT CAL.
  • 11 / Jun / 2012
    • ADVANCED TO THIRD READING
  • 21 / Jun / 2012
    • COMMITTED TO RULES

Summary

Requires notification of parents when student directory personally identifiable information is released to third parties; provides an opportunity to opt out.

do you support this bill?

Bill Details

See Assembly Version of this Bill:
A8474
Versions:
S2357
S2357A
S2357B
S2357C
Legislative Cycle:
2011-2012
Current Committee:
Senate Rules
Law Section:
Education Law
Laws Affected:
Add ยง3212-b, Ed L

Sponsor Memo

BILL NUMBER:S2357B

TITLE OF BILL:
An act
to amend the education law, in relation to the release of personally
identifiable student information by school districts

PURPOSE:
To enhance privacy protections to students' personally identifiable
student information contained in student education records maintained
by schools and school districts and place additional restrictions on
the release of personally identifiable student information.

SUMMARY OF PROVISIONS:
The Education Law is amended by adding a new section 3212-b to
describe the lawful and unlawful dissemination of disclosable
directory information and personally identifiable student
information. This new section defines, under this act, student;
school; disc10sable directory information (DDI); and personally
identifiable student information (PISI).

Subsection 2 stipulates the legal dissemination of disclosable
directory information and the provisions for the parents or student
in attendance from opting-out of the dissemination of such
information, and the prohibition of the dissemination of personally
identifiable student information, unless the school receives the
affirmative consent to do so from the parent or student in attendance.

Disclosable Directory Information (DDI). The dissemination of a
student's educational record within the school district is not
restricted, and will comport with existing laws and regulations
within said school district. A school district may disseminate
students' directory information to the parent or student in
attendance, and any educational agency, organization, or institution;
and a school district may disseminate students' directory information
to a school club, newspaper, yearbook, honor roll, and the like,
unless the parent or student in attendance prohibits the school
district from doing so.

Personally Identifiable Student Information (PISI). A school district
may only distribute this information with the affirmative consent of
the parent or student in attendance. If a parent or student grants
the affirmative consent, the school may disseminate PISI to: another
parent or student in attendance at the school; to non-profit that
seeks the information for a specific purpose deemed to be beneficial
for the student, and that has not violated the disclosure procedures
stipulated in this section. If the third party violates the wishes of
the custodial parent or student over the age of 18, it is prohibited
from receiving this information for a period of five years.

Furthermore, even with the affirmative consent of the parent or student
in attendance, the school is prohibited from disseminating students'
PISI to a third party for profit-making purposes, such as for
marketing products or services, and selling the information for
commercial purposes.


Subsection 3 outlines the procedures for school districts notification
of parents or students of their rights under this bill. To achieve
active parental consent, within the first week of each new school
year, the school district must issue a public notice, include in the
student handbook, and send home with the student, information
stipulating the disclosure procedures for the DDI and PISI. The
disclosure information shall consist of the definition of disclosable
directory information and personally identifiable student information
as defined in this act; the procedures for obtaining affirmative
consent for prohibiting the school district from disseminating the
student's DDI to a third party for non-profit purposes; the
procedures for obtaining affirmative consent for authorizing the
school district to disseminate the student's PISI to a third party
for non-profit purposes.

If the school district does not receive a response from the parent or
student 30 days of the dissemination of the disclosure information
notice, the school district will operate under the premise that: (i)
The parent or student did not opt-out, thus allowing the school
district to disseminate the DDI to a third party for non-profit
purposes; and (ii) the parent or student did not opt-in, thus
prohibiting the school district from disseminating the PISI to a
third party for nonprofit purposes

Subsection 4 states that the new law shall not limit an employee of
the board of education, state, court, of federal government from
public school records purely for administrative purposes.
Subsection 5 provides for exemptions with regard to military
recruitment, in order to comply with federal law.

Section 2 of the bill sets the effective date.

EXISTING LAW:
Currently, under the federal Family Education Rights Privacy Act,
known as FERPA, schools are required to notify parents at the
beginning of the school year of their right to "opt out" of school
disclosure of a student's personally identifiable information. This
information, which is maintained by the school, is defined under
FERPA as "information ... that would not generally be considered
harmful or an invasion of privacy if disclosed." Students' personally
identifiable information may be requested by and disclosed to
for-profit organizations related to school activities, such as school
ring companies or athletic team apparel and equipment. However,
under FERPA, there are no restrictions on who may request or receive
this information from a school. The U.S. military and institutions of
higher learning have access to student directory information without
parental or student consent. A school also can release a student's
personally identifiable information to another school, the New York
State Education Department, or law enforcement agencies as necessary
without alerting parents and/or students.

A school must annually notify students of their rights under FERPA.
The annual notification must include information regarding a
student's right to inspect and review his or her education records,
the right to seek to amend the records, and the right to consent to
disclosure of personally identifiable information from the records.
However, FERPA does not require the school to notify students of


these rights on an individual basis, so the school may meet FERPA
requirements by posting this information on its website, school
calendar, or student handbook, for example. Also, under FERPA,
non-consensual disclosure of Directory Information may be released to
school-related organizations and businesses. There are no provisions
governing the re-selling of this information in secondary markets,
including to marketers or other nonacademic-related companies, for
example. Nor are there civil penalties to parties that misuse
personal and identifiable information about students. Therefore, once
a student's personally identifiable information is disclosed, it is
difficult to control how and where it is disseminated.
This may result in student's personally identifiable information being
used in direct marketing campaigns and targeted advertising. The
information, once released, also has the potential to compromise
student safety and security if used by the wrong parties.

JUSTIFICATION:
New York has the opportunity to enhance and strengthen privacy
protections for its students, which is especially critical as
personally identifiable information will be digitized and shared
electronically to audit and evaluate state and local education
programs and to support the Statewide Longitudinal Data Systems. This
makes data security and student safety of paramount concern and the
State has an interest to ensure the disclosure of students'
personally identifiable information meets the standards of the Fair
Information Practice Principles, as outlined by the Federal Trade
Commission: notice/awareness, choice/consent, access/participation,
integrity/security, and enforcement/redress.

While FERPA protects student information privacy it does not go far
enough, nor does it adequately address the privacy issues of the
electronic age and the capacity of marketers and other commercial
enterprises to capture, use, and re-sell student information. Even
with privacy controls in place, it is also far too easy for
individuals to get a hold of student information and use it for
illegal purposes', including identity theft, child abduction in
custody battles, and domestic violence.

Therefore, this proposed legislation will enhance the protection to
New York students and their families by stipulating that a student's
personally identifiable information will only be disclosed to a third
party for non-profit purposes with the consent from the parent or
student, if the student is over age 18. Further, directory
information, which can be disclosed under current law, may be
restricted at the request of a parent or student over the age of 18.
Lastly, this bill further enhances privacy by completely prohibiting
the disclosure of directory information or personally
identifiable information to a third party for profit-making purposes.

This legislation will give parents and students greater control over
disclosure of personally identifiable information to third parties.
It will protect students from their personal information being used
by marketers who re-sell their information in secondary markets. The
sophisticated electronic systems used to identify and breach the
privacy of individuals should not have access to the personally
identifiable information of vulnerable students. This added


protection to New York students would protect them from opportunistic
marketers and from identity theft.

Schools have been found to have varying degrees of conformance with
the basic FERPA privacy requirements. Schools must become more
proactive in providing parents with adequate notice of their rights
to keep students' information private and handling the information as
sensitive data.
New York has the opportunity to become a national leader in helping
schools to protect students from violations of their privacy by
affording them added protections and the option not to disclose
locator information.

Recent proposed amendments to FERPA underscore this need, as students'
personally identifiable information and data will be mined for the
Statewide Longitudinal Data Systems, audit and evaluation of
education programs, and research projects. Student data will be
shared across government agency systems and with researchers,
increasing the risk of data breaches and privacy violations. The
proposed New York legislation would further restrict the release of
personally identifiable information so that there will be fewer
opportunities for data security to be compromised and do harm to an
individual or group of students.

Students need and deserve this extra protection. In the digital age,
the line between a computer-based school directory and the online
world is rapidly disappearing. Computer security breaches are
rampant, exposing supposedly private and proprietary information to
online databases. New York should not wait for a major breach of
student information with serious consequences before acting.
Currently, the online collection of personal information from
children under age 13 is protected under the Federal Trade
Commission's Children's Online Privacy Protection Act (COPPA). COPPA
outlines requirements of a website operator's privacy policy, when
and how to seek verifiable consent from parents, privacy protections
for children, and restrictions on marketing to children. Students
deserve no less than the same kind of robust privacy protections for
their personal information maintained by their schools.

This legislation would create additional and needed privacy
protections for students while not imposing any mandates or requiring
additional spending by New York schools. The legislation will remind
schools of their very serious obligation to protect student privacy,
the risks of disclosing student information to commercial
enterprises, and the challenges of collecting and disseminating
personal data in the digital age. Schools are stewards of students'
personally identifiable information and as such must adhere to the
highest standards of practice in protecting privacy and
confidentiality. This legislation will provide those standards and
serve as a model for other states seeking to protect the privacy,
safety, and security of its students.

LEGISLATIVE HISTORY:
S.7414-A/A.10795-A of 2009-2010

FISCAL IMPLICATIONS:
None.


EFFECTIVE DATE:
Shall take effect on July 1, 2011 and shall apply to school years
beginning with the 2011-12 school year.

view bill text
                    S T A T E   O F   N E W   Y O R K
________________________________________________________________________

                                 2357--B

                       2011-2012 Regular Sessions

                            I N  S E N A T E

                            January 19, 2011
                               ___________

Introduced  by  Sen.  OPPENHEIMER -- read twice and ordered printed, and
  when printed to be committed to the Committee on Education --  commit-
  tee  discharged, bill amended, ordered reprinted as amended and recom-
  mitted to  said  committee  --  committee  discharged,  bill  amended,
  ordered reprinted as amended and recommitted to said committee

AN  ACT  to  amend  the  education  law,  in  relation to the release of
  personally identifiable student information by school districts

  THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section 1. The education law is amended by adding a new section 3212-b
to read as follows:
  S  3212-B.  RELEASE  OF  PERSONALLY IDENTIFIABLE INFORMATION BY SCHOOL
DISTRICTS.  1. FOR THE PURPOSES OF  THIS  SECTION  THE  FOLLOWING  TERMS
SHALL HAVE THE FOLLOWING MEANINGS:
  (A)  "STUDENT"  SHALL MEAN AND INCLUDE ANY PERSON WITH RESPECT TO WHOM
AN EDUCATIONAL AGENCY OR  INSTITUTION  MAINTAINS  EDUCATION  RECORDS  OR
PERSONALLY  IDENTIFIABLE  INFORMATION, BUT DOES NOT INCLUDE A PERSON WHO
HAS NOT BEEN IN ATTENDANCE AT SUCH AGENCY OR INSTITUTION.
  (B) THE TERM "SCHOOL" MEANS ANY PUBLIC  SCHOOL;  IN  ANY  CITY,  UNION
FREE,  COMMON  OR  CENTRAL  SCHOOL  DISTRICT,  ANY  NON-PUBLIC SCHOOL OF
SECONDARY EDUCATION; AND ANY SCHOOL OF HIGHER EDUCATION.
  (C) DISCLOSABLE DIRECTORY INFORMATION (DDI) HEREAFTER REFERRED  TO  IN
THIS  SECTION  AS  "DIRECTORY  INFORMATION",  MEANS  WITH  RESPECT  TO A
STUDENT, THE STUDENT'S NAME; PHOTOGRAPH;  AGE;  MAJOR  FIELD  OF  STUDY;
GRADE   LEVEL;  ENROLLMENT  STATUS  (E.G.,  UNDERGRADUATE  OR  GRADUATE,
FULL-TIME OR PART-TIME); DATES OF ATTENDANCE; PARTICIPATION IN OFFICIAL-
LY RECOGNIZED ACTIVITIES AND SPORTS; WEIGHT AND  HEIGHT  OF  MEMBERS  OF
ATHLETIC TEAMS; DEGREES, HONORS AND AWARDS RECEIVED; AND THE MOST RECENT
EDUCATIONAL AGENCY OR INSTITUTION ATTENDED.

 EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                      [ ] is old law to be omitted.
                                                           LBD07381-08-1

S. 2357--B                          2

  (D) "PERSONALLY IDENTIFIABLE STUDENT INFORMATION (PISI)" SHALL INCLUDE
DISCLOSABLE  DIRECTORY INFORMATION, AND A STUDENT'S OR PARENT'S ADDRESS,
TELEPHONE NUMBER, AND E-MAIL ADDRESS.
  2.  (A)  A  SCHOOL  MAY DISCLOSE DIRECTORY INFORMATION ABOUT A STUDENT
ONLY:
  (I) IF THE DISCLOSURE DOES NOT  INCLUDE  ANY  INFORMATION  OTHER  THAN
DISCLOSABLE DIRECTORY INFORMATION AS DEFINED IN THIS SECTION;
  (II)  AFTER  GIVING  THE  PARENT  OF  THE STUDENT IN ATTENDANCE OR THE
ELIGIBLE STUDENT IN ATTENDANCE AT THE SCHOOL NOTICE AND  AN  OPPORTUNITY
TO  OPT-OUT  OF  THE  DISCLOSURE IN ACCORDANCE WITH SUBDIVISION THREE OF
THIS SECTION; AND
  (III) IF THE DISCLOSURE IS TO A  SCHOOL  NEWSPAPER,  LOCAL  NEWSPAPER,
SCHOOL CLUB OR ORGANIZATION, SCHOOL YEARBOOK, HONOR ROLL OR OTHER RECOG-
NITION  LIST,  GRADUATION  PROGRAM,  SPORTS  RELATED  PUBLICATION  WHICH
PROVIDES SPECIFIC INFORMATION ABOUT PARTICULAR STUDENTS FOR THE PURPOSES
OF A SPECIFIC SPORTS ACTIVITY OR FUNCTION, OR PARENT AND TEACHER  ORGAN-
IZATION.
  (B)  A SCHOOL MAY DISCLOSE PERSONALLY IDENTIFIABLE STUDENT INFORMATION
ONLY WITH THE AFFIRMATIVE CONSENT  OF  THE  PARENT  OF  THE  STUDENT  IN
ATTENDANCE  OR THE ELIGIBLE STUDENT IN ATTENDANCE IN ACCORDANCE WITH THE
PROCEDURE PROVIDED IN SUBDIVISION THREE OF THIS SECTION IF:
  (I) THE DISCLOSURE IS TO THE PARENT OF ANY STUDENT  IN  ATTENDANCE  OR
ANY ELIGIBLE STUDENT IN ATTENDANCE AT THE SCHOOL; OR
  (II)  THE  DISCLOSURE  IS TO A NON-PROFIT ORGANIZATION THAT: (A) SEEKS
THE INFORMATION FOR A SPECIFIC PURPOSE DETERMINED BY THE  SCHOOL  TO  BE
BENEFICIAL TO THE STUDENT; (B) STATES IN WRITING THAT IT HAS NOT USED OR
DISCLOSED PERSONALLY IDENTIFIABLE STUDENT INFORMATION FROM ANY SCHOOL IN
A  MANNER INCONSISTENT WITH THE TERMS OF DISCLOSURE WITHIN THE PAST FIVE
YEARS; AND (C) AGREES IN WRITING TO USE THE INFORMATION  ONLY  FOR  THAT
PURPOSE  AND  TO  RETURN OR DESTROY THE INFORMATION WHEN THE PURPOSE HAS
BEEN FULFILLED OR WITHIN ONE YEAR AFTER RECEIPT, WHICHEVER COMES  FIRST;
AND
  (III)  THE SCHOOL HAS NO REASON TO BELIEVE THAT THE RECIPIENT HAS USED
OR DISCLOSED PERSONALLY IDENTIFIABLE STUDENT INFORMATION FROM ANY SCHOOL
IN A MANNER INCONSISTENT WITH THE TERMS OF  THE  DISCLOSURE  WITHIN  THE
PAST FIVE YEARS.
  (C)  UNLESS  OTHERWISE ALLOWED BY LAW, A SCHOOL MAY NOT, EVEN WITH THE
AFFIRMATIVE CONSENT OF THE PARENT OF THE STUDENT IN  ATTENDANCE  OR  THE
ELIGIBLE STUDENT IN ATTENDANCE, DISCLOSE PERSONALLY IDENTIFIABLE STUDENT
INFORMATION  FOR  A  COMMERCIAL,  FOR-PROFIT  ACTIVITY INCLUDING BUT NOT
LIMITED TO USE FOR:
  (I) MARKETING PRODUCTS OR SERVICES;
  (II) SELLING PERSONALLY IDENTIFIABLE STUDENT INFORMATION  FOR  USE  IN
MARKETING PRODUCTS OR SERVICES;
  (III) CREATING OR CORRECTING AN INDIVIDUAL OR HOUSEHOLD PROFILE;
  (IV) COMPILATION OF A STUDENT LIST;
  (V) SALE OF THE INFORMATION FOR ANY COMMERCIAL PURPOSE; OR
  (VI)  ANY  OTHER  PURPOSE  CONSIDERED  BY THE SCHOOL AS LIKELY TO BE A
COMMERCIAL, FOR-PROFIT ACTIVITY.
  (D) IN MAKING AN ALLOWABLE DISCLOSURE UNDER THIS SUBDIVISION, A SCHOOL
MAY ONLY DISCLOSE THE MINIMUM AMOUNT OF INFORMATION NECESSARY TO  ACCOM-
PLISH THE PURPOSE OF THE DISCLOSURE.
  3.  WITHIN  THE  FIRST  WEEK OF EACH SCHOOL YEAR, EACH SCHOOL DISTRICT
SHALL ISSUE A PUBLIC NOTICE, INCLUDE IN THE STUDENT HANDBOOK,  AND  SEND
HOME  WITH  EVERY STUDENT, INFORMATION STIPULATING THE DISCLOSURE PROCE-

S. 2357--B                          3

DURES FOR DISCLOSABLE DIRECTORY INFORMATION AND PERSONALLY  IDENTIFIABLE
STUDENT INFORMATION.
  (A)  THE  DISCLOSURE  INFORMATION  SHALL  CONSIST OF THE DEFINITION OF
DISCLOSABLE DIRECTORY INFORMATION AND  PERSONALLY  IDENTIFIABLE  STUDENT
INFORMATION AS SET FORTH IN THIS SECTION; AND SHALL ALSO INCLUDE:
  (I)  THE PROCEDURE FOR PROHIBITING THE SCHOOL FROM DISSEMINATING DISC-
LOSABLE DIRECTORY INFORMATION UNDER PARAGRAPH (A) OF SUBDIVISION TWO  OF
THIS  SECTION  AND  A  DESCRIPTION OF ANY DIRECTORY INFORMATION THAT THE
SCHOOL PROPOSES TO DISCLOSE DURING THE SCHOOL YEAR; AND
  (II) THE PROCEDURE FOR AUTHORIZING THE SCHOOL TO  DISCLOSE  PERSONALLY
IDENTIFIABLE  STUDENT INFORMATION UNDER PARAGRAPH (B) OF SUBDIVISION TWO
OF THIS SECTION AND A DESCRIPTION OF ANY PERSONALLY IDENTIFIABLE STUDENT
INFORMATION THAT THE SCHOOL PROPOSES TO DISCLOSE DURING THE SCHOOL YEAR.
  (B) (I) IF THE SCHOOL DOES NOT RECEIVE NOTICE FROM  THE  PARENT  OF  A
STUDENT  IN  ATTENDANCE  OR  THE  ELIGIBLE  STUDENT IN ATTENDANCE AT THE
SCHOOL PROHIBITING THE DISCLOSURE OF DIRECTORY INFORMATION WITHIN THIRTY
DAYS OF THE DISSEMINATION OF THE INFORMATION REQUIRED TO BE PROVIDED  IN
PARAGRAPH  (A) OF THIS SUBDIVISION, THE SCHOOL MAY DISSEMINATE DISCLOSA-
BLE DIRECTORY INFORMATION RELATING TO THE STUDENT PURSUANT TO  PARAGRAPH
(A) OF SUBDIVISION TWO OF THIS SECTION.
  (II)  IF  THE SCHOOL DOES RECEIVE CONSENT FROM THE PARENT OF A STUDENT
IN ATTENDANCE OR THE ELIGIBLE STUDENT IN ATTENDANCE  AT  THE  SCHOOL  TO
DISCLOSE PERSONALLY IDENTIFIABLE STUDENT INFORMATION UNDER PARAGRAPH (B)
OF   SUBDIVISION  TWO  OF  THIS  SECTION,  THE  SCHOOL  MAY  DISSEMINATE
PERSONALLY  IDENTIFIABLE  STUDENT  INFORMATION  AS  SET  FORTH  IN  THIS
SECTION.
  4.  NOTHING  IN  THIS  SECTION  SHALL  LIMIT THE ADMINISTRATIVE USE OF
PUBLIC SCHOOL RECORDS BY A PERSON ACTING  EXCLUSIVELY  IN  THE  PERSON'S
CAPACITY  AS  AN EMPLOYEE OF A BOARD OF EDUCATION OR OF THE STATE OR ANY
OF ITS POLITICAL SUBDIVISIONS, ANY COURT, OR THE FEDERAL GOVERNMENT.
  5. THE PROVISIONS OF THIS SECTION SHALL NOT APPLY TO  THE  RELEASE  OF
PERSONALLY  IDENTIFIABLE  STUDENT  INFORMATION  TO  THE  DEPARTMENT, THE
UNITED STATES MILITARY, OR ANY  INSTITUTION  OF  HIGHER  EDUCATION,  ANY
POLITICAL SUBDIVISION OR FEDERAL AGENCY THAT DEMONSTRATES AN APPROPRIATE
NEED  FOR  THE  INFORMATION  OR  A SCHOOL DISTRICT OR SCHOOL THAT DEMON-
STRATES AN APPROPRIATE NEED FOR THE INFORMATION.
  S 2. This act shall take effect July 1, 2011 and shall apply to school
years beginning with the 2011-2012 academic year.

Comments

Open Legislation comments facilitate discussion of New York State legislation. All comments are subject to moderation. Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity or hate speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Comment moderation is generally performed Monday through Friday.

By contributing or voting you agree to the Terms of Participation and verify you are over 13.