date icon August 27, 2015 category icon Letters Press Releases

Letter to House Ed & Workforce Committee Urging Changes to FERPA Update

Beckerman: “Any effort to enshrine a strong national standard for data security must clearly outline the rules of the road for Internet companies and their users.”


Washington, D.C. – Today, the Internet Association sent a letter to the leadership of the House Committee on Education and the Workforce and sponsors of the Student Privacy Protection Act of 2015 (H.R. 3157). The letter calls for revisions to controversial provisions in the Student Privacy Protection Act 2015 (H.R. 3157). The revisions are necessary to safeguard the user data and privacy of students and their families, while creating a strong national standard that the industry can work with.

As it stands, H.R 3157 creates a contradictory labyrinth of data security legal frameworks that Internet companies and their employees must circumnavigate. Since H.R. 3157 does not preempt state data breach statutes, industry must monitor over 40 different sets of state laws in addition to its provisions. The letter also outlines how the bill would “impose vague security requirements, including notice requirements triggered by a ‘breach of the security practices,’ which theoretically could include common employee errors such as failing to properly sign-in a visitor or failing to logout of a computer when going to get coffee for 5 minutes.”

“Any effort to enshrine a strong national standard for data security must clearly outline the rules of the road for Internet companies and their users,” said Michael Beckerman, President and CEO of the Internet Association. “As the bill is currently drafted, companies may find themselves having to send multiple notices to the same consumers. These provisions will result in over-notifying consumers and unnecessary compliance burdens.”

Beyond its impact on consumers, the letter also highlights the impact that H.R. 3157 would have on ed-tech providers. The bill refers to “commonly accepted industry standards on privacy protections,” with no reference to the standards. As the letter explains, “In reality, these standards vary significantly according to the sensitivity of the personal information involved.”

“Earlier this year, the Internet Association gave constructive (but not unequivocal) support to the Data Security and Breach Notification Act of 2015 since it preempted all state data breach statutes, contained a narrowly crafted harm trigger, and did not create rulemaking authority. It sought to create a true national standard to protect consumers while recognizing legitimate industry concerns about the cost of compliance with its provisions. As currently drafted, H.R. 3157 has yet to achieve these goals,” Beckerman concluded.

To read the full letter, click here.


Latest News

Washington, DC – IA President & CEO Michael Beckerman released the following statement on the joint Energy and Commerce Subcommittee on Communications and Technology and the Subcommittee on Consumer Protection and Commerce of the Committee hearing entitled “Fostering A Healthier Internet To Protect Consumers”: “Section 230 enables the best of the internet. It allows internet… Read more

Stay Updated