Bill > SB378

This bill establishes comprehensive student data privacy and protection regulations for educational entities in Pennsylvania. The legislation creates a framework that requires the Department of Education to designate a chief data privacy officer responsible for developing and overseeing student data protection policies. Educational entities must adopt security measures to protect student records, designate a data manager, and submit annual reports on data security. The bill defines student data broadly, including personal information like names, contact details, academic records, and biometric identifiers, and sets strict guidelines for how this data can be collected, used, and shared. Key provisions include requiring written authorization for data disclosure, prohibiting targeted marketing, and ensuring students and parents can inspect and correct educational records. Third parties contracted by educational entities face significant restrictions on data use, including prohibitions on selling or exchanging student information. The bill also establishes penalties for data breaches, including potential civil and administrative fines up to $1,000,000 annually, and mandates prompt notification of data compromises to affected students and the chief data privacy officer. The legislation aims to protect student privacy while maintaining the ability of educational institutions to effectively operate and serve students.

Education

https://www.legis.state.pa.us/cfdocs/billinfo/bill_history.cfm?syear=2025&sind=0&body=S&type=B&bn=378