BILL ANALYSIS ��
-----------------------------------------------------------------
|SENATE RULES COMMITTEE | SB 1177|
|Office of Senate Floor Analyses | |
|1020 N Street, Suite 524 | |
|(916) 651-1520 Fax: (916) | |
|327-4478 | |
-----------------------------------------------------------------
CONSENT
Bill No: SB 1177
Author: Steinberg (D)
Amended: 4/21/14
Vote: 21
SENATE EDUCATION COMMITTEE : 9-0, 3/26/14
AYES: Liu, Wyland, Block, Correa, Galgiani, Hancock, Hueso,
Huff, Monning
SENATE JUDICIARY COMMITTEE : 7-0, 4/29/14
AYES: Jackson, Anderson, Corbett, Lara, Leno, Monning, Vidak
SUBJECT : Student Online Personal Information Protection Act
SOURCE : Author
DIGEST : This bill prohibits K-12 online educational sites,
services, and applications from compiling, sharing, or
disclosing student personal information and from facilitating,
marketing, or advertising to K-12 students, as specified. This
bill also requires an operator of an Internet Web site, online
service, online application, or mobile application with actual
knowledge that the site, service, or application is used for
K-12 school purposes and was designed and marketed for K-12
school purposes to ensure that encryption processes are used,
and to delete a student's personal information under specified
circumstances.
ANALYSIS : Existing law provides that, among other rights, all
people have an inalienable right to pursue and obtain privacy.
CONTINUED
�
SB 1177
Page
2
Existing law also allows a person to bring an action in tort for
an invasion of privacy and provides that in order to state a
claim for violation of the constitutional right to privacy, the
following three elements must be established:
1.Legally protected privacy interest.
2.Reasonable expectation of privacy in the circumstances.
3.Conduct by the defendant that constitutes a serious invasion
of privacy.
Existing law provides that there is no reasonable expectation of
privacy in information posted on an Internet Web site.
Additionally, federal law requires an operator on an Internet
Web site or online service that has actual knowledge that it is
collecting personal information from a child to provide notice
of what information is being collected and how that information
is being used, and to give the parents of the child the
opportunity to refuse to permit the operator's further
collection of information from the child.
Existing law requires an operator of a commercial Web site or
online service that collects personally identifiable information
through the Internet about individual consumers residing in
California who use or visit its Web site to conspicuously post
its privacy policy.
Existing federal law makes it unlawful for an operator of a Web
site or online service directed to children under the age of 13
to collect personal information from a child, including a
child's first and last name, home or other physical address
including street name and name of a city or town, e-mail
address, telephone number, or Social Security number.
The Family Educational Rights and Privacy Act (Act) protects the
privacy of student education records. It applies to all schools
that receive funds under an applicable program of the U.S.
Department of Education. Generally, schools must have written
permission from the parent or eligible student in order to
release any information from a student's education record.
However, the Act allows schools to disclose those records,
without consent, to the following parties or under the following
conditions:
CONTINUED
�
SB 1177
Page
3
1.School officials with legitimate educational interest.
2.Other schools to which a student is transferring.
3.Specified officials for audit or evaluation purposes.
4.Appropriate parties in connection with financial aid to a
student.
5.Organizations conducting certain studies for or on behalf of
the school.
6.Accrediting organizations.
7.To comply with a judicial order or lawfully issued subpoena.
8.Appropriate officials in cases of health and safety
emergencies.
9.State and local authorities, within a juvenile justice system,
pursuant to specific State law.
Schools may disclose, without consent, "directory" information
such as a student's name, address, telephone number, and date
and place of birth. However, schools must tell parents and
eligible students about directory information and allow them a
reasonable amount of time to request that the school not
disclose such information. Schools must also notify parents and
eligible students annually of their rights under Act.
This bill:
1. Requires an operator of an Internet Web site, online
service, online application, or mobile application used for
and designed and marketed for K-12 school purposes to comply
with all of the following:
A. It shall not use, share, disclose, or compile personal
information about a K-12 student for any purpose other than
the K-12 school purpose and for maintaining the integrity
of the site, service, or application.
B. It shall not use, share, disclose, or compile a
student's personal information for any commercial purpose,
including, but not limited to, advertising or profiling.
C. It shall not allow, facilitate, or aid in the marketing
or advertising of a product or service to a K-12 student on
the site, service, or application.
D. It shall take reasonable steps to protect the personal
information data at rest and in motion in a manner that
CONTINUED
�
SB 1177
Page
4
meets or exceeds reasonable and appropriate commercial best
practices. An operator shall be deemed to be in compliance
with this paragraph if the operator ensures valid
encryption processes for data at rest and for data in
motion, as specified.
1. Requires an operator to delete a student's personal
information if any of the following occurs:
A. The site, service, or application has actual knowledge
that it is no longer used for K-12 school purposes, unless
the information is being used or maintained at the
direction of a school or school district and is under the
direct control of the school or district.
B. The student requests deletion, unless it is being used
at the direction of a school or district for legitimate
educational purposes and is under the control of the school
or district.
C. The school or school district requests deletion.
1. Provides that an operator may disclose personal information
of a student if other provisions of federal or state law
require the operator to disclose the information, and the
operator complies with the requirements of federal and state
law in protecting and disclosing that information.
2. Provides that an "online service" includes cloud computing
services.
3. Provides that an operator of an Internet Web site, online
service, online application, or mobile application used for
and designed and marketed for
K-12 school purposes may disclose personal information of a
student for legitimate research purposes as required by state
and federal law and subject to the restrictions under state
and federal law, as specified.
4. Defines "personal information" as any information or
materials in any media or format created or provided by a
student or the student's parent or legal guardian, as
specified.
CONTINUED
�
SB 1177
Page
5
5. Provides that "K-12 school purposes" if defined as purposes
that customarily take place at the direction of the school,
teacher, or school district or aid in the administration of
school activities, including, but not limited to, instruction
in the classroom or at home, administrative activities, and
collaboration between students, school personnel, or parents,
or are for the use and benefit of the school.
6. Provides that these provisions shall not be construed to
limit the authority of a law enforcement agency to obtain any
content or information from an operator as authorized by law
or pursuant to an order of a court of competent jurisdiction.
7. Provides that it is not the intent of the Legislature for
this chapter to apply to general audience Internet Web sites
and not to limit internet service providers from providing
internet connectivity to schools or students and their
families.
8. Provides that the provisions of the bill are severable, as
specified.
FISCAL EFFECT : Appropriation: No Fiscal Com.: No Local:
No
SUPPORT : (Verified 5/1/14)
California Federation of Teachers
California State PTA
Common Sense Media
Klaas Kids Foundation
Privacy Rights Clearinghouse
Services Employees International Union
PQ:nl 5/1/14 Senate Floor Analyses
SUPPORT/OPPOSITION: SEE ABOVE
**** END ****
CONTINUED
�
SB 1177
Page
6
CONTINUED