No nonprofit institution that holds a certificate of authorization issued under Chapter 1713. of the Revised Code shall be liable for a breach of confidentiality arising from the institution's submission of student data or records to the board of regents or any other state agency in compliance with any law, rule, or regulation, provided that the breach occurs as a result of one of the following:
(A) An action by a third party during and after the transmission of the data or records by the institution but prior to receipt of the data or records by the board of regents or other state agency;
(B) An action by the board of regents or the state agency.
This provision shall apply to the submission of any student data or records that are subject to any laws of this state or, to the extent permitted, any federal law, including the "Family Educational Rights and Privacy Act of 1974," 88 Stat. 571, 20 U.S.C. 1232g.
Added by 130th General Assembly File No. 25, HB 59, §101.01, eff. 9/29/2013.