This contribution argues that student data, both official educational records held by education institutions as well as large unofficial student datasets (Big Data) compiled by cloud service providers of free Internet services—such as social media, storage, and productivity applications—need specialized protections no longer afforded by U.S. Federal and state law and the self regulatory frameworks (terms of service and privacy policies) of for-profit data collectors. Smart devices and ambient intelligent systems designed for education will increasingly rely by necessity on large stored datasets with student Personally Identifiable Information (PII) to drive learning feedback algorithms. The ability of students and parents to personally control information about an individual student is diminishing due to the difficulty of de-identifying PII in data re-use, the increasing use of Big Data analytics, and the volume and variety of data now being collected about students that can be aggregated to create identifiable profiles and to re-identify users. In addition, internationally, regulations governing student records are being relaxed to allow more third-party usage of student PII. Loss of privacy control by students presents several potential and serious financial, employment, and social threats. The author proposes and outlines the details of an omnibus Federal data privacy statute that balances privacy, trust and security protections of student data against the benefits from Big Data's research potential to track educational trends and develop lower cost, more efficient, and higher outcomes educational initiatives and learning objects. Due to the transborder transmission of data and the use of U.S. cloud services by foreign institutions and individuals, the issues discussed here will be of concern to international educators.