(A) No nonprofit institution that holds a certificate of authorization issued under Chapter 1713 of the Revised Code shall be liable for a breach of confidentiality arising from the institution’s submission of student data or records to the chancellor of higher education or any other state agency in compliance with any law, rule, or regulation, provided that the breach occurs as a result of one of the following:

(1) An action by a third party during and after the transmission of the data or records by the institution but prior to receipt of the data or records by the chancellor of higher education or other state agency;

(2) An action by the chancellor of higher education or the state agency.

(B) No nonprofit institution that holds a certificate of authorization issued under Chapter 1713 of the Revised Code shall be liable for a breach of confidentiality or any other claim that arises from the institution’s disclosure of the public records pursuant to a request for public records made under section 149.43 of the Revised Code, except for claims based on the institution’s failure to disclose public records as required by law.

This provision shall apply to the submission of any student data or records that are subject to any laws of this state or, to the extent permitted, any federal law, including the “Family Educational Rights and Privacy Act of 1974,” 88 Stat. 571, 20 U.S.C. § 1232g.