Why are we talking about student data privacy now?
From the Department of Education:
The need for articulated privacy protections and data security continues to grow as Statewide Longitudinal Data Systems (SLDS) are built and more education records are digitized and shared electronically.
What this means to you is that every state now has a large data system for education reports from districts. When students take mandated state tests, that information is transmitted so the state is able to review the scores and analyze trends and patterns. It also holds data on demographics, certifications and schedules.
Some states have their own data systems but some use outside vendors. Washington State has its own system called CEDARS (Comprehensive Education Data and Research System).
Ninety-five percent of school districts in the U.S. rely on cloud computing – storing data on remote servers connected to the Internet – according to a recent report from the Fordham University School of Law
As well, the Gates Foundation has funded a massive student data cloud called InBloom which will be able to take data from every state, if a state wanted it stored there. Currently only one state, New York State, is using InBloom. The state of New York uploaded about one million NY State K-12 students’ data to InBloom without parent notification. (Note: it appears that NY state may pull out of InBloom, )
Do districts have their own data systems?
Yes, most do.
The Fordham paper found that only one-fourth of districts tell parents about these services and one-fifth of districts don’t have policies explicitly governing their use. Many contracts between districts and technology vendors don’t have privacy policies, and less than 7 percent of the contracts restrict vendors from selling student information. The agreements rarely address security, according to the Fordham research.
How is data used?
Nearly all school districts use third-party providers or vendors to provide software services necessary for instructional programs and management operations, including products that deliver student information management (e.g., report cards, transcripts), course scheduling, school lunch, school transportation, online courses, and local assessment services. So your child’s data is already being shared for those purposes.
Beyond that, districts can contract with organizations conducting studies for or on behalf of such institutions to improve instruction, administer student aid programs, or to develop, validate, or administer predictive tests.
Why is student data so important to public education?
The belief is that use of data will allow teachers and districts to better track children’s academic performance. Data analysis on their performance will allow districts to create more personalized learning AND discern bigger trends/patterns in schools and districts to find more and better ways to teach all children. It is hoped that this information will allow teachers and districts to support better academic outcomes.
Districts may also contract with outside vendors/contractors to help in this work. They, in turn, use data to shape the work within their contract for a district. This is especially true with vendors/groups working with at-risk or high-need students like ELL, low-income or Special Education students.
It can also help shape public policy by allowing legislators and other elected officials to track how schools and districts are doing throughout a region and state.
So what are the downsides to collecting and distributing huge amounts of student data?
- Data breaches – NSA, Target, Snapchat – the list goes on and on about data going out to those who have no legal right to it. With student data it is even worse as child identity theft is the fastest growing type of identity theft in the country.
- Districts can now name almost anyone or any entity and “education provider” and give out student data. The more people who have access to your child’s data, the more chance there is of a data breach. As well, why do so many entities need so much data?
- Many districts have lax or poor systems of tracking where data goes.
- The Department of Education and Department of Labor are creating a “cradle to grave” system of tracking children. This type of tracking can be used, for example, to push your child in a particular direction in education or use discipline records against him or her later in life.
- It has been shown that, in 1990, 87% of the population of the United States could be uniquely identified by gender, ZIP code, and full date of birth. Imagine if someone had more than that amount of data about your child.
- From the Office of the Inspector General: There are laws in 7 States that required that K-12 schools obtain students’ SSNs and schools in at least 26 other States that collected students’ SSNs at registration, even though no State law required that they do so. (Washington State does not use SSN for student identifiers.)
- From the Office of the Inspector General: In addition to K 12 schools’ collection and use of SSNs, there is a growing trend among State Departments of Education to establish longitudinal databases of all K 12 children within a State to track students’ progress over time, according to a recent university study.
- The study found that privacy protections for these databases were generally lacking in the majority of States. Furthermore, the study reported that at least 32 percent of States warehoused children’s SSNs, and over 80 percent of States apparently failed to have data retention policies and were likely to hold student information indefinitely. In addition, several States outsourced the data-warehousing function without any protections for privacy in vendor contracts.
- While we recognize there are some legitimate reasons for data collection in K-12 educational systems (for example, tracking school improvement), we question the need for States to collect SSNs, especially when States also assign a unique identification number to students in these databases. Until States stop collecting SSNs and redact existing SSNs, we encourage States to implement stringent security measures when establishing such databases.
- Since 2005, 40 school-related breaches of children’s personally identifiable information (including SSNs) have been reported
- Take, for example, the ‘metadata’ collected on students via digital devices and online learning programs, which can include keystroke information, the time and place at which a device or program is being used, the type of device on which the service is being accessed, and more. Under some circumstances, such metadata are not protected under FERPA and may be used for data-mining and other non-educational purposes.
What are the pros and cons of expansion of the collection, distribution and use of student data?
The”Good” side of using student data
From Ed-Fi Alliance:
The right data, used in the right ways, has enormous potential to empower teachers and parents, and to improve student learning. Many of the benefits to children of their teachers’ having actionable, easy-to-access data about individual strengths and challenges are already clear. Used effectively, data also serves as an amazing check and balance on the larger educational system – it gives parents insights into how well the classroom or school is serving their children, it gives taxpayers and policymakers a way to gauge how well resources are delivering results, and it helps educators gain quick insights into the needs of each student.
The “Bad” side
It can be used to track students in ways that could follow them for a lifetime. It could “direct” them in an education track. Are discipline records from when someone was 13 valid for later in life in terms of college entrance, internships or jobs? The data may include behavior patterns, parent income, homeless/foster care, and other personal data.
In 2012, SafeGov.org, a watchdog group for computer privacy, reported that Google has admitted in recent court filings that “it data mines student emails for ad-targeting purposes outside of school, even when ad serving in school is turned off.”
The newly exposed documents explicitly “confirm in a sworn public court declaration that even when ad serving is turned off in Google Apps for Education (GAFE), the contents of users’ emails are still being scanned by Google in order to target ads at those same users when they use the Web outside of Google Apps (for example, when watching a YouTube video, conducting a Google search, or viewing a web page that contains a Google+ or DoubleClick cookie).”
Huge “clouds” of student data are like catnip to on-line hackers. With the rise in child identity theft, there are deep concerns over this volume of information in one place AND that much of it is getting set to more and more entities (both governmental and business).
The Common Core standards movement may create “a womb-to-tomb dossier on kids and families” that include between 300 and 400 different data points, such as parents’ voting status, religious affiliation, medical data, newborn screening and genetic data.
How does a district protect my child’s student data?
From the Department of Education:
“The first line of protection is the federal law FERPA (Family Educational Rights and Privacy Act) that protects the privacy of personally identifiable information from student education records.
In short, the Act sets forth the rights of a parent to review a child’s education records or of a student over the age of 18 to review his/her records: and the rules governing the disclosure of personally identifiable information from student education records.
Generally, schools must have written permission from the parent or eligible student in order to disclose any personally identifiable information from that student’s education records. (An “eligible student” is a student who is 18 years old or attending a postsecondary institution at any age.)
FERPA permits, but does not require, schools to disclose personally identifiable information from education records without consent under limited circumstances, commonly known as exceptions.
As the law applies to personally identifiable information contained in students’ records, it is generally not applicable to other data that a school may collect, such as information on teachers (although there may be other State laws guiding the use and disclosure of that data).
The law applies to all educational agencies and institutions, such as schools, school districts, and postsecondary institutions that receive funds under any program administered by the Department.
The current and proposed Family Educational Rights and Privacy Act (FERPA) regulations are a critical piece of this effort: however, it is equally important to consider that FERPA does not address the full scope of policies and procedures that should be in place to adequately protect student privacy in today’s world of evolving technology and information use.”
In short, FERPA is NOT the ceiling for student data privacy – it is the floor. Nothing prevents states and/or districts from adding more procedures and policies to protect students.
What is Directory Information?
Directory information is those data identifiers that can be used by a school or district in directories, yearbooks, and newsletters, for example. It is considered information in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed.
Directory information includes but is not limited to:
- student’s name;
- telephone listing;
- electronic mail address;
- date and place of birth;
- major field of study;
- grade level;
- enrollment status (e.g., undergraduate or graduate, full-time or part-time);
- dates of attendance;
- participation in officially recognized activities and sports;
- weight and height of members of athletic teams;
- degrees, honors, and awards received;
- and the most recent educational agency or institution attended.
May parents opt their child out of Directory Information?
Yes, districts are legally obliged, at the beginning of the school year, to give out information on FERPA to every parent/guardian with information about opting out. If you do opt out, be aware that your child’s photo/information may not be able to appear in school newsletters/newspapers or yearbooks. You need to check with your district on their policies.
What is personally identifiable information (PII)?
Personally identifiable information (PII) is any student information that isn’t directory information. Meaning, information that can be used on its own OR with other information to identify, contact, or locate a single person, or to identify an individual in context.
What are some examples of PII?
From the National Institute of Standards and Technology – US Department of Commerce Guide to Protecting the Confidentiality of Personally Identifiable Information:
“PII is – any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as
medical, educational, financial, and employment information. Examples of PII include, but are not limited to:
Name, such as full name, maiden name, mother’s maiden name, or alias
Personal identification number, such as social security number (SSN), passport number, driver’s license number, taxpayer identification number, or financial account or credit card number
Address information, such as street address or email address, login name/nickname/screen name
Personal characteristics, including photographic image (especially of face or other identifying characteristic), fingerprints, handwriting, or other biometric data (e.g., retinal scan, voice signature, facial geometry)”
If information is PII under FERPA or under an institution’s more stringent policies, does that mean it can never be disclosed?
No. There are several ways that PII can be disclosed.
“The studies exception is one of several exceptions to the general rule under FERPA that written consent must be obtained from a student before such information may be disclosed to third parties.
Under this exception, an institution may disclose PII from student education records, without consent, to organizations conducting studies for or on behalf of such institutions to improve instruction, administer student aid programs, or to develop, validate, or administer predictive tests.”
What rights do you have as a parent under FERPA (from the Department of Education):
- Access: Under FERPA, a school must provide a parent with an opportunity to inspect and review his or her child’s education records within 45 days following its receipt of a request. A school is required to provide a parent with copies of education records, or make other arrangements, if a failure to do so would effectively prevent the parent from obtaining access to the records.
- Amendment of education records: Under FERPA, a parent has the right to request that inaccurate or misleading information in his or her child’s education record be amended. While a school is not required to amend education records in accordance with a parent’s request, the school is required to consider the request. If the school decides not to amend a record in accordance with a parent’s request, the school must inform the parent of his or her right to a hearing on the matter. If, as a result of the hearing, the school still decides not to amend the record, the parent has the right to insert a statement in the record setting forth his or her views. That statement must remain with the contested part of the student’s record for as long as the record is maintained. FERPA affords parents the right to seek to amend education records which contain inaccurate information, this right cannot be used to challenge a grade, an individual’s opinion, or a substantive decision made by a school about a student.
- Release of education records: Under FERPA, a school may not generally disclose personally identifiable information from a minor student’s education records to a third party unless the student’s parent has provided written consent. However, there are a number of exceptions to FERPA’s prohibition against non-consensual disclosure of personally identifiable information from education records. Under these exceptions, schools are permitted to disclose personally identifiable information from education records without consent, though they are not required to do so by FERPA.
My child’s school won’t show me her or his education records. Does the school have to provide me with a copy of the records if I request them?
Schools must honor your request to review your child’s education records within 45 days of receiving the request. Some states have laws similar to FERPA that require schools to provide access within a shorter period of time. FERPA requires that schools provide parents with an opportunity to inspect and review education records, but not to receive copies, except in limited circumstances.
Parents whose children receive services under the Individuals with Disabilities Education Act (IDEA) may have additional rights and remedies with regard to their children’s education records. The school district, local special education director, or state special education director can answer questions about IDEA.
Who else gets to see my child’s education records?
“To protect your child’s privacy, schools are generally prohibited from disclosing personally identifiable information about your child without your written consent.
Exceptions to this rule include:
- disclosures made to school officials with “legitimate educational interests”;
- disclosures made to another school at which the student intends to enroll;
- disclosures made to state or local education authorities for auditing or evaluating federal – or state – supported education programs, or enforcing federal laws that relate to those programs; and
- disclosures including information the school has designated as “directory information.”
What standard is used to evaluate disclosure risk?
The FERPA standard for de-identification assesses whether a “reasonable person in the school community who does not have personal knowledge of the relevant circumstances” could identify individual students based on reasonably available information, including other public information released by an agency, such as a report presenting detailed data in tables with small size cells (34 CFR section 99.3 and section 99.31 (b)(1))
The “reasonable person” standard should be used by State and local educational agencies and institutions to determine whether statistical information or records have been sufficiently redacted prior to release such that a “reasonable person” (i.e., a hypothetical, rational, prudent, average individual) in the school community should not be able to identify a student because of some well-publicized event, communications, or other similar factor.
School officials, including teachers, administrators, coaches, and volunteers, are not considered in making the reasonable person determination since they are presumed to have inside knowledge of the relevant circumstances and of the identity of the students.
Common Core and the Rise of Usage of Student Data
-Federal dollars for the Race to the Top initiative have, within their guidelines, “development of rigorous standards and better assessments.” It also requires “Adoption of Better data systems to provide schools, teachers, and parents with information about student progress.”
-There’s also the State Fiscal Stabilization Fund (SFSF) that says that states must be moving towards “college/career-ready standards and high quality assessments” but it also says “The state must assure that it will take action to . . . establish and use pre-K-through-college and career data systems to track progress and foster continuous improvement.”
In short, SFSF is saying that states have to track the students’ educational progression from preschool through college, and even beyond.
-There is also the Council on Chief State Officers (CCSSO) – They co-hold the copyright on Common Core Standards and they are helping to develop the system of statewide longitudinal data systems that will be tracking students from Pre-K to job/college. They cannot include PII (personally identifiable information) in these systems. These systems are to be voluntary but do come with strings attached such that most states are creating these systems to access federal dollars/grants.
-According to the Department of Education’s February 2013 report Promoting Grit, Tenacity, and Perseverance: Critical Factors for Success in the 21st Century, “Researchers are exploring how to gather complex affective data [emphasis added] and generate meaningful and usable information to feed back to learners, teachers, researchers, and the technology itself. Connections to neuroscience are also beginning to emerge.”
This brings up the tracking of student behavior, not student learning. From the American Conservative:
This sort of psychological analysis may be alarming to many parents, who want their students to learn (or not learn) without a wealth of education officials tracking and analyzing their behavior patterns. But the amorphous and ominous reference to “gathering of students’ personal information’ may create false apprehensions for many parents. There is reason to frustrated with federal efforts to grow data mining – but we should be very clear what those frustrations are about.
Take, for example, the ‘metadata’ collected on students via digital devices and online learning programs, which can include keystroke information, the time and place at which a device or program is being used, the type of device on which the service is being accessed, and more. Under some circumstances, such metadata are not protected under FERPA and may thus eligible to be used for data-mining and other non-educational purposes.
All these initiatives – Race to the Top, Common Core, ect. seem to want more data collection without explicitly calling for it.
Also the groups – the National Governors Association and the Council of Chief State School Officers that control Common Core standards – have an agreement with the DOE that requires the consortium to give DOE “complete access to any and all data collected at the state level.”
What’s interesting is that the DOE says this:
“Nothing in this title shall be construed to authorize the development of a nationwide database of personally identifiable information on individuals involved in studies or other collections of data under this paragraph.”
And yet these statements do NOT bar the federal collection of PII data – they just say that this particular law does not authorize this.