The first in series about the lack of adequate protections related to student data and privacy
Over recent weeks the focus of this blog has been on parental right and the importance of opting out of the unfair, inappropriate and discriminatory Common Core Smarter Balanced Assessment Consortium (SBAC) test, but that issue is only one piece of the puzzle when it comes to the unprecedented activities of the Corporate Education Reform Industry and their supporters like Governor Dannel Malloy.
While the vast majority of parents are blind to the issue, one of the most serious problems associated with the transformation of the nation’s education system is the creation of massive databases that track a broad array of data about children and how a variety of public and private entities mine that data for various uses including marketing to children and parents.
Just as troubling is the fact that few school administrators seem to understand the extent of these recent developments.
State and local school officials continue to tell parents that their child’s data is safe as a result of the federal government’s Family Educational Rights and Privacy Act (FERPA) which was originally designed to protect students and ensure that parents knew what data was being collected on their children and how that data was being used.
But even a basic review of the communications being sent out by Connecticut’s Department of Education and local superintendents reveal that these officials either don’t know about the massive changes that have been made to the FERPA law or are intentionally misleading and lying to parents.
The Family Educational Rights and Privacy Act (FERPA) was designed to control the use of “educational records” and any agency or institution that violates the FERPA law and its regulations can be denied funding. As the law is written, school officials cannot share student data with outside entities without parental consent.
However massive changes to the FERPA privacy law in 2008 and 2011 undermined the most important elements of the nation’s student privacy law. The United States Department of Education now defines “school officials” to include “contractors, consultants, volunteers, and other parties to whom an educational agency or institution has outsourced institutional services or functions it would otherwise use employees to perform.”
This means the nation’s federal student privacy law allows schools to provide the data it collects on students to private companies, without parental consent, if the contract is related, in some way, to educational activities.
In addition, revisions to the FERPA privacy regulations, “removed limitations prohibiting educational institutions and agencies from disclosing student personally identifiable information, without first obtaining student or parental consent,” a change that now gives private companies access to data that specifically identifies each student.
The changes in the nation’s student privacy laws were pushed by the Corporate Education Reform Industry and companies that are financially benefiting from getting access to student data.
As Politco.com observed at the time, the private sector was overjoyed.
“This is going to be a huge win for us,” said Jeffrey Olen, a product manager at CompassLearning, which sells education software.
Politico went on to report,
CompassLearning will join two dozen technology companies at this week’s SXSWedu conference in demonstrating how they might mine the database to create custom products – educational games for students, lesson plans for teachers, progress reports for principals.
And we’re not talking about just a few companies using a few limited databases.
Pearson Education, ETS (Educational Testing Service), Houghton Mifflin Harcourt, McGraw-Hill and dozens of other companies have spent tens of millions of dollars lobbying to weaken privacy laws or stop the federal and state governments from reducing their access to student data.
Just this week, The National Education Policy Center at the University of Colorado released a major report entitled, ON THE BLOCK: STUDENT DATA AND PRIVACY IN THE DIGITAL AGE. The report references a 2013 study conducted by the Center on Law and Information Policy at Fordham Law School which looked into how California school districts were handling student data. The report found that;
“[In California] 95% of school districts now rely on cloud-services providers for a wide variety of services, such as data mining for student performance, support for classroom activities, student guidance, and data hosting.
However, fewer than 25% of the agreements specify the permitted purposes for disclosures of student information, fewer than 7% of the contracts restrict the sale or marketing of student information by vendors, and many agreements allow vendors to unilaterally change the terms. Many also allow vendors to retain student data into perpetuity.”
After reviewing federal and state laws, the new NEPC report makes it extremely clear that while more than 20 states have passed their own student privacy laws to fill in gaps in the federal laws, Connecticut is one of the states that has completely failed to develop appropriate student privacy laws designed to protect the state’s children.
In Connecticut, for example, there is no requirement that contracts with vendors:
Restrict the use of data collection for advertising and marketing purposes
Require that parents are notified and have an unlimited right to review data that is being handed over to third parties
Require that third parties have and maintain appropriate data security procedures.
Require that data must be destroyed following intended use.
Require parents be notified about breaches or that third parties be held accountable for breaches. (In fact, when it comes to protecting student data, Connecticut actually has a statute that provides for immunity of liability for data breach and NO notice to parents that a breach has occurred.)
This year a group of Republican legislators in the Connecticut General Assembly introduced H.B. No. 7017, an Act Concerning Student Data Privacy, but following a public hearing, the Education Committee passed an extremely weak version of what might be called an attempt at beginning to address the student privacy problem.
As the proposed legislation now stands, Connecticut parents would continue to have virtually no meaningful protections when it comes to the use of data collected about their children.
Check back for much more on the key issues surrounding student data and privacy, the Corporate Education Reform Industry’s efforts and the failure of public officials to address this growing problem.