What parents don’t know about the massive data collection that is taking place in public schools

Last November, the Washington Post headline read, The astonishing amount of data being collected about your children.  The article reported on the “Brave New World” of data collection and data mining that is taking place in the nation’s public schools and how private companies are accessing and using that information for profit.

The media coverage in the Washington Post continued this past January with a piece entitled, New student database slammed by privacy experts.

Although the issue has yet to generate a lot of media attention here in Connecticut, all across the United States parents and advocacy groups have been highlighting the growing problem and demanding that public officials take steps to protect students, parents and teachers from the government and corporate education reform industry’s efforts to collect and utilize information.

Here in Connecticut, Governor Dannel Malloy and his administration have been moving “full-speed head” with national and state plans to collect large amounts of data on Connecticut’s public school students and teachers, some of which will undoubtedly end up in the hands of companies looking to market their products.

As a result of a series of policy changes, parents not only have little knowledge of this growing problem, but have little say over what information is being collected about their children and how it can be used.

At the recent State Department of Education meeting in which a group of school superintendents were instructed on how to mislead parents about their right to opt out of the Common Core SBAC testing scheme, one high ranking employee with the state department of education mocked concerns about the potential misuse of the data collected during the SBAC testing process.

However, whether their statement was due to intention or ignorance, their dismissal spoke volumes about how little public officials care about what parents think or want.

Officials can’t hide the truth forever.

Jennifer Jacobsen, a public education advocate in Connecticut, serves as the director of the Connecticut Alliance for Privacy in Education and is among the most outspoken leaders in the effort to force public officials to address the very serious issues regarding the use and misuse of the data being collected in public schools.

In a recent CT Mirror commentary piece, Jennifer Jacobson wrote;

The Connecticut Alliance for Privacy in Education– CAPE- represent a diverse membership of organizations who have come together to advocate for a comprehensive student data law in our state. Our members include:

The Connecticut Parent Teachers Association, Connecticut Parental Rights Coalition, American Civil Liberties Union -CT, Connecticut Parent Advocacy Center, Connecticut Association of Private Special Education Facilities, CT Council of Administrators of Special Education, CT Federation of School Administrators, CT Association of School Administrators, American Federation of Teachers, Connecticut Education Association, Connecticut Education Association College Student Program….and growing.

The mission of CAPE is to protect the children, students, families, and educators of Connecticut by addressing the risks associated with the collection of student data and other educational records.

There is great potential for the appropriate use of student data to bring positive outcomes for our children and students. However, the use of student data also brings with it immense responsibility and great risk to the safety and civil liberties of children and their families.

Policymakers, educators, parents, and communities must ensure that all individuals and entities who have access to student data take steps to protect the lives behind the data.

Thirty-three states have enacted 55 laws thus far around the issue of student data. Legislatures around the nation continue today to have this important discussion. Connecticut is among a minority of states that have yet to enact legislation pertaining to the protection and use of student data, leaving our children and families inadequately protected. As such the Education Committee of the General Assembly has raised HB 5469: An Act Concerning Student Data Privacy.

HB 5469 does accomplish some welcome changes in policy:

The prohibition on student tracking and profiling, limiting data collection by school contracted apps and websites, the limitation on advertising, the requirement of de-identification of student information for use to improve a site or product, and the limited use of directory information are examples of such improvements. Further, the inclusion of a parent notification provision that their child has become a party to a contract or when there has been a breach are additional strengths of the bill. However, the bill is limited only to contractors who store education records and operators of websites and apps, and excludes state data collection and other third parties who have access to student information.

Based on testimony that was submitted at the public hearing on March 2, we feel that additions to the bill should expand to include the following provisions:

Marne Usher of the CT PTA stated their organization’s concern surrounding the limited scope of the bill and advocated that they would “like to see legislation that ensures consistent policies for ALL student data regardless of who is collecting it. Parents have the right to know about ALL data that is collected in their child’s record. Parental consent should be the first step before any data collection and we see no mention of this in the legislation”

ACLU-CT, David McGuire primarily focused on civil liberties protections for students in regards to baseless searches and seizures of students’ personal electronic devices and passwords citing “the patchwork of unequal privacy policies” used in districts around the state, urging the committee to expand protections in the bill that would uphold students Constitutional 14th amendments rights.

Ray Rossomando of the Connecticut Education Association focused on changes to the federal Family Educational Rights and Privacy Act (FERPA), which historically prohibited the disclosure of education records of students unless a parent consented. Parental consent is no longer required in many instances simply by using the correct exception to the law, ironically at a time when parents report having a harder time garnering access to their own child’s data.

Rossomando also requested that the committee consider providing guidelines to educators and other school personnel to learn about safe and secure data handling strategies and extend the bills coverage to include educator information since they too are exposed to similar risks. Greater oversight and citizen input were further themes of his testimony that would strengthen the comprehensive intent of this bill.

Understanding the potential for the misuse of lifetime data collection on children Pam Lucashu, Legislative Liaison to TEACH CT cited banning “the use of this information being used to influence or determine the employability, criminal liability, financial standing or the reputation of the student”, which is a protective provision in human subject research protections in policy that should be codified into law to exclude such use. In fact, many other states have explicitly prohibited juvenile delinquency records, medical records and criminal records of students from being included as education records for exactly this reason.

Finally, any law that does not contain an enforcement process and a penalty for violation of that law, which HB 5469 does not, relegates its purpose to a guideline. There must be a means of enforcement and liability.

When sensitive student information enters into a data system or leaves the school building to an outside party risk ensues. It is at the point when student information is poised to leave the school, that the system to protect that data must begin.

Connecticut’s system to protect student information needs to be far more effective, uniform, and transparent than it is today. This is an attainable goal. The clarifications, amendments and additions to this bill suggested in here and at the public hearing by the members of CAPE and others would take us far toward accomplishing that goal.

It is with this vision of care and protection of this generation’s future, free and unhindered from a lifetime of collected information that may come to be used against them that we, the members of CAPE, in partnership with countless thousands of people around Connecticut call on the Education Committee, General Assembly and leadership to do the right thing for the students of this state and enact an comprehensive student data security, transparency, and privacy law.

Our kids and our families deserve no less than those in other states. We cannot allow for interest in the data, special or otherwise, to supersede the digital security of our children, nor infringe upon their civil liberties, nor keep our parents and guardians in the dark any longer.

New Canaan parent and education advocate Maria Naughton submitted testimony stating “parents, families and children do not have corporate backing, PAC’s, large philanthropic organizations or venture capitalists funding our efforts to protect our children. We are relying on those who have been elected to represent our interests and to do what is in the best interest of our children.”

Indeed.

The Connecticut’ General Assembly’s Education Committee will soon be taking up the legislation Jennifer Jacobsen addressed  in her commentary piece.

Legislators will be faced with the opportunity to strengthen this proposed new law or continue to look away while the education reform industry and their supporters undermine the privacy rights of students, parents and teachers.

For more about the legislation go to Cape4kids.org

The names and contact information for the members Connecticut’s Education Committee can be found here – https://www.cga.ct.gov/ed/

Some previous Wait, What? articles about big data, data mining and privacy can found here:

Will CT elected officials enact appropriate safeguards on student privacy this session?

Public Good or Private Gain – the story behind the Corporate Education Reform Industry’s Data Mining Effort

Are Governor Malloy’s new Google Chromebooks data mining our kids?

They have your child’s data and they aren’t afraid to use it.

Additional background on the data and data mining issue can also be found at Diane Ravitch’s blog.  As the nation’s leading pro-public education advocate she has reported and written extensively about the issue.  Examples include;

U.S. Department of Education Still Pursuing Your Child’s Data

Grit and Data Mining

What You Need to Know about Data Mining of Students

CONNECT THE DOTS: Competency-Based Education, Digitized Instruction, Data Mining, The Vanishing Teacher, and Profit

Parents to New York Education Leaders: No Snooping on Our Children’s Private Data

Your Child’s Personal Records Are Part of a Massive Government Database

 

Public Good or Private Gain – the story behind the Corporate Education Reform Industry’s Data Mining Effort

[A long but extremely important read]

While most of the attention surrounding the Corporate Education Reform Industry has been on the implementation of the Common Core, the Common Core testing scheme, the inappropriate teacher evaluation systems and the privatization of public education via charter schools, one of the most disturbing elements of the effort to “transform” public education has been an associated program to create a massive database and corresponding data mining activities.

For additional background read the April 2015 Wait, What? Post –  They have your child’s data and they aren’t afraid to use it.  Connecticut parents who want to know more about this issue should follow the FB Page Student Data Privacy: A Voice for the Connecticut Children of P20 WIN 

Called the P20 WIN (Preschool through Twenty and Workforce Information Network) in Connecticut and housed under the Board of Regents, the publicly funded program seems simple enough;

To improve education and employment opportunities for students, Connecticut needs a system that links data between agencies as students progress from early childhood into jobs and careers.

Connecticut’s Preschool through Twenty and Workforce Information Network (P20 WIN) provides a way for agencies to share and match data securely while protecting student, worker and employer privacy. Education and workforce leaders can then have information to make decisions for improving our students and the state.

However, the issues associated with control and use of the data makes the program much more complex.

In a recent article on the subject, the Washington Post’s Valerie Strauss wrote;

Parental concerns about student privacy have been rising in recent years amid the growing use by schools, school districts and states use technology to collect mountains of detailed information on students. Last year, a controversial $100 million student data collection project funded by the Gates Foundation and operated by a specially created nonprofit organization called inBloom was forced to shut down because of these concerns, an episode that served as a warning to parents about just how much information about their children is being shared without their knowledge.

Valerie Strauss then posted a detailed explanation of the issue written by fellow education blogger Leonie Haimson and Cheri Kiesecker, the co-founder of Parent Coalition for Student Privacy.

Leonie Haimson and Cheri Kiesecker explain the story behind the story;

Remember that ominous threat from your childhood, This will go down on your permanent record?” Well, your children’s permanent record is a whole lot bigger today and it may be permanent. Information about your children’s behavior and nearly everything else that a school or state agency knows about them is being tracked, profiled and potentially shared.

During a February 2015 congressional hearing on “How Emerging Technology Affects Student Privacy,” Rep. Glenn Grothman of Wisconsin asked the panel to “provide a summary of all the information collected by the time a student reaches graduate school.” Joel Reidenberg, director of the Center on Law & Information Policy at Fordham Law School, responded:

“Just think George Orwell, and take it to the nth degree. We’re in an environment of surveillance, essentially. It will be an extraordinarily rich data set of your life.”

Most student data is gathered at school via multiple routes; either through children’s online usage or information provided by parents, teachers or other school staff. A student’s education record generally includes demographic information, including race, ethnicity, and income level; discipline records, grades and test scores, disabilities and Individual Education Plans (IEPs), mental health and medical history, counseling records and much more.

Under the federal Family Educational Rights and Privacy Act (FERPA), medical and counseling records that are included in your child’s education records are unprotected by HIPAA (the Health Insurance Portability and Accountability Act passed by Congress in 1996). Thus, very sensitive mental and physical health information can be shared outside of the school without parent consent.

Many parents first became aware of how widely their children’s personal data is being shared with third parties of all sorts when the controversy erupted over inBloom in 2012, the $100 million corporation funded by the Gates Foundation. Because of intense parent opposition, inBloom closed its doors in 2014, but in the process, parents discovered that inBloom was only the tip of the iceberg, and that the federal government and the Gates Foundation have been assisting the goal of amassing and disclosing personal student data in many other ways.

Ten organizations joined together, funded by the Gates Foundation, to create the Data Quality Campaign in 2005, with the following objectives:

  • Fully develop high-quality longitudinal data systems in every state by 2009;
  • Increase understanding and promote the valuable uses of longitudinal and financial data to improve student achievement; and
  • Promote, develop, and use common data standards and efficient data transfer and exchange.

Since that time, the federal government has mandated that every state collect personal student information in the form of longitudinal databases, called Student Longitudinal Data Systems or SLDS, in which the personal information for each child is compiled and tracked from birth or preschool onwards, including medical information, survey data, and data from many state agencies such as the criminal justice system, child services, and health departments.

A state’s SLDS, or sometimes called a P20 database (pre-K to 20 years of age), P12, or B-20 (data tracking from birth), have been paid for partly through federal grants awarded in five rounds of funding from 2005-2012. Forty-seven of 50 states, as well as the District of Columbia, Puerto Rico, and the Virgin Islands, have received at least one SLDS grant.

Although Alabama, Wyoming and New Mexico are not included on the site linked to above, Alabama’s governor recently declared by executive order that “Alabama P-20W Longitudinal Data System is hereby created to match information about students from early learning through postsecondary education and into employment.” Wyoming uses a data dictionary, Fusion, that includes information from birth. New Mexico’s technology plan shows that they moved their P-20 SLDS to production status in 2014 and will expand in 2015. This site run by the Data Quality Campaign tracks each state’s SLDS.

Every SLDS has a data dictionary filled with hundreds of common data elements, so that students can be tracked from birth or pre-school through college and beyond, and their data more easily shared with vendors, other governmental agencies, across states, and with organizations or individuals engaged in education-related “research” or evaluation — all without parental knowledge or consent,.

Every SLDS uses the same code to define the data, aligned with the federal CEDS, or Common Education Data Standards, a collaborative effort run by the US Department of Education, “to develop voluntary, common data standards for a key set of education data elements to streamline the exchange, comparison, and understanding of data within and across P-20W institutions and sectors.”

Every few months, more data elements are “defined” and added to the CEDS, so that more information about a child’s life can be easily collected, stored, shared across agencies, and disclosed to third parties. You can check out the CEDS database yourself, including data points recently added, or enter the various terms like “disability,” “homeless” or “income” in the search bar.

In relation to discipline, for example, CEDS includes information concerning student detentions, letters of apology, demerits, warnings, counseling, suspension and expulsion records, whether the student was involved in an incident that involved weapons, whether he or she was arrested, whether there was a court hearing and what the judicial outcome and punishment was, including incarceration.

This type of information is obviously very sensitive and prejudicial, and often in juvenile court, records are kept sealed or destroyed after a certain period of time, especially if the child is found innocent or there is no additional offense; yet all this information can now be entered into his or her longitudinal record with no particular restriction on access and no time certain when the data would be destroyed.

Expanding and Linking Data across States

Nearly every state recently applied for a new federal grant to expand its existing student longitudinal data system, including collection, linking and sharing abilities. You can see the federal request for proposals. Pay special attention to Section V, the Data Use section of the grant proposal, requiring states to collect and share early childhood data, match students and teachers for the purpose of teacher evaluation, and promote inter-operability across institutions, agencies, and states.

The 15 states and one territory, American Samoa, that won the grants were announced Sept. 17, 2015, and are posted here. President Obama’s 2016 budget request has a number of additional data­ related provisions, including a near tripling in funding for State Longitudinal Data Systems ($70 million) and Department of Labor Workforce Data Quality Initiative ($37 million) aimed at attaching adult workforce personal data with his or her student records.

Though the federal government is barred by law from creating a national student database, the U.S. Department of Education has evaded this restriction by means of several strategies, including funding multi-state databases, which would have been illegal before FERPA’s regulations and guidance were rewritten by the Department in 2012.

The federal grants encourage participation in these multi-state data exchanges. One existing multi-state database is WICHE, the Western Interstate Commission for Higher Education, which includes the 15 Western states that recently received an additional $3 million from the federal government. This WICHE document explains that the project was originally funded by the Gates Foundation, and that the foundation’s goal of sharing personal student data across state lines and across state agencies without parental consent was impermissible under FERPA until it was weakened in 2012:

Upon approval of WICHE’s proposal by the Gates Foundation, the pilot MLDE (Multistate Longitudinal Data Exchange) project began in earnest in June, 2010, and the initial meeting to begin constructing the MLDE was held in Portland, Oregon, in October, 2010. It is worth placing the launch of the MLDE pilot within an historical timeline of events bearing on the development and use of longitudinal data. As the project got underway, the federal government’s guidance on the application of the Family Educational Rights and Privacy Act (FERPA) was still fairly restrictive. Indeed, based on a subsequent conversation with a member of the Washington State Attorney General’s office, our plans to actually exchange personally identifiable data among the states would be impermissible under the FERPA guidance in effect at that time. Though we were told we would have been able to assemble and use a de-identified dataset, which would have shown much of the value of combining data across states, not being able to give enhanced data back to participating states would have been a serious setback. Changes in the federal government’s guidance on FERPA that went into effect in January, 2012 resolved this problem.

The new guidance permitted the participating states to designate WICHE as an authorized representative for the purposes of assembling the combined data, while also allowing the disclosure of data across state lines and between state agencies.

Since 2010, the Gates Foundation has funded WICHE with more than $13 million. Just to underscore how powerful this organization has become, Colorado Lieutenant Governor Joe Garcia just stepped down from his post to head WICHE. Here is a helpful chart showing how student personal data is to be shared, among state agencies and across state lines.

Existing multi-state databases include not just WICHE, but also SEED, formerly Southeastern Education Data Exchange, now called the State Exchange of Education Data, including Alabama, Colorado, Florida, Georgia, Kentucky, North Carolina, Oklahoma, and South Carolina.

This North Carolina PowerPoint from 2013 describes what detailed information is to be shared among the states participating in SEED: data aligned with CEDS, including demographic information, academic and test score data, and disciplinary records. Here is a Georgia document, explaining how SEED will be “CEDs compliant” and describes in even more detail the sort of information that will be exchanged.

In addition, the two Common Core testing multi-state consortia funded by the federal government, PARCC and Smarter Balanced, are accumulating a huge amount of personal student data across state lines, and potentially sharing that information with other third parties. Under pressure, PARCC released avery porous privacy policy last year; Smarter Balanced has so far refused to provide any privacy policy, even after requests from parents in many of the participating states.

What Parents Can Do

Ask your State Education Department if they applied for this new grant to expand their SLDS, and if so, ask to see the grant proposal. You can also make a Freedom of Information request to the U.S. Department of Education to see the grant application. Ask what methods your state is using to protect the data that the SLDS already holds, and if the data is kept encrypted, at rest and in transit. Ask what categories of children’s data they are collecting, which agencies are contributing to it, and what third parties, including vendors and other states, may have gained access to it. Ask to see any inter-agency agreements or MOUs allowing the sharing education data with other state agencies. Ask if any governance or advisory body made up of citizen stakeholders exists to oversee its policies.

You should also demand to see the specific data the SLDS holds for your own child, and to challenge it if it’s incorrect – and the state cannot legally deny you this right nor charge you for this information under FERPA.

This was conclusively decided when a father named John Eppolito requested that the Nevada Department of Education provide him with a copy of his children’s SLDS records, and the state demanded $10,000 in exchange. He then filed a complaint with the US Department of Education, which responded with a letter on July 28, 2014, stating that the state must provide him with the data it holds for his child, as well as a record of every third party who has received it; and that they cannot charge a fee for this service.

Parents also have the right to correct their child’s data if it is in error. Apparently Mr. Eppolito found many errors in his children’s data. Even if it is accurate, the data that follows your child through life and across states could diminish his or her future prospects. As this Department of Education studypoints out,

“…imagine a student transferring from another district into a middle school that offers three levels of mathematics classes. If school staff associate irrelevant personal features with mathematics difficulties, the representativeness bias could influence the student’s placement… educators have been found to have a tendency to pay more attention to data and evidence that conform to what they expect to find.”

Schools could use this data to reject students, push them out, or relegate them to remedial classes or vocational tracks.

There is also abundant research that shows that a teacher’s expectations play a significant role in how a student performs – especially for marginalized groups. This is called the Pygmalion effect in the case of a teacher’s positive expectations, and the Golem effect in the case of negative expectations. These studies reveal that if teachers are provided with positive or negative information about their students before having a chance to form their own opinions based upon actual experience, this prior information often tends to bias their judgments and perceptions of that student, creating self-fulfilling prophecies.   Parents should be legitimately fearful that positive or negative data may be used to profile their children, and potentially damage their chance of success.

What Else Can You Do?

If you send your children to a public school, under current federal law you have no way of opting out of the P20 profile that has been created by your state and potentially shared with others. You also have no right to refuse to have your child’s data disclosed to testing companies and other corporations in the name of evaluation and research. Researchers have legitimate interests in being able to analyze and evaluate educational programs, but any sensitive personal data should be properly de-identified and there must be strict security provisions to safeguard its access and restrict further disclosures, as well as a time certain when it will be destroyed. You do have the right to see that data, and challenge it if it is inaccurate.

You should also advocate for stronger state and federal laws to protect your child’s data and laws that give parents and students the right of ownership, including the ability to decide with whom it will be shared. You should urge your state Education Department to create advisory or governance boards that include stakeholder members, to provide input on restrictions on access and security requirements.

Any federal and state student privacy legislation should embrace five basic principles of student privacy, transparency and security, developed by the Parent Coalition for Student Privacy. Ask your elected officials to support TRUE data privacy and transparency legislation, to protect children. Parents deserve to know the data collected and shared about their children, and they should be guaranteed that their children’s data is safe from breaches and misuse.

NOTE;  A leader in the battle to ensure appropriate student privacy in Connecticut is Jennifer Jacobsen, a long time educator, mother of three, a founding member of Connecticut Unites for Student Privacy and a member of the Connecticut Parental Rights Coalition.  You can read one of her commentary pieces at: http://ctviewpoints.org/2015/04/27/connecticut-schools-need-comprehensive-protection-of-student-data-privacy/  

For more check out: http://connecticutunites.weebly.com/references-and-resources.html