Connecticut Alliance for Privacy in Education speaks out against changes to new student privacy law

As explained in the Wait, What? post entitled,  ALERT – Legislation seeking to undo student privacy protections now before CT Legislature’s Education Committee, legislation has been introduced that would undermine Connecticut’s new student privacy law.

In legislative testimony this week, the Connecticut Alliance for Privacy in Education explained why the change is unnecessary and inappropriate.

Parents should take a moment to read this important information.

CAPE testified;

HB 7207 would delay student data privacy protections enacted last year until July 1, 2018. HB 7207 would undermine protections that students, from prek through grade 12 currently have as a result of the committee’s hard work last year when it enacted PA 16-189 with bi-partisan support.

The proposed bill would keep parents in the dark regarding the release of their children’s records. It would keep parents in the dark regarding contractors who have access to their children’s records. It would keep parents in the dark even in the event of breach of student data. The proposed bill undermines several sections to the law that was passed overwhelmingly by legislators and supported by parents, educators and other critical voices representing children. It undermines security requirements for contractors and operators of websites and apps and delays the implementation of a breach policy. It leaves unaddressed the fact that a task force created last year to address ongoing issues was never convened. It would leave children in Connecticut less protected than those in other states where 73 laws on student data privacy have been enacted.

We can see no reason that any part of this law, let along the entire law, should be delayed. At a time when security and transparency provisions have already been long overdue in this state, HB 7207 would delay protections for more than 2 years from the time this committee recommended a bill to the General Assembly. Connecticut would be going backwards.

In addition, PA 16-189 established a task force to address unmet and ongoing student privacy issues. It was never convened. The task force would have addressed issues regarding enforcement and penalties for third party violators, training in data security and handling, an inventory of approved resources, the development of a tool kit for use by school districts, a means by which parents could reasonably request the deletion of student information that is held by third parties, and to provide model practices in the state. The task force was good policy passed as a good faith promise to parents and other stakeholders that more would be done to protect students.

Some districts have done their due diligence and are doing the right thing by their students and the law. However, other districts are finding compliance more challenging and could benefit from some assistance. This was not an unforeseen issue, and one reason for the creation of a task force was for it to provide guidance and a toolkit for implementation.

Thankfully, the Connecticut Commission on Educational Technology (CCET), in collaboration with The Department of Administrative Services, has undertaken the task of assisting districts (You can see what they have done here: Operationalizing Public Act 189 http://www.ct.gov/ctedtech/cwp/view.asp?a=1182&q=253412). Their work is commendable and likely to result in most districts being in compliance in the near future – unless this bill is enacted, giving districts and opponents justification to halt progress.

It is important to note that according to CCET, an unanticipated benefit of this law is that an accounting of purchases and agreements has helped districts to identify redundancies and inefficiencies, effectively streamlining purchases and processes. We commend CCET on its work and commitment to the privacy of students.

Still, a permanent Advisory Council that enables all stakeholders to collaborate on behalf of students is necessary and should be added into the law. As many of you know, we often do our best work when all voices are represented and working together to address shared challenges and develop collaborative solutions.

It should also be noted that PA 16-189 did not stop the collection of student data or its appropriate use for instructional purposes and to improve student learning. It simply provided greater notice and transparency for parents and delineated contract provisions and technical security safeguards, while seeking to address misuse and instances of breach.

The jury is no longer out. There has been a wealth of information and resources to help us understand why it is necessary for us to do this and how to do it right. We have learned from state and federal guidance documents, two legislative sessions worth of public hearings and forums, television and radio reports, and too many news articles with headlines shouting “breach”. We urge that you stand behind this policy and stand with the parents and students of your districts by saying “No Delay

Now is the time to make sure legislators understand that they should reject the effort to undermine Connecticut’s new student privacy law.

ALERT – Legislation seeking to undo student privacy protections now before CT Legislature’s Education Committee

In this day and age of widespread data breaches, Governor Dannel Malloy, Attorney General George Jepsen and an overwhelming majority of Connecticut state legislators say they support privacy protections.  They’ve even passed laws that guarantee notification and required protection for those whose data has been breached.

But in an incredibly underhanded maneuver, a new bill is being considered by the Education Committee that would roll back critically important protections for parents and children if data collected at school is breached.

House Bill 7207 strips the protection that students currently have by repealing the existing requirement that parents be notified if their child’s information is released via a corporate breach.

One would think that elected officials would be outraged, but with industry lobbying seeking to turn back the clock on these important notification requirements there is only silence from Governor Dannel Malloy and Attorney General George Jepsen — both of whom publicly bragged about their commitment to protecting Connecticut residents from data breaches.

In fact, just two years ago, Malloy and Jepsen pushed for legislative action requiring companies to notify and protect residents in the case of a breach and last year Malloy signed the new education law (Public Act 16-189) which targeted companies that do business with public schools.

But now with the new push to undo those protections, Malloy and Jepsen are nowhere to be seen.

As the parent run Connecticut Alliance for Student Privacy explains,

This year’s proposed bill (HB 7207) delays the effective date of the law passed last session from October 1, 2016 to July 1, 2018. 

The law, as passed last year, did not stop the collection of student data or its appropriate use for instructional purposes or to improve student outcomes. It simply provides greater notice and transparency for parents and delineates contract provisions and technical security safeguards, while seeking to address misuse and instances of breach.

The effort to undo Connecticut’s new law is even garnering national attention.  Fellow education advocate and blogger, Cheri Kiesecker, recently posted the following on her Missouri Education Watchdog blog.

Connecticut legislators don’t want to protect students after all. Attacking Student Data Privacy Law–AGAIN.

Connecticut passed a student data privacy and transparency bill, Public Act 189,  in 2016.

The bill adopted common sense policies associated with contracts between school districts and corporations that collect, maintain, and share student data.  The CT law does NOT limit data collection, does not require parental consent prior to collecting data, it only asks that NEW or renewed contracts and bids collecting student data must handle data appropriately. The law requires parents to be notified if their child’s data is breached. To their credit, the CT Commission on Educational Technology has done great work and is prepared and ready for this law to be implemented.  You can see their plan here: Operationalizing Public Act 189.

Why then, are some lawmakers in CT introducing bills to cripple this new law that protects student data privacy? Do they not think that keeping student data safe, notifying parents of a breach is important?

You may remember one Connecticut legislator introduced a bill in January to entirely repeal this new student privacy law.  As CT blogger and parent Jonathon Pelto wrote,

“…in an astonishing, baffling and extremely disturbing move, State Representative Stephen Harding (R-107th District) has introduced legislation (HB 5233) to repeal this important law (Public Act 16-189)

…It is not clear who would ask Representative Harding to propose such a bill or why the representative would seek to do such harm to Connecticut’s students, parents and public schools.”

Fortunately, Representative Harding withdrew the bill after receiving much pushback (understandably) from the parent community.

New bill “Revising” CT Student Privacy to be heard Monday, March 6

This past week a new bill, 7207 to “revise” the student data privacy law, was introduced, and will be heard by the CT Joint Education Committee this Monday, March 6.  This kind of a rush job could imply that they are hoping to pass this bill without giving parents time to react.  This new bill, 7207, wants to repeal the data privacy law and delay further implementation until July 1, 2018.   This would remove existing protection of school children for over a year.  WHY?

The Student Data Privacy Law has been in effect since Oct. 1, 2016; it only applies to NEW contracts, only asks for transparency, the CT Edtech Commission has already done the work to implement it. WHY, would Connecticut want to now repeal protection and transparency?

[…]

Is it asking too much that when a company contracts with a school and collects and uses and shares children’s data, that the data be kept safe and parents be able to see how that data is used, breached, and not sold?

By repealing or delaying this law, who are they protecting?

Connecticut parents and other citizens opposed to stripping children of the privacy protections contained in Public Act 189 should take immediate steps to notify their legislators that this unwarranted and inappropriate assault on protecting students and parents must be defeated.

For more about this legislative effort to undermine Public Act 189 go to the CT Alliance for Privacy in Education’s Facebook Page: https://www.facebook.com/CTStudentDataPrivacy/posts/618261395030545

Republican legislator introduces bill to repeal Connecticut’s STUDENT DATA PRIVACY ACT.

When it comes the Connecticut General Assembly and education policy, one of the most important developments was the passage, last year, of a new Connecticut Student Data Privacy Act that requires school districts to institute reasonable safeguards when selling, sharing or providing outside entities access to student information, student records, or student-generated content.

Without this law, many school districts had failed to adopted appropriate policies associated with contracts between school districts and corporations that are interested in collecting, buying, selling or using what should obviously be confidential student data.

Now, in an astonishing, baffling and extremely disturbing move, State Representative Stephen Harding (R-107th District) has introduced legislation (HB 5233) to repeal this important law (Public Act 16-189)

Representative Stephen Harding was elected to the Connecticut House of Representatives in a 2015 Special Election and then ran unopposed in 2016.  He represents Brookfield and parts of Bethel and Danbury.  It is not clear who would ask Representative Harding to propose such a bill or why the representative would seek to do such harm to Connecticut’s students, parents and public schools.

However, Harding’s bill (https://www.cga.ct.gov/2017/TOB/h/2017HB-05233-R00-HB.htm) would do exactly that.

Without the law there would be no requirement that schools districts have contractual standards that limits the use or potential abuse of student data by vendors.

The law simply requires transparency and standards about how children’s information can be  used, secured, accessed by third party contractors or online online operators and clearly states that work created by students belongs to those students.

Parents and privacy advocates may want to contact State Representative Stephen Harding (R-107):

Capital Office:  (800) 842-1423 or (860) 240-8700.
Website: http://www.cthousegop.com/harding/main/
Facebook Page: https://www.facebook.com/repharding/

Concerned individual should also consider contacting the legislature’s Education Committee to urge them not to take up Harding’s anti-student, anti-parent legislation.

Education Committee Office: (860) 240‑0420

For more information about this law and attempts to repeal it, go to the  CT Alliance for Privacy in Education. CAPE Facebook page.

As the Alliance notes, “No friend to children, to parents, to security, or transparency” would propose delaying or repealing this vital law.

Meanwhile, as the Missouri Education Watchdog blog reports in The proposed NSA-like national database for student data: Moneyball for kids, there is a move afoot to build a new massive “national database,”:  See “Student data systems unite!-2010 and recently re-fueled by Bill Gates’ 2016 Priorities, which outlines the need to link k12 data with higher ed data, creating a national database.  MEW wrote about this and another commission on collecting, ranking student emotions here.  Gates is lobbying to create a national student tracking database on k-12 children, which is currently banned.”

For more information about this national effort go to:  http://missourieducationwatchdog.com/the-proposed-nsa-like-national-database-for-student-data-moneyball-for-kids/

 

Malloy and Wyman turn their backs on Connecticut students, parents and teachers – What will legislators do?

Governor Malloy, Lt. Governor Wyman, Commissioner of Education Wentzell – you bring shame to your office and yourselves by denying parents’ fundamental and inalienable right to opt their children out of the unfair, inappropriate and discriminatory Common Core SBAC tests.

Legislators who support your lies, bullying and illegal tactics should lose in November 2016.

It’s not too late for state senators and state representatives to do the right thing….

Legislators should;

  • Demand that Malloy and Wyman and their administration stop lying and misleading parents about their right to opt their children out of Connecticut’s Common Core SBAC testing program.  As Malloy, Wyman and their top appointees know, there is absolutely NO federal or state law that prohibits parents from opting their children out of the SBAC testing scheme and NO federal or state law that allows the government or local school districts to punish students or parents for opting out.
  • Demand that when it comes to the opt out issue, local school officials must treat their students, parents and teachers with respect and that the ongoing bullying and abuse will not be tolerated.  School administrators who abuse students and parents have violated their duties as educators and public servants and should be removed from their jobs.
  • Stop the Malloy administration’s immoral effort to punish school districts if more than five percent of the students are opted out by their parents.  Withholding federal funds designated for helping poor children and punishing students, teachers, schools and local taxpayers when parents have stood up for their children is beyond unethical – such policies have no place in a civilized, democratic society.
  • Ensure that state law is changed in a way that not only decouples SBAC testing participation rates from the Malloy administration’s absurd school accountability and ranking system, but prohibits the use of the test results in Connecticut’s teacher evaluation system.  Connecticut deserves a teacher evaluation system that provides accurate and relevant information about how public school teachers are doing, not a system that is meaningless because it relies on factors beyond a teacher’s control.
  • And finally, the Connecticut General Assembly should adopt legislation that will protect the privacy rights of students, parents and teachers.  Big data and data mining have no place in our public schools.  The ongoing effort to turn our children into profit centers for private companies must stop.

When it comes to education issues, politicians who align themselves with Malloy, Wyman, so-called “education reformers” and the charter school industry are turning their backs on the students, parents, teachers, public schools and citizens of Connecticut.

These politicians should not be allowed to hold public office.

For more about these issues read:

More shocking and disturbing reports of Connecticut school officials misleading parents and bullying children on Common Core SBAC testing!

What parents don’t know about the massive data collection that is taking place in public schools

Education reformers and charter school industry are jacking our legislature.

ALERT – Students opted out of SBAC testing must be provided alternative location during testing

Why Common Core SBAC results SHOULD NOT be part of the teacher evaluation process

Yes, CT State Department of Education Officials’ behavior was rude and appalling!

 

sbac graphic

Public Good or Private Gain – the story behind the Corporate Education Reform Industry’s Data Mining Effort

[A long but extremely important read]

While most of the attention surrounding the Corporate Education Reform Industry has been on the implementation of the Common Core, the Common Core testing scheme, the inappropriate teacher evaluation systems and the privatization of public education via charter schools, one of the most disturbing elements of the effort to “transform” public education has been an associated program to create a massive database and corresponding data mining activities.

For additional background read the April 2015 Wait, What? Post –  They have your child’s data and they aren’t afraid to use it.  Connecticut parents who want to know more about this issue should follow the FB Page Student Data Privacy: A Voice for the Connecticut Children of P20 WIN 

Called the P20 WIN (Preschool through Twenty and Workforce Information Network) in Connecticut and housed under the Board of Regents, the publicly funded program seems simple enough;

To improve education and employment opportunities for students, Connecticut needs a system that links data between agencies as students progress from early childhood into jobs and careers.

Connecticut’s Preschool through Twenty and Workforce Information Network (P20 WIN) provides a way for agencies to share and match data securely while protecting student, worker and employer privacy. Education and workforce leaders can then have information to make decisions for improving our students and the state.

However, the issues associated with control and use of the data makes the program much more complex.

In a recent article on the subject, the Washington Post’s Valerie Strauss wrote;

Parental concerns about student privacy have been rising in recent years amid the growing use by schools, school districts and states use technology to collect mountains of detailed information on students. Last year, a controversial $100 million student data collection project funded by the Gates Foundation and operated by a specially created nonprofit organization called inBloom was forced to shut down because of these concerns, an episode that served as a warning to parents about just how much information about their children is being shared without their knowledge.

Valerie Strauss then posted a detailed explanation of the issue written by fellow education blogger Leonie Haimson and Cheri Kiesecker, the co-founder of Parent Coalition for Student Privacy.

Leonie Haimson and Cheri Kiesecker explain the story behind the story;

Remember that ominous threat from your childhood, This will go down on your permanent record?” Well, your children’s permanent record is a whole lot bigger today and it may be permanent. Information about your children’s behavior and nearly everything else that a school or state agency knows about them is being tracked, profiled and potentially shared.

During a February 2015 congressional hearing on “How Emerging Technology Affects Student Privacy,” Rep. Glenn Grothman of Wisconsin asked the panel to “provide a summary of all the information collected by the time a student reaches graduate school.” Joel Reidenberg, director of the Center on Law & Information Policy at Fordham Law School, responded:

“Just think George Orwell, and take it to the nth degree. We’re in an environment of surveillance, essentially. It will be an extraordinarily rich data set of your life.”

Most student data is gathered at school via multiple routes; either through children’s online usage or information provided by parents, teachers or other school staff. A student’s education record generally includes demographic information, including race, ethnicity, and income level; discipline records, grades and test scores, disabilities and Individual Education Plans (IEPs), mental health and medical history, counseling records and much more.

Under the federal Family Educational Rights and Privacy Act (FERPA), medical and counseling records that are included in your child’s education records are unprotected by HIPAA (the Health Insurance Portability and Accountability Act passed by Congress in 1996). Thus, very sensitive mental and physical health information can be shared outside of the school without parent consent.

Many parents first became aware of how widely their children’s personal data is being shared with third parties of all sorts when the controversy erupted over inBloom in 2012, the $100 million corporation funded by the Gates Foundation. Because of intense parent opposition, inBloom closed its doors in 2014, but in the process, parents discovered that inBloom was only the tip of the iceberg, and that the federal government and the Gates Foundation have been assisting the goal of amassing and disclosing personal student data in many other ways.

Ten organizations joined together, funded by the Gates Foundation, to create the Data Quality Campaign in 2005, with the following objectives:

  • Fully develop high-quality longitudinal data systems in every state by 2009;
  • Increase understanding and promote the valuable uses of longitudinal and financial data to improve student achievement; and
  • Promote, develop, and use common data standards and efficient data transfer and exchange.

Since that time, the federal government has mandated that every state collect personal student information in the form of longitudinal databases, called Student Longitudinal Data Systems or SLDS, in which the personal information for each child is compiled and tracked from birth or preschool onwards, including medical information, survey data, and data from many state agencies such as the criminal justice system, child services, and health departments.

A state’s SLDS, or sometimes called a P20 database (pre-K to 20 years of age), P12, or B-20 (data tracking from birth), have been paid for partly through federal grants awarded in five rounds of funding from 2005-2012. Forty-seven of 50 states, as well as the District of Columbia, Puerto Rico, and the Virgin Islands, have received at least one SLDS grant.

Although Alabama, Wyoming and New Mexico are not included on the site linked to above, Alabama’s governor recently declared by executive order that “Alabama P-20W Longitudinal Data System is hereby created to match information about students from early learning through postsecondary education and into employment.” Wyoming uses a data dictionary, Fusion, that includes information from birth. New Mexico’s technology plan shows that they moved their P-20 SLDS to production status in 2014 and will expand in 2015. This site run by the Data Quality Campaign tracks each state’s SLDS.

Every SLDS has a data dictionary filled with hundreds of common data elements, so that students can be tracked from birth or pre-school through college and beyond, and their data more easily shared with vendors, other governmental agencies, across states, and with organizations or individuals engaged in education-related “research” or evaluation — all without parental knowledge or consent,.

Every SLDS uses the same code to define the data, aligned with the federal CEDS, or Common Education Data Standards, a collaborative effort run by the US Department of Education, “to develop voluntary, common data standards for a key set of education data elements to streamline the exchange, comparison, and understanding of data within and across P-20W institutions and sectors.”

Every few months, more data elements are “defined” and added to the CEDS, so that more information about a child’s life can be easily collected, stored, shared across agencies, and disclosed to third parties. You can check out the CEDS database yourself, including data points recently added, or enter the various terms like “disability,” “homeless” or “income” in the search bar.

In relation to discipline, for example, CEDS includes information concerning student detentions, letters of apology, demerits, warnings, counseling, suspension and expulsion records, whether the student was involved in an incident that involved weapons, whether he or she was arrested, whether there was a court hearing and what the judicial outcome and punishment was, including incarceration.

This type of information is obviously very sensitive and prejudicial, and often in juvenile court, records are kept sealed or destroyed after a certain period of time, especially if the child is found innocent or there is no additional offense; yet all this information can now be entered into his or her longitudinal record with no particular restriction on access and no time certain when the data would be destroyed.

Expanding and Linking Data across States

Nearly every state recently applied for a new federal grant to expand its existing student longitudinal data system, including collection, linking and sharing abilities. You can see the federal request for proposals. Pay special attention to Section V, the Data Use section of the grant proposal, requiring states to collect and share early childhood data, match students and teachers for the purpose of teacher evaluation, and promote inter-operability across institutions, agencies, and states.

The 15 states and one territory, American Samoa, that won the grants were announced Sept. 17, 2015, and are posted here. President Obama’s 2016 budget request has a number of additional data­ related provisions, including a near tripling in funding for State Longitudinal Data Systems ($70 million) and Department of Labor Workforce Data Quality Initiative ($37 million) aimed at attaching adult workforce personal data with his or her student records.

Though the federal government is barred by law from creating a national student database, the U.S. Department of Education has evaded this restriction by means of several strategies, including funding multi-state databases, which would have been illegal before FERPA’s regulations and guidance were rewritten by the Department in 2012.

The federal grants encourage participation in these multi-state data exchanges. One existing multi-state database is WICHE, the Western Interstate Commission for Higher Education, which includes the 15 Western states that recently received an additional $3 million from the federal government. This WICHE document explains that the project was originally funded by the Gates Foundation, and that the foundation’s goal of sharing personal student data across state lines and across state agencies without parental consent was impermissible under FERPA until it was weakened in 2012:

Upon approval of WICHE’s proposal by the Gates Foundation, the pilot MLDE (Multistate Longitudinal Data Exchange) project began in earnest in June, 2010, and the initial meeting to begin constructing the MLDE was held in Portland, Oregon, in October, 2010. It is worth placing the launch of the MLDE pilot within an historical timeline of events bearing on the development and use of longitudinal data. As the project got underway, the federal government’s guidance on the application of the Family Educational Rights and Privacy Act (FERPA) was still fairly restrictive. Indeed, based on a subsequent conversation with a member of the Washington State Attorney General’s office, our plans to actually exchange personally identifiable data among the states would be impermissible under the FERPA guidance in effect at that time. Though we were told we would have been able to assemble and use a de-identified dataset, which would have shown much of the value of combining data across states, not being able to give enhanced data back to participating states would have been a serious setback. Changes in the federal government’s guidance on FERPA that went into effect in January, 2012 resolved this problem.

The new guidance permitted the participating states to designate WICHE as an authorized representative for the purposes of assembling the combined data, while also allowing the disclosure of data across state lines and between state agencies.

Since 2010, the Gates Foundation has funded WICHE with more than $13 million. Just to underscore how powerful this organization has become, Colorado Lieutenant Governor Joe Garcia just stepped down from his post to head WICHE. Here is a helpful chart showing how student personal data is to be shared, among state agencies and across state lines.

Existing multi-state databases include not just WICHE, but also SEED, formerly Southeastern Education Data Exchange, now called the State Exchange of Education Data, including Alabama, Colorado, Florida, Georgia, Kentucky, North Carolina, Oklahoma, and South Carolina.

This North Carolina PowerPoint from 2013 describes what detailed information is to be shared among the states participating in SEED: data aligned with CEDS, including demographic information, academic and test score data, and disciplinary records. Here is a Georgia document, explaining how SEED will be “CEDs compliant” and describes in even more detail the sort of information that will be exchanged.

In addition, the two Common Core testing multi-state consortia funded by the federal government, PARCC and Smarter Balanced, are accumulating a huge amount of personal student data across state lines, and potentially sharing that information with other third parties. Under pressure, PARCC released avery porous privacy policy last year; Smarter Balanced has so far refused to provide any privacy policy, even after requests from parents in many of the participating states.

What Parents Can Do

Ask your State Education Department if they applied for this new grant to expand their SLDS, and if so, ask to see the grant proposal. You can also make a Freedom of Information request to the U.S. Department of Education to see the grant application. Ask what methods your state is using to protect the data that the SLDS already holds, and if the data is kept encrypted, at rest and in transit. Ask what categories of children’s data they are collecting, which agencies are contributing to it, and what third parties, including vendors and other states, may have gained access to it. Ask to see any inter-agency agreements or MOUs allowing the sharing education data with other state agencies. Ask if any governance or advisory body made up of citizen stakeholders exists to oversee its policies.

You should also demand to see the specific data the SLDS holds for your own child, and to challenge it if it’s incorrect – and the state cannot legally deny you this right nor charge you for this information under FERPA.

This was conclusively decided when a father named John Eppolito requested that the Nevada Department of Education provide him with a copy of his children’s SLDS records, and the state demanded $10,000 in exchange. He then filed a complaint with the US Department of Education, which responded with a letter on July 28, 2014, stating that the state must provide him with the data it holds for his child, as well as a record of every third party who has received it; and that they cannot charge a fee for this service.

Parents also have the right to correct their child’s data if it is in error. Apparently Mr. Eppolito found many errors in his children’s data. Even if it is accurate, the data that follows your child through life and across states could diminish his or her future prospects. As this Department of Education studypoints out,

“…imagine a student transferring from another district into a middle school that offers three levels of mathematics classes. If school staff associate irrelevant personal features with mathematics difficulties, the representativeness bias could influence the student’s placement… educators have been found to have a tendency to pay more attention to data and evidence that conform to what they expect to find.”

Schools could use this data to reject students, push them out, or relegate them to remedial classes or vocational tracks.

There is also abundant research that shows that a teacher’s expectations play a significant role in how a student performs – especially for marginalized groups. This is called the Pygmalion effect in the case of a teacher’s positive expectations, and the Golem effect in the case of negative expectations. These studies reveal that if teachers are provided with positive or negative information about their students before having a chance to form their own opinions based upon actual experience, this prior information often tends to bias their judgments and perceptions of that student, creating self-fulfilling prophecies.   Parents should be legitimately fearful that positive or negative data may be used to profile their children, and potentially damage their chance of success.

What Else Can You Do?

If you send your children to a public school, under current federal law you have no way of opting out of the P20 profile that has been created by your state and potentially shared with others. You also have no right to refuse to have your child’s data disclosed to testing companies and other corporations in the name of evaluation and research. Researchers have legitimate interests in being able to analyze and evaluate educational programs, but any sensitive personal data should be properly de-identified and there must be strict security provisions to safeguard its access and restrict further disclosures, as well as a time certain when it will be destroyed. You do have the right to see that data, and challenge it if it is inaccurate.

You should also advocate for stronger state and federal laws to protect your child’s data and laws that give parents and students the right of ownership, including the ability to decide with whom it will be shared. You should urge your state Education Department to create advisory or governance boards that include stakeholder members, to provide input on restrictions on access and security requirements.

Any federal and state student privacy legislation should embrace five basic principles of student privacy, transparency and security, developed by the Parent Coalition for Student Privacy. Ask your elected officials to support TRUE data privacy and transparency legislation, to protect children. Parents deserve to know the data collected and shared about their children, and they should be guaranteed that their children’s data is safe from breaches and misuse.

NOTE;  A leader in the battle to ensure appropriate student privacy in Connecticut is Jennifer Jacobsen, a long time educator, mother of three, a founding member of Connecticut Unites for Student Privacy and a member of the Connecticut Parental Rights Coalition.  You can read one of her commentary pieces at: http://ctviewpoints.org/2015/04/27/connecticut-schools-need-comprehensive-protection-of-student-data-privacy/  

For more check out: http://connecticutunites.weebly.com/references-and-resources.html

 

Will CT elected officials enact appropriate safeguards on student privacy this session?

The Connecticut General Assembly will soon be acting on House Bill #7017, An Act Concerning Student Data Privacy.

However, as of now this critically important legislation is little more than an empty shell and it falls far short of what is needed to ensure that Connecticut law properly protects the state’s children by instituting appropriate safeguards on data collected by the state and school districts about students.

Although few parents are presently aware of the problems, as a result of federal action, the Common Core testing frenzy and the ever increasing desire to collect and warehouse massive amounts of data on everybody and everything, the notion of protecting student data at the federal, state and local level has been severely undermined.

Today student data is not properly protected.

In response to these developments, states all across the country have passed new laws aimed at putting appropriate safeguards in place on student data.

This year alone, 41 states have or are considering legislation that would increase the level of protection on student data.

The Connecticut’s General Assembly’s opportunity to step forward and protect Connecticut’s children rests with House Bill #7017, but significant changes would be needed if the legislation is to have a significant impact.

Jennifer Jacobsen, a long time educator, mother of three, a founding member of Connecticut Unites for Student Privacy and a member of the Connecticut Parental Rights Coalition has been a leading voice in the effort to ensure that Connecticut improves its laws on student data privacy.

In a recent letter Jennifer Jacobsen highlighted the steps needed to update loopholes with the Family Educational Rights and Privacy Act (FERPA), to institute appropriate provisions for dealing with online and third party vendors who contract with the state and schools that collect student data, and changes needed to ensure proper procedures for regulating Connecticut’s “state longitudinal data system,” known as P20-WIN, so that there is transparency, accessibility and protection in place.

The proposed law needs to include the following provisions;

  • Clarification that All student records are the property, and are under the control of, the parent or legal guardian of the child, and may be held in trust by the local board of education. The local board of education shall safeguard the privacy of student records, and shall protect student records from all unlawful release to third parties, in accordance with state and federal statutes and regulations.
  • A requirement that, upon request, the local board of education shall provide immediately to the student, parent, or legal guardian, a copy of any student record, or data of any kind, that is in the possession and/or control of the local board of education and its agents and the state longitudinal data.
  • Adding language ensuring that certain data elements cannot be disclosed to third-parties without parental consent including; (a) Juvenile court delinquency records; (b) Criminal records; (c) Student biometric information; and (d) Student medical Records.

In addition, tougher provisions are needed to limit the likelihood of a data breach and ensure that proper steps are taken if and when a breach of data security occurs. As Jacobsen notes, the legislature should add that:

The State Department of Education and its agents, and the local board of education and its agents, shall notify the student and parent or legal guardian of a student of any unauthorized access, or suspected unauthorized access, to any student record or data of any kind that is collected, maintained, or in the possession and control of the State Department of Education and its agents, the local board of education and its agents, and any other authorized third party.

Each unauthorized release of, or breached access to, any student record or data of any kind that is collected, maintained, or in the possession and control of the State Department of Education and its agents, the local board of education and its agents, and any other authorized third party, shall be considered a separate violation, punishable by (add appropriate penalties- fines, denied access to data systems, etc).

Upon notification of an unauthorized release or breach, or suspected unauthorized release or breach, of student records or data of any kind, the State Department of Education and its agents, the local board of education and its agents, and any authorized third party, immediately shall ensure that all necessary corrections are made to prevent further release or breach, and shall repair and rectify all harm caused by the unauthorized release or breach.

These additions are necessary to update Connecticut’s law on protecting student data.  As Jacobsen explains,

“These proposed changes and additions allow third party vendors and state agencies the opportunity to ensure their proper handling of the data they collect with ultimate responsibility to safeguard the students behind the data while still having access to de-identified data for research or product development purposes.

These recommendations also permit parents the access they need to ensure the accuracy of the data collected on their children and assures them that the state has taken every measure possible to protect their children’s information with serious consequences for those who would either intentionally or unintentionally misuse that information.”

The Connecticut General Assembly should add these provisions, Connecticut’s parents and students deserve nothing less.

Big Brother [The Smarter Balanced Assessment Consortium SBAC] is spying on our children!

WARNING!

Public school students in grades 3-8 will begin taking the unfair, inappropriate and discriminatory Common Core Smarter Balanced Assessment Consortium (SBAC) Tests this week.  Children in PARCC States, the alternative Common Core Testing Program begin taking their tests last week.

The Common Core SBAC Testing period runs March 17 – June 15, 2015

The following is just one of the many reasons parents should opt their children out of the destructive Common Core SBAC Tests.

Read the following statement that was provided to all states administering the Smarter Balanced Assessment Consortium (SBAC) Tests;

Please note that the social media Web sites are being monitored by Smarter Balanced Communications staff members.

In fact, the SBAC consortium has enlisted the help of state governments, school districts, schools and test administrators to participate in their spying operation.

The SBAC Spying Memo is entitled, “GUIDANCE FOR SOCIAL MEDIA MONITORING DURING THE FIELD TEST,” and it states:

The Consortium is closely monitoring social media networks for security breaches and escalating to states when appropriate.

Test Administration Procedures

To get ahead of the problem and reduce the number of security breaches on social media, we encourage you to refer to the Smarter Balanced Test Administration Manual (Appendix B) for detailed information on the impact and definition of incidences as well as the timeline for reporting these activities.

Sites to Monitor

Twitter (https://twitter.com/.)  If your school has a Twitter account, you can take advantage of following your students by requesting their @username and/or encouraging them to the follow the school Twitter account.

  • To search for conversations and posts about the Field Test, consider the following search queries: #sbac or #smarterbalanced; #[insert name of school] or @[insert school Twitter handle] and “smarter balanced” or “sbac”

Facebook (https://www.facebook.com/)  If your school has a Facebook page, invite your students to join. If your students have public profiles, you can also search their news feed and photo gallery for security breaches.

  • Similar to Twitter, you can conduct searches by entering “smarter balanced” or “sbac” or “[insert name of school]”

Statigram (statigram.com.) Statigram is a webviewer for Instagram and allows you to search and manage comments more easily. You will need to create an account for yourself to search comments on Statigram. If you have a private account, you can use this information to login and review information.

  • To search for posts about the Field Test, use the same search queries recommended for Twitter.

And for those who think the SBAC statement and instructions are simply being used to scare districts, schools, teachers and students into adhering to the SBAC security guidelines, think again.

Just last Friday New Jersey blogger Bob Braun reported that Pearson, the company that produces the Common Core Tests, was spying on the social media posts of New Jersey students.  After the story was posted, a cyber-attack brought down his site. See: ALERT: Bob Braun’s Blog Has Been Attacked and Closed Down After Post About Pearson Spying on Students.

 Here in Connecticut, there is even a memo from SBAC to the Connecticut State Department of Education highlighting their spying activity;

The memo is dated April 4, 2014 (during the last year’s Test of the Test) and the Smarter Balanced Assessment Consortium (SBAC) writes,

“Connecticut has experienced a large number of test security breaches during the first two weeks of testing. Students have had access to cell phones during testing and are posting pictures of test items to social media Web sites.

Please direct all Test Coordinators and Test Administrators to review Section 3.1 “Security of the Test Environment” in the Online Field Test Administration Manual (TAM).

Test administrators should be actively monitoring test sessions and should ensure that students do not have access to cell phones or other mobile devices during testing.”

And the corporate and government spying on Connecticut’s children is just the tip of a much larger and disturbing iceberg of danger and deceit.

Data about Connecticut’s Children:

The Connecticut State Department of Education, like state education agencies across the country, are telling parents that the massive amount of data collected on our children will remain secret. The Connecticut State Department of Education reads;

“All confidential data are stored on secure servers behind stringent multi-level firewall protections and monitored by sophisticated intrusion detection software. Data are only accessible to individuals with the requisite authorization.”

But then there is this….

“[Connecticut State Department of Education] retains ownership of all confidential data that may be shared with any other organization pursuant to an authorized agreement.”

Connecticut State Government retains ownership of all confidential data shared with other organizations?

The data collection process associated with the Smarter Balanced Assessment Consortium SBAC Test is through an authorized agreement with the American Institutes for Research.

According to the company’s website,

“AIR is one of the nation’s leading providers of academic assessments, and has been providing accessible, standards-based statewide adaptive testing services since 2007…”

[…]

AIR has partnered with Data Recognition Corporation, one of the nation’s most respected assessment organizations, to deliver these services.”

And so how safe is all that confidential data that is owned by the Connecticut State Department of Education but shared with companies like the American Institutes for Research and the Data Recognition Corporation?

May 2014 – Major School Research and Assessment Provider Suffers Data Breach

(May 19, 2014), The American Institutes for Research, a major research and testing organization with a significant presence in K-12 education in the United States, suffered a serious data breach earlier this month.

After one of the organization’s servers was hacked, the sensitive personal information of as many as 6,500 current and former employees, including Social Security numbers and personal credit card information, was compromised, an AIR spokesman confirmed during an interview Monday with Education Week.  No student or client information was affected.

Claiming student data was safe, AIR’s director of public affairs explained, “The breach only affected our business systems.” 

And just last week, AIR was hit with another “cyber-attack,” this one via the software running Florida’s Common Core Test.  

“Citing testing provider American Institutes for Research, the [Florida] state education department said the hack, which is being investigated by the Florida Department of Law Enforcement, “will not compromise student performance on the test or any personal student data.”

This is the week to opt your children out of the Common Core SBAC Test….

And if your local school administrator says that is a problem, point them to the Wait? What? Blog for guidance for how to handle their moral, ethical and legal responsibilities.

Then remind them what George Orwell said in his book, 1984,

 Freedom is the right to tell people what they do not want to hear.

Student privacy concerns continue to grow (Guest Post by Maria Naughton)

Maria Naughton is an educator, educational consultant and public school parent.  She is a frequent guest columnist here at Wait, What? and writes commentary pieces for the New Canaan Advertiser where this piece was first posted. See: http://ncadvertiser.com/43686/student-privacy-concerns-continue-to-grow/

It is all about the Data – The uncomfortable truth about teaching in America

Privacy protections for our youngest citizens are undergoing a troubling transformation due to recent policy changes, and requirements in education. As a result, both state and private entities are gaining expanded access and use of individual-level student data. Upon closer examination, it is becoming abundantly clear that greater controls need to be put in place.

To explain further, a key requirement of the education-related Race to the Top program mandated collecting data on students to “ensure” their successful navigation into the workforce. This has resulted in an almost non-stop (and ever-expanding) stream of information being collected and stored on our children, starting as soon as they enter formalized schooling, and possibly sooner.

At the state level, data on children will be aggregated from various state agencies into one system. This personally identifiable information (PII), will be collected from birth and into the workforce, and will be made accessible to Federal agencies. Maintained in federally-funded state repositories (P20WIN in Connecticut), this data, we are told, is necessary to ensure that our children are “college and career ready.”

However, in order to make that PII more accessible than in the past, the Family Educational Rights and Privacy Act or FERPA was redefined by the Obama administration, removing longstanding federal protections for children. Most of us would agree that teachers making data-driven decisions to ensure student success make perfect sense. But the lack of insight as to how this state-level digital dossier will be used, or where captured data is stored, is disturbing.

This information gathering will begin early. Nationally, in grant-funded preschools, educators are learning that those much-needed federal dollars come with strings attached. Teachers are finding they have endless reporting requirements about their young students, which cover everything from toileting habits to cooperation skills, to expressions of understanding and “empathy” towards others. Schools are being mandated to use programs like Teaching Strategies Gold, into which teachers spend inordinate amounts of time entering up to ten “domains” of information, even submitting photos and videos to provide what they call evidence, to ensure toddlers are on the track to success.

Behaviors common in preschool, like biting or whining, while just a blip on the radar of child development, may now be logged forever in an electronic student record. And while the appropriate course of action would be for a teacher and parent to discuss the behaviors, entering them into a database will allow unseen analysts to perceive them as indicators of a potential mental health issue, when in fact, a child might just be having a bad day.

Of course, preschool teachers have always monitored the progress of the children in their care. What is disturbing is the submission of this data to unknown entities and the lack of understanding about where it goes. In Connecticut, the Early Childhood Information System (ECIS) is under development, and will be part of the newly-funded Office of Early Childhood. This ECIS system will connect to the P20WIN, ensuring contiguous progress monitoring on children. The P20WIN is overseen by an appointed Data Governance Board, which holds the authority to release that data upon request to organizations meeting the “educational use” requirement. This illustrates just how far removed parents and families have become from how these agencies are using their children’s information.

Data gathering does not stop at preschool. As children move through the public school system, they will continue to generate personal data, often through online programs and third-party vendors not under the direct control of the schools. A key component to education reform involves the concept of “personalized learning.” Parents should familiarize themselves with this term. This involves students using an electronic device, and an online program, with or without teacher instruction, to learn. Theoretically, by using analytics and algorithms, the online instruction is tailored to the student’s individual needs.

Recent online programs in use in the Norwalk public schools include programs like mClass for literacy or Total Motivation, a program meant to teach critical thinking. These programs capture online responses and behaviors, in order to be personalized. While it is easy to appreciate the entrepreneurial spirit of the new products flooding the market as a result of the educational reforms, conflicts begin to emerge about who benefits most from the use of these innovative, albeit new teaching methods.

To clarify, using methodologies with a proven track record for students makes sense. However, that proof may not be evident with some new web-based products, which are under continuous development. As an example, a recent Grossman Family Foundation study in Connecticut looked at the impact of using mClass in certain pilot schools, over other reading programs and found the differences in achievement, “statistically insignificant.” Yet, while the benefits to students are negligible, the vendors do benefit from student feedback through use of the product. As a direct result of the FERPA law change, those responses may be used by the organization for future product development, without parental consent, effectively putting students in the position of being unsuspecting, and unpaid, product testers, instead of receiving time-tested and effective instruction.

In addition, the “digital dossier” will grow as more and more students submit to online instruction as part of their public education. As of right now, there is little protection for a child’s online profile, or the sharing of that data with others. Proposals like President Obama’s recently introduced Student Digital Privacy Act, while appearing to protect students, actually only clarifies that personal student data may be shared as long as it is for “educational purposes.” This new act, which does nothing to keep this data out of the hands of the educational product vendors, is a cleverly titled fig leaf which allows States to assuage the growing privacy concerns being raised by parents.

These concerns are real, and state lawmakers, including those in Connecticut, are listening to their constituents. Several bills have been introduced in this legislative session, which will go further to offer privacy protections for students and their families. Additionally, legislators are seeking to understand how students’ time is being used in school with regards to online learning. These are sure to gain bipartisan support. Please stay engaged, and check in at cga.ct.gov/ to learn which Bills have been put forth, and how you can make your voice known to the Committees, which will be discussing them.

Note:  Many data collection products are being used by Connecticut public school systems.  For example, Norwalk uses mclass (mentioned above) which is a product of Amplify, the massive corporate education reform industry entity owned by media mogul Rupert Murdoch and education reformers Joel Klein –   http://www.amplify.com/assessment/mclass-reading-3d.