Monday, August 31, 2015

Before School Starts, Think About Student Data Privacy

Update:  here's a very good opt-out form from World Privacy Forum to use to opt your child out of some or all directory information in SPS.  Look for that FERPA form in your first-day packet and include this one as well.  (I am checking on the issue of if not allowing directory information will opt your child out of yearbooks.  I do not believe so.)

end of update.

A good article appeared in yesterday's NY Times that "the email addresses and search queries of the nation’s schoolchildren are a hot commodity."  

States are starting to get hip to this fact - with conservatives and liberals both having concerns, not to mention parents.  Unfortunately, tech companies and companies that make public education technology their business are as well and are rushing to create "Parents Bill of Rights" that basically are a lot of hot air and not much else.

I would like to get such a bill in front of the Washington Legislature but I hesitate because of McCleary.  Will anyone listen?  I know some legislators would sponsor it (on both sides of the aisle) but will anyone be willing to pay attention?  I would prefer a state law over any federal law as the feds would water it down to nothing.  
In May, Georgia adopted a law barring online services designed for elementary through high school from selling or sharing students’ names, email addresses, test results, grades or socioeconomic or disability information. It also bars them from using the data to target students with ads.

In August, Delaware enacted a law that forbids online school services from selling students’ personal details — including their political or religious affiliations, food purchases, text messages, photos, videos and web searches — or using the information to market to them.

California, a national trendsetter in privacy legislation, enacted a landmark law that specifically prohibits online school services from using students’ personal data to show them personalized ads; more generally, the law bars the services from employing student data for nonschool purposes.
Those are just two of the 182 bills introduced in 46 states this year intended to bolster protections for student information, according to a report this month from Data Quality Campaign, a nonprofit group that advocates the effective use of student data in education.  Fifteen of those states have passed 28 laws, said the group, which is financed in part by the Bill and Melinda Gates Foundation.

Yes, the Gates Foundation is involved in this issue and that is troubling.  The DQC is trying to dominate the conversation and yet they barely existed a couple of years ago.  I note that DQC is having an "Education Data Summit" in early October in Washington, D.C. 

The activity stands in stark contrast to legislative interest just two years ago, when Oklahoma was the only state to pass such legislation. It also provides a clear indication of the rapid adoption of learning apps in classrooms — and of concerns that these novel technologies generate a trove of new data about students that could be used in unforeseen ways.

As schools themselves increasingly analyze socioeconomic, behavioral and emotional data about students, some parents are more troubled by the possibility that the data could be used in making decisions that are damaging to their children, potentially affecting their college or job prospects.

Industry advocates, however, say the hodgepodge of state efforts could backfire — by limiting the learning apps available to schools.

Is there money to be made? Yes.  Then that statement by "industry advocates" is nonsense.  Maybe it would force them to make apps to truly help kids and not dissect them for money.

Some evidence-based education researchers would like to see school administrators require rigorous pilot studies to establish whether data-driven programs result in better outcomes for students before introducing the efforts districtwide or statewide. That includes information about students collected and maintained by the schools.

“The elephant in the room is the efficacy of wholesale student data collection,” said Khaliah Barnes of the Electronic Privacy Information Center, a research group in Washington. “More forward-thinking legislation will have to confront the issue of the overcollection of student data.


Clarify Message said...

I've noticed that school board candidate Lauren McGuire's campaign is all about data. She is silent on issues that protect student privacy, data sharing, testing(which produces data)etc.

It is time for McGuire to expand her messaging.

Melissa Westbrook said...

It's a good question for ALL candidates but yes, especially those who talk about data.

Anonymous said...

Privacy issues go beyond data collected as part of educational practice and extend to use of technology as part of class. Personal student accounts are sometimes made necessary by individual teacher requests. For example, a middle school world language teacher wanted students to use Duolingo, but it requires an email address in order to set up an account. Have you tried signing up for a new email lately? Even for a child, they require a second email and a credit card number in order to create an account. Too much data linking for me. The teacher also wanted them to use their own smart phones during class (as a dictionary resource). Not all students have a smart phone, but the expectation was that all students had them.


Anonymous said...

I think that many "family directories" or "student directories" in Seattle Public Schools are compiled by PTSAs, which are - if I am correct - not bound by your FERPA form. (Data collection is coming straight from the population, and to be clear FERPA prevents the school from providing bulk information of this sort to the PTSA.) I think that is confusing to some people.


Andrea Ptak said...

PTSA Bee is correct. I know that when we compiled a directory, we only included names of people who returned our Opt-In form, and agreed to have the info shared with other parents. It was delivered as a printed booklet, so not available digitally on the web back in the day. Not sure if PTAs keep a digital version now; they might.

I do know, that as a parent I always appreciated the ability to have the names/phone numbers and addresses of my child's classmates. Handy for planning playdates when she was in elementary, and for verifying if parents were indeed going to be chaperoning a private party when in high school.

mirmac1 said...


In the numerous PTSAs I've been involved (and one I now lead) I've never seen an "Opt-in" form. Directory info is the highest level of info available to anyone who requests it and submits a non-commercial use agreement. The parent would have had to have signed off that they do not wish to exempt themselves from directory info.

PTSAs should ONLY go through district directory information unless, during the membership application a prospective PTSA member offers up the information.

Understand that the FED and our district uses the end-run available under FERPA; any org that purportedly offers an "institutional service" does not need parent permission to access student data. That means the City and its preschool program, ConnectEDU, CCER, RoadMap and their consultants.

We must use the (weak) measure of protection provided by FERPA. When in doubt, say NO

Anonymous said...

Miramac - there was a separate SPS release form some schools used to allow parents to pick B on FERPA and opt out, but still be allowed to "opt-in" to the yearbook, PTSA directory etc.

PTSA Bee - I've been on the board of a few PTSAs too and unfortunately it is very inconsistent the extent to which the school secretary or registrar (or whoever inputs the FERPA opt out info) interprets the PTSA as being able to receive directory information (for example for the purposes of updating an email list serve for newsletters or to create a directory). I've had lists fully turned over. I've had no lists at all turned over, even for folks who don't choose B. It is confusing I agree :) (for parents, staff and PTSAs) And unfortunate too b/c most schools don't have the bandwidth to do timely communication, theus rely on the PTSAs to do the weekly newsletters. So we can be really hamstrung by NOT getting directory information.

ptsa mom

Miss Waterlow said...

Miramac - "When in doubt, say NO." In re directories, I disagree.

School directories are a hugely important resource for families and school communities. Encouraging parents not to provide contact information to other parents and students would be a very unfortunate byproduct of an uncareful concern about privacy. The directories in my children's schools have not been in formats that, as I understand the technology, would be available to anyone outside the immediate school community, unless improperly handled. PTSA's and school staff who collect and share directory information should be given guidelines for safeguarding it and should inform and assure parents of these guidelines.

In times of increasing disconnection between families and lack of community feeling at many schools, parents should be actively encouraged by the school to reach out and be responsive to other families - not least to the parents of their kids' friends, many of whom, especially as the kids get older, you might never lay eyes on (how many friends do your high-schoolers have named "you don't know 'em?"). Parents should be able to opt out of the directory, but not encouraged to do so - if that's, in fact, what you were suggesting:)

Miss Waterlow said...

For the record, I do believe that private companies should be prohibited by law from selling or using student data for commercial purposes - and any other purposes should be very strictly and transparently regulated. This would, in my opinion, be a very appropriate piece of legislation for the state to take up next session.

I also believe that the elephant in the room is not the efficacy of this data collection, but the educational efficacy of these programs and devices in the first place.