Student Data Privacy - PAY ATTENTION

Sorry to be blunt but NOW is the time to pay attention to what is coming.

There's a front-page story in the NY Times today on this issue.  I, along with several other activists, have several irons in the fire on this issue.

I tell you - as parents - this should be the SINGLE issue to most concern you.   Why?

There is NO ONE but you to protect your child's data.  Truly.

Your child cannot just be another data point (or a brick in the wall) for any number of "researchers" or data collectors.  Where is the proof that more data makes better academic outcomes? 

If you have been a parent for longer than a minute, you know that children and learning is a complex issue.  You, as a parent, know your child better than anyone and yet can you say, with complete accuracy, what is the best way for your child to learn?  In 3rd grade?  7th grade?  10 grade?

Well, having 100 data points and throwing it at the wall and seeing what sticks is not the way to go (and I believe that's about what it comes down to. )

- Recent changes to the federal education privacy law (FERPA) may leave students and families unprotected. School districts can release private information to third parties without notification to parents and parents cannot opt their students out of that data being released.

FERPA will NOT protect your child's student data privacy.  Period.  It protects the records at school - and minimally at that - NOT the data.

- with the advent of Common Core and other large-scale initiatives, the drive for MORE data from MORE groups has come.  This was verified to me by Susan Wright, the head of Technology for SPS.

- the rate of child identify theft is double the adult rate.  And many kids don't find out their identities have been compromised until they are 16 and start to use their Social Security numbers to get jobs.

-Gates has set up inBloom, huge multi-state data "cloud" for student information.  Their website says several chilling things like no guarantee of safety of data and the 400-point list of data that is available on students.  Things like adoption, discipline, parole officer, and other personal items that are really beyond the scope of most research.

InBloom pledges to guard the data but its own privacy policy states that it "cannot guarantee the security of the information stored ... or that the information will not be intercepted when it is being transmitted."

Nine states that signed up with inBloom, six have now backed out.  Mr. Gates seems to forget that if would not want this for his own children, most parents wouldn't want it for theirs.

“FIFTY percent of this project has good intentions,” Paula Noonan, a Jeffco school board member, said of the inBloom plan. “The other 50 percent is totally full of risk that hasn’t been examined and weighed.” 

Understand that some states - not ours - use SS numbers as student identifiers and even though inBloom doesn't like that, they will use and store them.

-Data breaches - did you know when Sony's Playstation database - about 77 million people - was hacked in 2011 that it is now estimated to cost them $171M.  The University of Nebraska's parent database - including financial aid info - was hacked in 2012. 

- The state of NY uploaded all their student data to inBloom... without disclosing this to parents.  The parents are furious  and fighting back.

- Oklahoma has already passed a law streamlining what can get out and other states are pushing for an opt-out for parents.  

I will be writing more on this - what my group is doing, what you can do and I cannot tell you enough that NOW is the time to learn about this and start protecting your child.


mirmac1 said…
Parents, do not be nulled into complacency because Washington was not one of the States to jump on the inBloom/Gates gravy train. The Road Map Project, as administered by PSESD (but really Gates-funded CCER) has created a South King County "petri-dish" for data collection and sharing.

I have specific knowledge that our district really has NO guidelines with respect to approving various third-parties' requests for access to your students data. Sometimes they'll require XYZ to get your consent, other times they'll say "WTH, you provide an institutional service, here's all the data, all the time."

There is a committee of non-too-concerned JSCEE staffer who will review requests for Data-is-Us requests (Pg 7). Interestingly, the district site for "School-Community Partnerships" highlights this: Procedures for Releasing Student Records and Updated Parental Cosent Forms are now available. Please note processing requests will not occur until after the start of the 2013-2014 school year. When I look at the Superintendent Procedure (signed by Susan Enfield, of course), it would seem that releasing data for some of the uses pushed by CCER/Road Map and third-parties, do not fit the procedural guidelines. Organizations like the Vietnamese Friends Association (heavily funded by the BMGF) are not conducting studies or performing institutional functions. Yet they tell everyone that they will use your student's data to help them (but mostly to bolster performance measures and build a case for additional BMGF grants) and send you a release form that the district will readily process.
mirmac1 said…
Closely read EVERY FERPA waiver form you get. Think twice before granting your consent.

That's only the half of it. Realize that there is a class of third-partiers, "institutional servicers" who will never ask your consent. And neither will SPS.
Anonymous said…
There's also some sketchy data collecting sites that are being pushed on teachers as we switch over to the new evaluation systems. I cannot remember the name of the site/program they want us to use as I'm full against it (and it's not mandatory in my district yet, so I won't be using it), but maybe someone has it right on hand. Supposedly the servers are housed in nuclear bunkers somewhere (no really), but that doesn't mean bomb-proof from a hacker standpoint. If I can come up with the name I'll put it up, it's worth asking at the district and state level if this is a good idea.

Teaching elsewhere
mirmac1 said…
"We have been using data to track student progress, report on results, and continually improve our services. When students enroll in the program, we contact their parents to obtain permission to access their data. Once parents sign the FERPA release form, VFA monitors students’ information regularly to ensure they are attending school, caught up on their assignments, and are doing well in their classes. These types of data are helpful, as we can quickly act on them. For example, if students are missing classes, tutors may have a talk with the
VFA students, and if necessary, contact their parents. Being able to monitor these data helps to course correct as necessary so students meet the targeted outcome. We also can access standardized test scores, grade progression, and other data as needed to report on outcomes. These data are helpful to analyze to see how successful we are in meeting outcomes from year to year and what changes to make to improve the program.
3. VFA has access to student data on the online Source database. This information can be accessed at any time for any student for whom we have obtained parental permission through the FERPA release form.

Unknown said…
What mirmac1 is discussing is one aspect of the issue regarding student data privacy. While I am fairly careful about signing FERPA releases, and I think every parent should be, my bigger issue is with the release, aggregation, use and storage of personally identifiable student data into huge databases without parent knowledge or consent, and that is what this article is mostly talking about.
I left out - they also want teacher data.
Worried said…
Is The Source connected to Pearson's data warehouse?

Estey and Blanford support data collection.
Worried too said…
Worried, according to this recent thread, the Source database itself appears to be hosted here in Washington. That doesn't mean Pearson doesn't have access to that data, and I sure wish someone would check into this! In fact, here's a scary thought, without explicit confirmation to the contrary from Pearson, it's likely that even if the system is fully hosted and managed by SPS, Pearson has access into the system "for system diagnostic purposes" or the like, which essentially means full access to all data. Melissa, is this something you can get a straight answer on from someone in SPS administration? There are many of us that do NOT like Pearson Corporation.

That thread also talks about the Fusion pages being run by a different 3rd party corporation in Washington DC (with military ties?). Why the #$!@ is SPS giving any information about my kid to a 3rd party data-collection/management company in Washington DC?! Makes me want to opt my kid out of using Fusion (is it even possible?), but the teachers post assignments and such on there.
dw said…
Why are there so few comments here?

I'm concerned that parents either don't understand the gravity of the situation or they feel utterly helpless? Which is it?

Everyone, please read the NYT article linked at the top of this page, then leave a comment here about your feelings. If parents are concerned, then we need to be more vocal about it. If you're not concerned, please leave a comment as well; let us know why not.
We are NOT helpless and I plan on introducing many ideas that are already in motion in other states.

Of course, one great way to get the district's attention to this matter is to opt-out in protest of protecting student data.

That would get their attention.
Anonymous said…
How do you opt out?
Gen Ed Mom
I'll have details on how to opt-out. The problem is that technically, even with FERPA, you can't opt out of the district giving away info on your student.

Shocking, right?

But you CAN send them a letter telling them you don't want them to and they have to keep that on file.

You can, of course, opt your child out of any district test that you want.
Anonymous said…
The parents I've discussed this issue with seem not to care. One actually yawned.

Other comments: Kids will do more to hurt their futures by posting on facebook and instagram than will happen from the record sharing. And there was this: If someone is receiving government dollars for special school services then it is reasonable that the effectiveness of those services be able to be analyzed.

I am quite surprised that in my admittedly small sample I did not find more comments toward preserving privacy. I think this is an important topic to continue discussing here and in one-to-one conversations.

Thanks for that, EdVoter. I'll have a lot more info so people can judge.

But to a couple of your points.

1) Facebook and Instagram are FAR less likely to have negative info on your student (discipline records, adoptions, etc.) than your student's data record.

2) I find that "if a program gets govt' dollars, those kids are entitled to fewer protections." I get the "reasonable" but I know for a fact that one community tutoring services is asking for far more data than they could possibly need to prove their services effective. No student should have to give up discipline records to receive services.

For a recent example, if your student was one of those at Garfield that might be disciplined, do you think that info should be part of the data that an outside entity should get? I don't because I believe kids are kids and make mistakes. Those mistakes should not follow them around.

But that may be part of a larger conversation on "what is privacy " and what matters to students and parents?

I note that when I investigated an op-ed writer for DFER and found him to be a Harvard student who complained about noisy children at a playground near his dorm, he was furious. How dare I use some joking (and I personally don't think joking about planting drug paraphernalia on the playground) about little kids to make judgements on his ability to analyze mayoral candidates?

Kids say they don't care until they do. I wonder where that line is for parents.
dw said…

If you're still reading here, the important difference between Facebook/Instagram and inBloom/CCER is that your kid can choose to NOT use Facebook. They currently have no such choice when school districts give away data without any means to opt out. Parents have no choice as well.

That is flat out wrong.

Here is a great summary of what's happening in Colorado.

And a follow up here, where Jefferson County Schools has decided to allow parents to opt out!

dw said…
The Jefferson County Public Schools link is to their home page, where an article exists right now, but since it will eventually scroll off the front page, here is the text in its entirety. If nothing else, read the last paragraph below (their bold text).

Jeffco Schools Leadership Advances Parental Choice Plan For Innovative New Technology

Jeffco Public Schools will advance a plan to allow parents to opt out of new technology innovation that places student achievement information in one, secure location. The district is developing a classroom dashboard that places achievement information at our teachers’ fingertips. The opt out plan will meet the needs of families if they feel those innovations are not right for their family.

While the district remains committed to putting the valuable classroom dashboard into the hands of all teachers in support of enhanced student learning, district leadership has listened carefully to the concerns of parents who believe it is not the right choice for their child at this time.

“We’re committed to creating a win-win situation for all our schools, teachers and families,” said Jeffco Superintendent Dr. Cindy Stevenson. “We believe the vast majority of our parents will see the value the classroom dashboard brings to their student’s learning and to their own ability to engage with their student’s classroom teacher in tracking their child’s progress. But we also respect that some parents feel this important innovation is not what their child needs.”

The district will be piloting the new classroom dashboard in select schools during the 2014 school year. Under Stevenson’s proposal, parents in those schools will be provided with specific information about how the technology will work. They will then be given the opportunity to opt their student out of the pilot program. Full implementation of the technology district-wide isn’t scheduled until 2015.

Everyone who cares even a little bit needs to send this information to our school board members here in Seattle. Make sure they understand that it IS possible, and desirable to have opt out an opt out provision for any of these kinds of data collection programs. Frankly, it's probably a good idea from a legal standpoint as well, but that's another story.
Anonymous said…
DW: I did not say this is my viewpoint. I very much think an Opt Out option should be available when the district can promise with a straight face that technically and operationally there is a way to keep that promise.

What I am reflecting is the general 'eh' attitude of almost every parent I have talked to on the subject, even when the darker pictures of what 'could' happen with the data long term is presented. Just not something they will be getting riled up about. With some advocating the other side, which is that the giveaway of data is valuable.

Ed Voter
Unknown said…
It can be hard to mobilize people over these types of issues. It is a developing area of concern, it requires a fair amount of reading to understand what the issues are, there is a lot of conflicting information out there and until something happens to you or your child, it probably doesn't hit home--especially if you think your child is never going to have a medical diagnosis, or a disability or discipline issues or get pregnant, or become homeless, or become an immigrant without legal papers, or do something stupid with their friends in a city park. The point is that these kids grow up and they may want to go to college or get a job or go out on a date some day. As Melissa pointed out, do the Garfield parents really think it is a good idea for that data to be tracked as they apply for college? Once a district lets a third party has that information, who becomes responsible when they mishandle it? The answer is nobody.
mirmac1 said…
Here is just the tip of the ice-berg. Susan Enfield gave our students data away even before the RTTT Road Map grant....

Seattle OSPI Data Release to CCER
Anonymous said…
eVAL WA is the resource I couldn't think of earlier. Staff meeting today reminded me the name. Unfortunately my district has recently made it mandatory.

Teaching Elsewhere

Popular posts from this blog

Tuesday Open Thread

Seattle Public Schools and Their Principals

COVID Issues Heating up for Seattle Public Schools