tag:blogger.com,1999:blog-28765366.post8885524683185969790..comments2024-03-28T02:21:17.452-07:00Comments on Seattle Schools Community Forum: Student Data Privacy for Washington State Public School StudentsMelissa Westbrookhttp://www.blogger.com/profile/17179994245880629080noreply@blogger.comBlogger31125tag:blogger.com,1999:blog-28765366.post-34347669753635157912014-04-07T10:45:42.879-07:002014-04-07T10:45:42.879-07:00Many Databases,
Does anyone know if The Source is...Many Databases,<br /><br /><i>Does anyone know if The Source is linked to Pearson?</i><br /><br />It's not The Source anymore, it's PowerSchool, and yes, PowerSchool is owned by Pearson (of course).<br /><br />Details here: <a href="http://www.pearsonschoolsystems.com/products/powerschool/" rel="nofollow">Pearson - PowerSchool</a><br /><br />They have their fingers in everything and everyone's business. More and more every day.menoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-17557705028611575912014-04-06T11:05:13.188-07:002014-04-06T11:05:13.188-07:00Poor Schmuck, you seem to think Common Core is an ...Poor Schmuck, you seem to think Common Core is an entity --- in reality it's simply a set of academic content standards.<br /><br />If by "Common Core" you mean the Smarter Balanced Assessment Consortium, they have no ability to share any student-level data with anyone without the permission of their member states. The member states have declared, via Smarter Balanced by-laws, that the states "own" their data, i.e., Smarter Balanced cannot link it to any entity, let alone for-profit entities.<br /><br />And yes, MSP, HSPE, and EOC student-level scores are transferred to for-profit entities. In fact, the state's testing vendor who scores all of the tests is a for-profit entity. They have at minimum student names, DOB, school name, district name, and state student ID. They use these data to link students to their tests and scores.<br /><br />--- swkAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-13845332406122231702014-04-05T23:24:54.161-07:002014-04-05T23:24:54.161-07:00swk,
Common Core will link individual test scores...swk,<br /><br />Common Core will link individual test scores to create individual learning via Knewton etc.<br /><br />Are individual EOC, MSP etc. scores transferred to for profit entities?"Poor Schmuck"noreply@blogger.comtag:blogger.com,1999:blog-28765366.post-907372614666709412014-04-05T21:27:13.645-07:002014-04-05T21:27:13.645-07:00Of course Common Core tests will be linked to indi...Of course Common Core tests will be linked to individual children. How else would children receive their individual scores? And this is not a change --- the MSP, HSPE, and EOCs (and the WASL before these) are linked to individual children.<br /><br />--- swkAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-22608198825010132132014-04-05T20:18:55.579-07:002014-04-05T20:18:55.579-07:00Mirimac states: " A bigger concern of mine is...Mirimac states: " A bigger concern of mine is when the data takes a big leap and becomes part of a military database, workforce database...", and I agree.<br /><br />One doesn't have to look beyond Knewton and Common Core tests. Note: Knewton partners with Pearson and Microsoft. <br /><br />Watch this video around Minute 6. Knewton brags that they will have more information, on any student, than any entity. The information will come from multiple data points:<br /><br />https://www.youtube.com/watch?v=Lr7Z7ysDluQ&feature=youtu.be<br /><br />Knewton talks about the "poor schmuck" that was slow. The video also shows that individual students can be tracked and predictions can be made. Who else will have access to this information? Who will have access to the "poor schmuck" data and how will that individual be impacted?<br /><br />Once Common Core tests come on-line..we will have absolutely NO control over our children's information.<br /><br />It is a very good idea to research the interconnectedness of Common Core, Knewton, Microsoft and Pearson.<br /><br />Several years ago, FERPA laws were changed to allow our children's information to be given to third parties AND Common Core came along. We all know that Gates spent millions and millions promoting Common Core. Are we to believe that Gates et. al didn't have a plan?<br /><br />Watchingnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-40283135351980574402014-04-05T19:52:41.423-07:002014-04-05T19:52:41.423-07:00HIMS Mom,
Which data base are you referring to? ...HIMS Mom,<br /><br />Which data base are you referring to? There will be multiple databases linked to our children. Road Map Project, Common Core tests will be linked to individual children. Then, we have the Seattle Times looking to polk their noses under the tent, too.<br /><br />Does anyone know if The Source is linked to Pearson?Many Databasesnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-457595283927971792014-04-04T19:29:55.730-07:002014-04-04T19:29:55.730-07:00HIMS, yes we do. And to note, if medical informati...HIMS, yes we do. And to note, if medical information is obtained via school-based services, it is not covered by HIPAA.<br /><br />There are number of things that need to be done and spelled out quite clearly. DOE says - openly - that FERPA is a floor, not the ceiling. However I found a document that encourages trying to overturn any state law that tries to limit access.Melissa Westbrookhttps://www.blogger.com/profile/12588239576000641336noreply@blogger.comtag:blogger.com,1999:blog-28765366.post-40250004437030029922014-04-04T16:28:39.138-07:002014-04-04T16:28:39.138-07:00As Mary Griffin pointed out above, deidentified da...As Mary Griffin pointed out above, deidentified data can sometimes be reidentified without any PII. See EPIC's page on this for more information: http://epic.org/privacy/reidentification/<br /><br />There is some very interesting work going on right now about reidentification risks and what to do about them. https://aaas.confex.com/aaas/2014/webprogram/Session6830.html<br /><br />Data mining is, what, about a $400 billion dollar industry these days? I don't know how to properly protect the information in longitudinal databases, and I agree that some are valuable and should exist, but something does need to be done. Merely deciding that the information is safe because it doesn't include PII is just not enough.<br /><br />Chris<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-21779396300544070322014-04-04T16:04:30.703-07:002014-04-04T16:04:30.703-07:00@swk--
Sorry, I shouldn't use PRR. It's a ...@swk--<br />Sorry, I shouldn't use PRR. It's a public record request. <br /><br />I received an excel spreadsheet from OSPI entitled "CEDARS data share element descriptions" It has one tab labeled WaKIDS. I am guessing that it is not technically part of CEDARS but that CEDARS maintains that data? I am not sure. I also got field descriptions for "MSP/HSPE/EOC/PORT data elements" and WELPA which looks like English Language Learner proficiency assessment fields. <br /><br />Perhaps none of these are actually CEDARS fields, in which case I should lower my number my number of CEDARS fields by several hundred. <br />Anonymoushttps://www.blogger.com/profile/03542105149501352547noreply@blogger.comtag:blogger.com,1999:blog-28765366.post-40792394926251212392014-04-04T15:03:32.619-07:002014-04-04T15:03:32.619-07:00Mary, what's a PRR? Again, I'm confused -...Mary, what's a PRR? Again, I'm confused --- I'm not seeing any WaKIDS data fields in the CEDARS Data Manual.<br /><br />--- swkAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-76141654056403830302014-04-04T14:51:35.811-07:002014-04-04T14:51:35.811-07:00@swk,
Those types of fields are part of WaKIDS- h...@swk, <br />Those types of fields are part of WaKIDS- https://www.k12.wa.us/wakids/, "the whole child assessment gives kindergarten teachers information about the social/emotional, physical, cognitive, language, literacy and mathematics development of the children in their classrooms," which is kept in CEDARS and those fields were included as part of a recent PRR which I received. These were the fields included: CognitiveScaleScore<br />LiteracyScaleScore<br />MathScaleScore<br />LanguageScaleScore<br />PhysicalScaleScore<br />SocialEmotionalScaleScore<br />SocialEmotionalLevel<br />PhysicalLevel<br />LanguageLevel<br />CognitiveLevel<br />LiteracyLevel<br />MathLevel<br />SocialEmotionalReadyforK<br />PhysicalReadyforK<br />LanguageReadyforK<br />CognitiveReadyforK<br />LiteracyReadyforK<br />MathReadyforK<br />SocialEmotionalCompletedAllObjectives<br />PhysicalCompletedAllObjectives<br />LanguageCompletedAllObjectives<br />CognitiveCompletedAllObjectives<br />LiteracyCompletedAllObjectives<br />MathCompletedAllObjectives<br />NumberofDomainsReadyForK<br />Numberofdomainscomplete<br /><br />When and if universal preschool begins, I would assume we would see similar early readiness assessments. FYI, I am not against such assessments, I just don't think they need to be shared as much as they are. <br />Anonymoushttps://www.blogger.com/profile/03542105149501352547noreply@blogger.comtag:blogger.com,1999:blog-28765366.post-40035680932473738232014-04-04T14:42:23.655-07:002014-04-04T14:42:23.655-07:00All of the data elements and definitions for CEDAR...All of the data elements and definitions for CEDARS can be found in the 2014-15 CEDARS Data Manual at http://www.k12.wa.us/CEDARS/pubdocs/2014-15CedarsDataManual.pdf#Cover.<br /><br />I don't see anything about "scaled social/emotional scores." I'm not saying they're not there, but I couldn't find them. This seemed like an odd attribute so I specifically looked for it.<br /><br />--- swkAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-1999413659302562962014-04-04T13:55:25.108-07:002014-04-04T13:55:25.108-07:00So essentially we need an education version of HIP...So essentially we need an education version of HIPAA, right? And pronto?<br /><br />HIMSmomAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-8386895904648475482014-04-04T13:06:59.767-07:002014-04-04T13:06:59.767-07:00HIMS, you have a lot of good thoughts there.
Even...HIMS, you have a lot of good thoughts there.<br /><br />Even if a large dataset were ultimately available to colleges or employers, how would they possibly identify an individual?<br /><br />You'd be surprised at how easily you can get data from one place and data from another place and link them to figure out someone, especially if you are an adult at a school. For example, recently a district service provider came to a Board meeting and gave about 6 data points on a student (which is way too much and, to this day, I don't know if she got that). So I looked up this service provider, found photo of a girl with the identifiers. They had her name and more family information. I was appalled and I told the Board and district.<br /><br />DOB is a standard point and not considered harmful.<br /><br />"Directory information is those data identifiers that can be used by a school or district in directories, yearbooks, and newsletters, for example. It is considered information in an education record of a student that would not generally be considered harmful or an invasion of privacy if disclosed."<br /><br />HIMS, I'll have more info that will help you see the issue within a week.<br /><br />Mary makes excellent points.<br /><br />Melissa Westbrookhttps://www.blogger.com/profile/12588239576000641336noreply@blogger.comtag:blogger.com,1999:blog-28765366.post-66543852555564913722014-04-04T13:00:58.655-07:002014-04-04T13:00:58.655-07:00HIMSmom,
CEDARS database includes students names,...HIMSmom,<br /><br />CEDARS database includes students names, birthdates, race/ethnicity, migrant/foster/homeless status, discipline incidents, disability codes, special education codes, test scores, gpa's, scaled social/emotional scores, schedules, teachers, etc, etc, etc. which add up to 844 possible fields in one child's record. No, I am not kidding. Throughout the years, different groups have received different types of data from OSPI, some identified, some what is called "RID" or what is known as de-identified data. The problem with the de-identified data is that the identity is easily reidentified, especially if their records with hundreds of fields. In addition, some of the data that is released does not have names or birth dates, but has everything else, including OSPI and the districts student identification number. As an example, it appears Teach for America received such data from OSPI in December of 2012. A bigger concern of mine is when the data takes a big leap and becomes part of a military database, workforce database or medical databases. Because students with disabilities often stay enrolled in a district until the age of 21, there is often a very thin line separating data sharing between employment entities and educational entities. <br /><br />In addition, as I shared earlier, the potential for great harm when sensitive data, including birthdates, names and addresses is not adequately protected. I can easily see this happening with Community Based Organizations, who may not be set up to handle data in a very secure manner and who many not grasp the danger of not properly safeguarding the data. Anonymoushttps://www.blogger.com/profile/03542105149501352547noreply@blogger.comtag:blogger.com,1999:blog-28765366.post-83985890006795333332014-04-04T12:09:09.546-07:002014-04-04T12:09:09.546-07:00I'm having trouble wrapping my brain around th...I'm having trouble wrapping my brain around this issue. There seems to be a lot of concern about the development of these potentially very useful longitudinal databases, but it primarily seems to center on concerns that these data will follow individual children for life. My understanding of these databases, however, is that they are to only include de-identified student data, not names, addresses, SSNs, etc. Even if a large dataset were ultimately available to colleges or employers, how would they possibly identify an individual? Individual-level data just means the information all goes with the same person, not that that person is identified. <br /><br />So is the concern that incompetence, fraud, or intentional misuse might allow for a particular district to release it's linking information, allowing someone to reassociate the unique IDs and names with the de-identified data? And if that's the concern, does it mean longitudinal databases should not exist at all, or that there needs to be better protection?<br /><br />Or is the concern about specific elements that are or might be included in the database, but that shouldn't be? I saw, for example, that DOB is one element recommended for inclusion in a state longitudinal system, and that seems to me to be much too easy to link back to an individual via public records. Inclusion of DOB certainly wouldn't meet standards for de-identified health records.<br /><br />I like data, and see the value in longitudinal databases. (And wouldn't it be great if SPS actually used these data to evaluate the effectiveness of its curricula, programs, services, delivery models, etc.?) But I agree wholeheartedly that adequate protections need to be in place. I understand the alarm, but am trying to better understand what, exactly, others think needs to be done. <br /><br />Thanks for any further insights you can provide,<br />HIMSmomAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-60232158961250534302014-04-04T08:04:43.520-07:002014-04-04T08:04:43.520-07:00@voter,
I think the example of what is going on r...@voter, <br />I think the example of what is going on right now with current and former volunteers and employees of the Seattle Archdiocese is a perfect example of the harm that can be done when small bits of personal information get into the wrong hands. <br /><br />Many people, myself included, suspect that a third party vendor hired to down background checks was not scrupulous with data storage or transfer. Many people are wondering why the diocese chose a firm run by a person without any IT background or degree to perform the background checks. We are wondering if the archdiocese performed any audits to assure that data was stored, transferred and destroyed properly. <br /><br />In any case, the estimate is that 90,000 people have had their social security numbers and other private information stolen. The archdiocese estimates that at least 2,000 people have had fraudulent tax returns successfully filed, with many more having had attempts made. I would estimate their are many, many more victims than the Archdiocese is admitting to. In March of this year, there were 981 fraud complaints filed with the Seattle Police Department. Last year, there were 237. It can reasonably be assumed that much of the difference is the result of this tax fraud scheme. The Archdiocese extends from Bellingham, WA to Vancouver, where there are similarly high numbers of reports of fraud related to the same scheme. <br /><br />Just to give people an idea of what happens when just your name and social security number is stolen, first you spend 90 minutes on hold the phone with the IRS, then you get told the bad news. Then you need to go through with the same thing with your spouse. Then you have to file a report with the police, sign up for a 90 day equifax fraud alert(free), then get sign up for credit report monitoring (not free), then notify the ftc, your credit card companies, and the social security office. Then you file an affadvit with the IRS. When you do this, it means the IRS will take up to 180 days to process your real return, meaning that if you are due a refund, you won't get it for 180 days. <br /><br />Then, worry about this and repeat this process for the rest of your life--because you can't get a new social security number. <br /><br />In my view the Archdioceses has done an incredibly bad job of providing accurate information. Their reports obfuscate the issues, claiming this is a national tax fraud scheme, or conflating a different scheme involving telephone calls with this one. They still, to this day, have not notified former volunteers, and have relied on local parishes to notify parishioners, many of whom still do not understand how at risk they are. <br /><br />I attended a meeting last night at Holy Rosary in Edmonds. There were about 500 people there. They were hopping mad. There were people yelling at the Archdiocesan representative, who said that the Archdiocese of Seattle was "exploring credit monitoring." One thing people fail to realize until it is too late is that victims of ID fraud have little to no recourse against institutions and especially third party vendors who do not adequately safeguard their data. <br /><br />What does this have to do with SPS? I think SPS is beginning to realize the dangers of sharing too much data, but isn't quite there yet. Much work needs to be done, especially in regard to legislation. Anonymoushttps://www.blogger.com/profile/03542105149501352547noreply@blogger.comtag:blogger.com,1999:blog-28765366.post-81386032979464911632014-04-04T07:23:09.633-07:002014-04-04T07:23:09.633-07:00I was referring to Bill Gates and friends who supp...I was referring to Bill Gates and friends who support data sharing, teacher evaluation from student data, etc. while having their own kids in private schools where they won't be data tracked until they start taking the SAT/ACT.<br /><br />HPAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-48737481706508828482014-04-03T17:07:16.093-07:002014-04-03T17:07:16.093-07:00Well HP if the "people" you are talking ...Well HP if the "people" you are talking are billionaires and VIPs, then yes, they do get the special passes when it comes to privacy. But there are many in the state house whose children are in public schools and it's worth reaching out to them. I include parents with children in private schools too (especially those in Catholic schools who were affected by recent data breach or anyone of us who has had similar experiences with personal info being misused or stolen). <br /><br />In matters like this, you find more support than you think. The smart thing is to welcome as many under the tent and lobby hard. <br /><br />voterAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-91874798079781582592014-04-03T12:41:00.527-07:002014-04-03T12:41:00.527-07:00It should be noted once again that the people push...It should be noted once again that the people pushing for all this data sharing on public school students have their own kids in private schools where they are not tracked. <br /><br />HPAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-69153016328299656732014-04-03T09:29:20.717-07:002014-04-03T09:29:20.717-07:00On this issue, Melissa, we are in 100% agreement.
...On this issue, Melissa, we are in 100% agreement.<br /><br />--- swkAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-21042757294958611412014-04-03T09:22:46.352-07:002014-04-03T09:22:46.352-07:00Keep your eye on Pearson and Knewton. Please note...<br />Keep your eye on Pearson and Knewton. Please note that the US Dept of Ed. emblem is on video:<br /><br />https://www.youtube.com/watch?v=Lr7Z7ysDluQ&feature=youtu.be<br /><br />Tune into 6 minute mark and you will hear Knewton brag about knowing a lot about a particular student because they have "more data than anyone."<br /><br />What are the implications for our children? Can and will this data be kept confidential?#Crazynoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-26668590630966105452014-04-03T09:20:32.569-07:002014-04-03T09:20:32.569-07:00SWK, yes I know about these bills. And I know abo...SWK, yes I know about these bills. And I know about Rep Scott (and even spoke with her and all was not what you might think).<br /><br />I know what model legislation looks like as I have been working with other leading activists around the country on this issue. <br /><br />But the privacy comes FIRST, not access to data. How that seems to be an issue is a mystery to me but that's where the fight should be.<br /><br />I have to wonder how anyone could be against student data privacy for children. I'll wait for those arguments from Microsoft, Google and others.Melissa Westbrookhttps://www.blogger.com/profile/17179994245880629080noreply@blogger.comtag:blogger.com,1999:blog-28765366.post-454163635606158102014-04-03T09:10:37.391-07:002014-04-03T09:10:37.391-07:00Melissa, as you probably know, many state legislat...Melissa, as you probably know, many state legislatures have recently passed or are currently working legislation on student data privacy. Much of the legislation is based on model legislation from ALEC: http://www.alec.org/model-legislation/student-data-accessibility-transparency-accountability-act/. FYI - ALEC is the same organization that pushed parent triggers and A-F grading of schools, so take this notation with a grain of salt.<br /><br />This ALEC model legislation was the basis for the bill introduced during this past legislative session by Rep. Scott that died after receiving only one hearing.<br /><br />This model legislation places significant limits on data-sharing as well as what individual student data can be collected in the state longitudinal data system without parental permission. It does, however, provide allowances for access to individual student data by the state's contractors if such access is necessary to complete the work of their contract. This is something that needs to be carefully considered.<br /><br />--- swkAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-28765366.post-55419963284348932442014-04-03T08:40:23.211-07:002014-04-03T08:40:23.211-07:00Sue, I was wrong to include the entire Board.
I...Sue, I was wrong to include the entire Board. <br /><br />I will say that in my discussions with the Board, you are the only one to ever seriously question anything. I went to the Data Privacy Work Session and was quite surprised how little was challenged. <br /><br />I have given the Board information. No reply. I have spoke before the Board on this issue. No reply.<br /><br />I'm going to write to the Board about what the district currently has (and apparently everyone thinks is just fine) and make some suggestions. <br /><br />But I'm not waiting for the Board. It's not in the Strategic Plan despite the emphasis on Common Core. <br /><br />This is a statewide issue anyway and, for me, that's the best way to approach it.<br /><br />Sue and Dora Taylor deserve a lot of credit for talking about this issue for years. Melissa Westbrookhttps://www.blogger.com/profile/12588239576000641336noreply@blogger.com