Blumenthal/Daines student privacy bill; good start but needs improvement

For immediate release: July 16, 2015

Contact: Leonie Haimson, 917-435-9329; leoniehaimson@gmail.com

Rachael Stickland: 303-204-1272; rachael.stickland@gmail.com

The student privacy bill introduced today by Senators Blumenthal and Daines, called the ‘‘SAFE KIDS Act’’,  has positive aspects that would close some of the loopholes of current federal law. It allows for parents to delete their children’s personal data if it is collected by vendors and other third parties, as long as that information is not in their education records. It calls for contracts and privacy policies to be required before any school or district can disclose personal information to third parties, and for these privacy policies to be posted. It extends these provisions to children enrolled in prekindergarten and early childhood programs.

However, the bill also has significant weaknesses as well that should be addressed. The specific personal student data that can be deleted by parents is not clearly defined; and the notification provisions are weak, making it questionable as to how parents would be able to access the privacy policies or exercise their rights. The bill would allow both contextual and targeted ads, based on data-mining students each time they go online, which is unacceptable to many parents. The security provisions are weak and the enforcement provisions non-existent.

Said Leonie Haimson, co-chair of the Parent Coalition for Student Privacy, “While we appreciate the efforts of Senators Blumenthal and Daines to regulate the collection and use of student personal information by third parties, we need a stronger bill that includes robust security and enforcement protections. We also believe that parents must be informed by their schools and should consent before their children’s data is disclosed, particularly in the case of sensitive information related to health, disability and disciplinary issues. Consent must absolutely be required before any re-disclosures are allowed from one operator to another, or else we risk an uncontrolled number of re-disclosures, with parents unaware of where their children’s data is being held and under what conditions.”

Josh Golin, Executive Director of the Campaign for a Commercial-Free Childhood, said: “The bill does not go far enough in protecting children from potentially harmful commercial influences.  Websites, apps, and software assigned to students by their schools should be free of all advertising, regardless of whether the ads are contextual or based on data-mining students during each one of their internet sessions.   Ads serve no legitimate educational purpose and are distracting to students.  Schools should not be allowed to sell or offer up their students’ data, time and attention to marketers for any reason.”

Jennifer Jacobsen, a Connecticut public school parent and privacy advocate stated, “My children do not go to school to have their meta-data analyzed. They do not go to school to have advertising embedded within their on-line instructional materials. They do not go to school to have every detail about them uploaded and accessed by people I do not know. They do not go to school to be employed as unpaid product development specialists or forbid, plugged into a laptop all day. They go to school to be inspired, enlightened, impassioned seekers of knowledge, to become able citizens and follow their dreams.”

Rachael Stickland, co-chair of the Parent Coalition for Student Privacy concluded, “We look forward to working with Senators Blumenthal and Daines, and all members of Congress to strengthen every bill that aims to protect the privacy and safety of students. Parents must be fully aware and involved in the decision-making as to how the personal information of their highly vulnerable children is stored, used and shared. Particularly with the news of devastating data breaches reported nearly every day, security protections must be strong if a child’s safety and future chances of success is not to be undermined. We point policymakers to the five principles developed by our Coalition, involving parental and student rights, transparency, security, enforcement, and a ban on commercial uses. All five principles should be and must be included in any student privacy bill going forward.”

These five principles are available on the Student Privacy Matters website here: http://www.studentprivacymatters.org/five-principles-to-protect-student-data-privacy/

###

gray box9

Five principles to protect student data privacy

The Parent Coalition for Student Privacy believes that the following five principles should be incorporated in any law or policy regarding the protection of personal student data in grades preK-12.  After   students reach age 18,  all these rights, including those related to notification and consent,  should devolve to them:

  • Transparency: Parents must be notified by their children’s school or district in advance of any disclosure of personal student information to any persons, companies or organizations outside of the school or district.

All disclosures to third parties should also require publicly available contracts and privacy policies that specify  what types of data are to be disclosed for what purposes, and provide a date certain when the data will be destroyed.

  •  No commercial uses: Selling of personal student data and;or use for marketing purposes should be banned.  NO advertising should be allowed on instructional software or websites assigned to students by their schools, since ads are a distraction from learning and serve no legitimate educational purpose.

While some of the current bills ban “targeted” ads, others ban targeted ads except for those derived from a student’s one- time internet use.   But how can any parent know whether an ad displayed to their children was based on data-mining their child a single time or over a longer period?

  •  Security protections:  At minimum, there must be encryption of personal data at motion and at rest, required training for all individuals with access to personal student data, audit logs, and security audits by an independent auditor.   Passwords should be protected in the same manner as all other personal student information.

There must be notification to parents of all breaches, and indemnification of the same.

No “anonymized” or “de-identified” student information should be disclosed without verifiable safeguards to ensure data cannot be easily re-identified.

  •  Parental/ student rights: NO re-disclosures by vendors or any other third parties to additional individuals, sub-contractors, or organizations should be allowed without parental notification and consent (or students, if they are 18 or older).

Parents must be allowed to see any data collected directly from their child by a school or a vendor given access through the school, delete the data if it is in error or is nonessential to the child’s transcript, and opt out of further collection, unless that data is part of their child’s educational records at school.

Any data-mining for purpose of creating student profiles, even for educational purposes, must be done with full parental knowledge.

Parental consent must be required for disclosure of personal data, especially for highly sensitive information such as their child’s disabilities, health and disciplinary information.

  •  Enforcement :  The law should specify fines if the school, district or third party violates the law, their contracts and/or privacy policies; with parents able to sue on behalf of their children’s rights as well.

Without strong enforcement provisions, any law or policy protecting student privacy is likely to be ignored.

gray box9

Barmak Nassirian: Is the Student Right to Know Bill Worth the Risk to Privacy?

Here are Barmak Nassirian’s views of the bill recently re-introduced in the House and the Senate, Student Right to Know Before You Go Act, which would authorize the creation of a federal database of all college students, complete with their personally identifiable information, tracking them through college and into the workforce, including their earnings, Social Security numbers, and more.  The ostensible purpose of the bill?  To  provide better consumer information to parents and students so they can make “smart higher education investments.”

The Parent Coalition for Student Privacy opposes this bill, and believes that allowing the federal government to collect the personal data of all college students with no provision for consent or opt out is unacceptable – and would create huge risks to their privacy and safety. This is especially true given the recent revelations of the massive breach of the personal information of millions of federal employees, and the sensitive information of other individuals as well, referenced in their security clearances. We are especially disappointed that Sen. Ron Wyden, a strong privacy advocate, is a co-sponsor of this bill.

Barmak’s comments were originally posted in response to an article in US News and World Report by Kevin James and Andrew Kelly of the American Enterprise Institute.

by Barmak Nassirian

The authors are thoughtful higher education analysts, whose interest in more comprehensive and more granular data is certainly understandable. Unfortunately, the slam-dunk case they attempt to make on behalf of a national, student-level educational/employment data system fails to acknowledge, let alone address, some of the most basic questions about the wisdom of building such a system.

First, let’s be clear that the data in question would be personally identifiable information of every student (regardless of whether they seek or obtain any benefits from the government), that these data would be collected without the individual’s consent or knowledge, that each individual’s educational data would be linked to income data collected for unrelated purposes, and that the highly personal information residing for the first time in the same data-system would be tracked and updated over time.

Second, the open-ended justification for the collection and maintenance of the data (“better consumer information”) strongly suggests that the data systems in question would have very long, if not permanent, record-retention policies. They, in other words, would effectively become life-long dossiers on individuals.

Third, the amorphous rationale for matching collegiate and employment data would predictably spread and justify the concatenation of other “related” data into individuals’ longitudinal records. The giant sucking sound we would hear could be the sound of personally identifiable data from individuals’ K12, juvenile justice, military service, incarceration, and health records being pulled into their national dossiers.

Fourth, the lack of explicit intentionality as to the compelling governmental interest that would justify such a surveillance system is an open invitation for mission creep. The availability of a dataset as rich as even the most basic version of the system in question would quickly turn it into the go-to data mart for other federal and state agencies, and result in currently unthinkable uses that would never have been authorized if proposed as allowable disclosures in the first place.

Fifth, while the numerous authorized uses of the data system are scary enough in their own right, the high probability of unauthorized access should give advocates some pause. The individually identifiable life-information that would be neatly organized in the system, if/when compromised, would give away the entire identity of every former student, with data elements that go far beyond the terrifying data breaches we know about.

Finally, given all of the above, shouldn’t we ponder whether there are other ways of addressing the one argument for the data system–i.e., better information about outcomes–through less intrusive mechanisms? As the authors point out, proxies for exact knowledge of outcomes are already at hand, and may be tweaked to produce better information.

Tracking autonomous free individuals through most of their lives in the name of better information for the benefit of others may be justifiable, but its extremism should at the very least be acknowledged and addressed. Unfortunately, the legislation in question (and this defense of that legislation) fails to do either.

The thought that the proposed system doesn’t pose new privacy risks is quite astonishing. I seriously doubt that a much less intrusive data system, such as placing a transponder in every car to generate better transportation data, would be met with much enthusiasm at AEI, despite the fact that driving is privilege not a right, and that cars are already required to register with the government to drive on public roads.

gray box9

Leonie Haimson & Rachael Stickland discuss student privacy at NPE’s second annual conference in Chicago

The Network for Public Education hosted its second annual conference in Chicago on April 25-26, 2015. It was an awesome opportunity for education advocates from across the country to gather and learn from one another to save our schools. Parent Coalition for Student Privacy Co-chairs Leonie Haimson and Rachael Stickland were honored to sit on a panel titled “Perils of Ed Tech: Student Privacy and Corruption” along with Cynthia Liu and student Nathan Ringo. Please see below to view the panel discussion and to access Leonie and Rachael’s powerpoint presentations. Thanks to everyone who joined us in Chicago!

Network for Public Education National Conference: Perils of Ed Tech from Schoolhouse Live on Vimeo.

 

gray box9

SB 187A Oregon Student Privacy Bill Testimony by Lisa Shultz

In September 2014, California passed “landmark” student privacy legislation known as SOPIPA (Student Online Personal Information Protection Act). At least 15 states have attempted to pass similar legislation this year, including Oregon. Lisa Shultz, an education advocate and member of the Parent Coalition for Student Privacy, addressed members of the Oregon House Education Committee to express her concern over proposed amendments that would significantly weaken the bill. Similar amendments were added to bills in Colorado, Maryland and Connecticut by lobbyists representing Google, Microsoft, K12 Online Inc. and others. Please read Lisa’s testimony:

d


Testimony in Opposition to SB 187A

Lisa A. Shultz, M.S.E.E.

18 May 2015

Dear Chair Doherty and Members of the House Education Committee:

I am writing today in opposition to SB 187A.  Please note that I had earlier submitted testimony in support of SB187-1.  However, the bill that was passed by the Senate, with little to no discussion, was the -3 amendment that significantly changes the bill and undermines the good intentions of the bill to safeguard the online privacy protections of Oregon’s students.

A glaring example of these changes is the language in the bill that initially “prohibited the service provider from disclosing any covered information provided by the operator to subsequent third parties (period)”.  SB 187A adds the troubling “except in furtherance of kindergarten through grade 12 purposes of the site, service or application or for a purpose permitted by subsection…”  while also expanding the definition of ‘kindergarten through grade 12 purposes’ and ‘operator’.  These changes effectively remove downstream restrictions and subsequent re-disclosure.

I hope that you will review the testimony submitted by James Steyer, CEO of Common Sense Media submitted on April 14, 2015.  Mr. Steyer had previously written in support of the -1 amendment and withdrew his support with the -3 amendment.   His testimony is an excellent summary of the changes and their effects that “create new loopholes and weaken OSIPA’s protections for students.”

Other states similar to Oregon that are trying to copy the California bill ,(e.g. Colorado, Connecticut, Maryland), see a similar watering down of the protections provided by California’s SB 1177 as a result of industry lobbying.  I remind you that children do not have lobbyists. I urge this Committee to act on their behalf by either restoring the protections of the -1 amendment, or rejecting this bill and working to create legislation that will restore the intent to provide the same protections granted to California’s students as a result of passage of their landmark legislation.

Sincerely,

Lisa Shultz

 

 

gray box9

Press Release: Messer/Polis Privacy Bill Still Inadequate to Protect Children from Commercial Exploitation and Data Breaches

For immediate release: April 29, 2015

Contact: Rachael Stickland, 303-204-1272, info@studentprivacymatters.org

Leonie Haimson, 917-435-9329, leoniehaimson@gmail.com

Messer/Polis Privacy Bill Still Inadequate to Protect Children from Commercial Exploitation and Data Breaches

The student privacy bill just introduced by Representatives Messer and Polis is an improvement from their previous draft, but still has many loopholes that make it inadequate to address many parental concerns about their children’s privacy and safety.

Leonie Haimson, co-chair of the Parent Coalition for Student Privacy said, “The bill still doesn’t require any parental notification or consent before schools share personal data with third parties.  It wouldn’t stop the surveillance of students, or the collection of huge amounts of highly sensitive student information by third parties, as inBloom was designed to do.”

“The bill still allows targeting ads to kids –as long as the ads are “contextual” or selected based on information gathered via student’s single online session. We strongly believe that there should be no advertising allowed in instructional programs assigned to students at school, as ads do not aid learning but is a huge distraction to kids. Moreover, how can a parent know if their child is subjected to an ad, whether it is based on data-mining during one session or over time?”

Rachael Stickland, Colorado co-chair of the Parent Coalition said: “We’re pleased to see some of our recommendations reflected in this draft, including enhanced transparency and some limitations on re-disclosures. This bill allows parents to delete personal information from the data collected from their children, but it doesn’t require that parents be informed by either the vendor or the school that this data is being disclosed, collected and data-mined, so how would parents know to ask to delete it? It also allows vendors to data-mine personal information to improve their products or create profiles that could severely limit student’s success by stereotyping them and limiting their opportunities.”

Other remaining weaknesses of the bill:

  • There are NO specific security protections outlined in the bill, only that procedures should be “reasonable.” We believe that any vendor collecting and using sensitive student personal information should be required to employ data encryption, undergo regular security audits, and other important measures to protect against damaging breaches.
  • Vendors would not have to inform parents or even school officials of data breaches unless they deem this “appropriate” without defining when that would be required, and there are no specific amounts required for fines.
  • Vendors could transfer the personal student data to another company if there is a merger or acquisition.
  • Vendors would be able to re-disclose students’ personal information to an unlimited number of unspecified service providers, without the knowledge or consent of schools or parents
  • Vendors would be allowed to disclose de-identified and aggregate data, while using “reasonable” methods to ensure that the data could not be re-identified. This again is inadequate protection, given how easy it has become to re-identify personal information with current methods and widely available data sets.
  • The bill’s protections would not apply to children in preschool and “K-12 Purposes” is only vaguely defined.
  • Vendors could use student information for many commercial purposes including “maintaining, developing, supporting, improving, or diagnosing the operator’s school service.”

Rachael Stickland concludes: “This bill is clearly a step in the right direction but it needs to be further improved if it is going to protect our children from commercial exploitation and devastating breaches. Our children’s privacy and safety is invaluable and should not be put at risk by being handed off carelessly for profit or for gain.”

###

gray box9

Our comments to the Senate Help Committee on the reauthorization of the Higher Education Act

April 24, 2015

Dear Chairman Alexander and Ranking Member Murray,

We write on behalf of the Parent Coalition for Student Privacy to submit comments on the consumer information white paper that the Committee published on March 23, 2015. The coalition is a non-profit voluntary organization of concerned parents and educational privacy advocates across the nation. We are alarmed by the erosion of parental and student privacy rights, by the growth of longitudinal student-level data warehouses that collect and mine personally identifiable data from educational records for unspecified purposes, and by the encroachment of educational technology companies on records that have historically been entrusted only to school authorities with a legitimate educational interest in them.

As parents of current and future college students, we appreciate and applaud the Committee’s interest in producing actionable consumer information that, instead of drowning the public in incomprehensible minutiae, provides meaningful disclosures to guide the college selection process. We also recognize the legitimate data needs of the federal government for purposes of program management and institutional accountability of student aid programs authorized in Title IV of the Higher Education Act. As the Committee proceeds to identify these needs, we urge it to consider the views of parents and students, and to ensure that federal data collection and retention policies do not intrude on privacy rights of students.

We are concerned that various Washington advocacy groups may use the upcoming reauthorization of the Higher Education Act to press for the creation of a federal student tracking system to capture personally identifiable information on all students without notice, without consent, without the right to opt out or even to review their own records. As you are well aware, the feasibility of such a system was thoroughly studied some 10 years ago by the National Center for Education Statistics. Congress, having had the benefit of that extensive analysis, acted to explicitly ban the creation of any such system in the Higher Education Opportunity Act of 2008 due to privacy concerns. It is ironic that even as the privacy threats that a unit-record system would pose have grown exponentially, the pressure to lift the federal ban is greater than ever.

The enormity of the security threat posed by a massive data mart of sensitive personally identifiable information about every student is immediately obvious in light of the spectacular commercial and governmental breaches of the past several years. In fact, the original NCES assurances of security now look naive in their inadequacy. Specifically, NCES proposed (and many State Longitudinal Data Systems funded by the U.S. Department of Education apparently still believe) that the assignment of random identification numbers in lieu of social security numbers would suffice to de-identify records. This notion borders on the laughable in light of advances in computer science and statistical re-identification techniques. The second remedy offered back in 2004 was to “disconnect” the system from the Internet, which, even if it were a serious thought a decade ago, means little in light of the internal data breaches at the Department of Defense and the National Security Agency.

While safeguarding student data against unauthorized disclosures is a great concern for us, we are even more alarmed by the likely authorized disclosures that a unit-record system will inevitably accommodate. We believe that a federal data system with as much information as a unit-record system would quickly turn into a federal lending library available for interagency browsing for unspecified future purposes. Indeed, the high probability of mission-creep is quite obvious in the rhetoric of its advocates, who justify the system on its many–but unspecified–alleged edifying uses. Our coalition members insist that any such application of personally identifiable information can only be legitimated on the basis of the informed consent of the individuals themselves. It is quite unacceptable for policy elites, often in collaboration with technology firms seeking to mint fortunes, to argue that the government is entitled to gain nonconsensual access to our children’s records in pursuit of their policy priorities without so much as letting the students know, let alone soliciting and securing their agreement.

We urge you to ensure that any federal or federally funded collection, warehousing, and mining of personally identifiable information from education records honors fair information practices and provides explicit notice to, and obtains the informed consent of, the individuals involved. We appreciate the opportunity to submit our views for the Committee’s consideration and stand ready to work with you to improve consumer disclosures in a manner that is not violative of basic family educational privacy rights.

Sincerely,

Leonie Haimson and Rachael Stickland, Co-chairs

Parent Coalition for Student Privacy

www.studentprivacymatters.org

info@studentprivacymatters.org

gray box9

Messer/Polis Student Privacy Bill Protects Commercial Interests of Vendors not Kids

For immediate release: March 22, 2015
 
Contact: Rachael Stickland, 303-204-1272, info@studentprivacymatters.org
d
Messer/Polis Student Privacy Bill Protects
Commercial Interests of Vendors not Kids
d
The bill just introduced by Representatives Messer and Polis addresses few if any of the concerns that parents have concerning the way their children’s privacy and safety have been put at risk by the widespread disclosure of their personal data by schools, districts and vendors. 
d
Leonie Haimson, co-chair of the Parent Coalition for Student Privacy said, “The bill doesn’t require any parental notification or consent before schools share personal data with third parties, or address any of the current weaknesses in FERPA.  It wouldn’t stop the surveillance of students by Pearson or other companies, or the collection and sharing of huge amounts of highly sensitive student information, as inBloom was designed to do.” 
d
“All the bill does is ban online services utilized by schools from targeting ads to kids – or selling their personal information, though companies could still advertise to kids through their services and or sell their products to parents, as long as this did not result from the personal information gathered through their services.   Even that narrow prohibition is incomplete, as vendors would still be allowed to target ads to students as long as the ads were selected based on information gathered via student’s single online session or visit – with the information not retained over time.”
d
Rachael Stickland, Colorado co-chair of the Parent Coalition: “The bill doesn’t bar many uses of personal information that parents are most concerned about, including vendor redisclosures to other third parties, or data-mining to improve their products or create profiles that could severely limit student’s success by stereotyping them and limiting their opportunities.”
d
Other critical weaknesses of the bill:
d
  • Parents would not be able to delete any of the personal information obtained by a vendor from their children, even upon request, unless the data resulted from an “optional” feature of the service chosen by the parent and not the district or school.
  • The bill creates a huge loophole that actually could weaken existing privacy law by allowing vendors to collect, use or disclose personal student information in a manner contrary to their own privacy policy or their contract with the school or district, as long as the company obtains consent from the school or district.  It is not clear in what form that consent could be given, whether in an email or phone call, but even if a parent was able to obtain the school’s contract or see the vendor’s privacy policy, it could provide false reassurance if it turns out the school or district had secretly given permission to the company to ignore it.
  • Vendors would be able to redisclose students’ personal information to an unlimited number of additional third parties, as long as these disclosures were made for undefined “K12 purposes.”
  • Vendors would be able to redisclose individual student’s de-identified or aggregate information for any reason or to anyone, without restrictions or safeguards to ensure that the child’s information could not be easily re-identified through widely available methods.

Rachael Stickland concludes: “This bill reads as though it was written to suit the purposes of for-profit vendors, and not in the interests of children.  It should be rejected by anyone committed to the goal of protecting student privacy from commercial gain and exploitation.”

###
gray box9

Privacy coalition improves LearnSprout privacy policy & terms of service

On September 18, 2014 Lisa Shultz, public education advocate and member of the Parent Coalition for Student Privacy, tagged @leoniehaimson and @parents4privacy in a tweet about Pearson’s new collaborative partnership with an edtech startup called LearnSprout. Her tweet linked to a public document (link now here) that listed the data schema used for their product. At the time we knew little about the company, but their name was familiar because they had once been listed as a partner of inBloom.

Lisa’s tweet also caught the attention of Paul Smith, Marketing Director for LearnSprout. He quickly engaged in a thoughtful and productive Twitter exchange between @lisa4schools, @leoniehaimson and @parents4privacy. In 140 characters or less, we asked Paul numerous questions about the types of data his company collected, how they used the data, their data retention and deletion policies, and how they contracted with schools and school districts. Though Paul did his best to field the barrage of questions, we agreed it was best to take the conversation offline.

Paul reached out to us by email and encouraged us to provide feedback on LearnSprout’s Privacy Policy and Terms of Service.  We were happy to help but first we wanted to know more about the company ‘s services and customers. What we learned didn’t put us at ease. Paul described how, at the time, schools would setup LearnSprout with limited-access administrator account to the student information system (SIS) in order to send data to LearnSprout for analysis. This included a number of personally identifiable data fields from the system. LearnSprout would then analyze the data and present the school user with a series of graphs and charts to “identify historical trends, track college readiness and spot at-risk students.” Authorized school/district personnel could then access reports profiling individual student’s attendance, gender, free/reduced lunch status, etc. (See image below.)

Learnsprout 2

Further, to sign up for this free service, the “customer” or school employee simply accepted the “click wrap” agreement. There was no negotiated contract between LearnSprout and the school/district – a teacher or administrator merely agreed to the Terms of Service which, of course, favored LearnSprout by stating: “We reserve the right, at our discretion, to change the Terms on a going forward basis at any time. Please check the Terms periodically for changes.

Upon learning more about LearnSprout, we were clear with Paul that we disagreed with the underlying principles of their service and would we never endorse their product because we believe strongly that profiling individual students – no matter how pure the intention – stigmatizes children and can harm or limit their future chances for success. We also insisted that the “click wrap” agreement insufficiently protected schools/districts (and their students) and at the very least LearnSprout should require an electronic signature so the school employee signing up for the service would consider the gravity of his/her decision before sharing sensitive student data. Paul assured us that he understood our position about the value of the service but respectfully disagreed, and he was committed to improving their “onboarding” process. With that behind us, we started digging into their policies.

We found LearnSprout’s Privacy Policy and Terms of Service to be vague, contradictory, and full of legalese  and outdated terms for products and services that the company no longer supported. It was clear to everyone that a lot of work needed to be done. But after several months, a handful of long but congenial conference calls, and dozens of clarifying email discussions, the resulting policies are a vast improvement from where LearnSprout started in September. Paul outlines the comprehensive list in his blogpost http://blog.learnsprout.com/ but highlights include:

  • Termination of the “free” service model and an end to “click wrap” agreements. LearnSprout is now a paid service and Paul assures us the “Terms of Service and Privacy Policy are attached as a condition of each new contract.”
  • If LearnSprout should go bankrupt, all data in its possession will be deleted in 30 days.
  • When the Terms of Service are changed, customers will be notified and must accept the terms in order to continue using the service.
  • They post on their website the full data dictionary of what data they store for schools/districts.
  • Breach notification within 24 hours of a suspected incident.
  • Student’s personally identifiable information will not be used to improve or enhance LearnSprout’s products or services, and will be removed 60 days after the student is not longer enrolled in the school/district.

Paul’s collaborative nature and sincere desire to improve their policies set a great example for other ed tech companies to follow. We still don’t agree with LearnSprout’s business goals but we do believe they are a leader in forging partnerships with parents and advocates to safeguard the data entrusted to them. Our hope is that others will engage in equally civil and productive dialogue.

(Correction: The previous blogpost stated that LearnSprout would “backdoor” SISs. The term “backdoor” was an oversimplified description of the technical process, and was not intended to imply that LearnSprout was accessing student information stored in the SISs in an unauthorized manner.)

gray box9

Our letter to Reps. Polis and Messer

February 11, 2015

Dear Representatives Polis and Messer:

We write on behalf of the Parent Coalition for Student Privacy, a nationwide network of parents, citizens, and privacy advocates, concerned with the widespread, rampant, and poorly regulated data collection, data-sharing, data-tracking, data-warehousing, data-mining, and commercial exploitation of personally identifiable student information. We thank you for your interest in this important topic and for your ongoing efforts to strengthen student privacy protections.

As you are well aware, parents across the country are increasingly alarmed about the everyday uses and abuses of their children’s personal data. Many parents are only recently learning how much of their children’s most sensitive information is being collected and shared via their schools with commercial vendors, private organizations, state agencies, and other third parties. Though the evidence of the benefits of this widespread collection and disclosure of children’s personal information is weak, the risks are all too evident. Families are mobilizing to counter this virtually unfettered third-party access to their children’s private data, and have demonstrated the effectiveness of their advocacy at the state level.

While we welcome federal legislation to strengthen student privacy protections, we are concerned that this effort may be incomplete, inadequate, or co-opted by special interests. As the tide of opposition to non-consensual capture, disclosure, and re-disclosure of student educational data has grown, various groups have sought to placate parents with various assurances. These assurances, however, are weak, as they fail to deal with student privacy within the framework of fair information practices. The recent voluntary corporate Student Privacy Pledge, for example, was a first step in addressing these issues; but the Pledge has deficiencies and gaps that render it ineffective in addressing our legitimate concerns.

One of our crucial concerns is the current lack of a clear affirmative obligation on the part of schools and districts to notify parents about what student data is being collected, what data is being shared with which third parties, and under what conditions. Another crucial concern is the lack of a clear legal obligation on the part of schools and districts to notify parents about which vendors the schools have authorized to collect information directly from children in class, as schools – not vendors – are the sole contact point for most parents.

Accordingly, we are writing to urge you to draft legislation that deals with educational and student privacy in a more comprehensive and effective manner. Here is a framework that we respectfully ask you to consider:

  • All personally identifiable data collected directly from students, by vendors or other third parties, whether collected in school or assigned by teachers in class or for home, should require that the school provide full notification and informed consent to parents, or to the students themselves if they are over age 18. At a minimum, parents should be informed of what data is being collected, the purpose of the data collection, how long the data will be retained and by whom and where, and the security provisions and safeguarding practices utilized by the third party. As pursuant to COPPA, parents must be afforded the right to opt out of any collection of their child’s data, at any time, if they so choose;
  • All disclosures of students’ personally identifiable information by schools, districts, and states to third-parties must require parental notification. There must be written agreements specifying the use of the data, and these agreements must be made publicly available. The agreements should also specify that only employees of the company or organization with a legitimate educational interest be allowed to access it, that adequate breach prevention and notification technologies and policies are in place, including levels and standards of encryptions for data in-motion and at-rest, that independent audits be required, and that the third party will assume financial liability for any damages caused by any breach;
  • Parents must be afforded the opportunity and ability to inspect any personal student data that is collected, shared, or warehoused, correct if it is wrong, request that it be deleted, and opt out of further collection;
  • Parental consent must be required before any school, district or state can share any student data with any third party that includes sensitive information that could harm a child’s future if breached or abused, including but not limited to their grades, test scores, disabilities, health conditions, biometric information, disciplinary or behavior records;
  • There should be an absolute ban on selling any student data, including in case of a bankruptcy, merger, or sale of a company, as well as a ban on using personal student data for advertising or marketing purposes, or for developing or refining commercial products;
  • There must be protections against schools or vendors creating “learner profiles” of students, whether through “predictive and adaptive analytics” or other measures. These profiles could lead to a student being stereotyped or their chances of future success undermined;
  • Absolutely no re-disclosures or repurposing of personally identifiable student information by third parties without informed parental consent should be allowed;
  • Tough monitoring and enforcement provisions should be required, including substantial fines to be levied on any school, state agency, nonprofit organization, or third party vendor that violates the law’s provisions;
  • A clear private right of action should be created, with parents afforded the right to sue if schools, districts, state agencies, nonprofit organizations, or third party vendors have violated the law and their children’s privacy;
  • Each state must publicly report all the data elements being collected for their state longitudinal student databases, as well as publicly report with which governmental and non-governmental third parties they plan to disclose and/or share such data;
  • State advisory boards made up of stakeholder groups, including parents, security experts, and privacy advocates, should be created to ensure that these state longitudinal databases collect the minimum amount of personal data necessary, and develop rigorous restrictions on access to such data;
  • Any new federal law should recognize the right of states to legislate more robust requirements and provide for more vigorous privacy and security protections. Federal law should therefore not preempt state laws if such state laws are stronger.

Only if these principles and provisions are adopted in a new federal student privacy law will parents be assured that the unregulated and irresponsible trafficking of personal student data will have been adequately addressed. We thank you for your leadership on this important issue and stand ready to work with you and your colleagues to ensure that a strong, workable federal student privacy law is enacted as soon as possible.

Yours sincerely,

Leonie Haimson and Rachael Stickland

Co-chairs, Parent Coalition for Student Privacy

www.studentprivacymatters.org

info@studentprivacymatters.org

303-204-1272

 

gray box9

Press Release 1.29.14

For immediate release: January 29, 2015

Contact: Leonie Haimson, leonie@classsizematters.org, 917-435-9329                                                                                                                            Rachael Stickland, info@studentprivacymatters.org, 303-204-1272

Obama privacy bill fails to put children’s safety first

Education Week has gotten hold of a draft student privacy bill out of the White House that from its description is far too weak to satisfy most parents concerned about the use and sharing of their children’s personal data.   The EdWeek article describing the bill is here: http://go.shr.lc/1vahJrs

Said Leonie Haimson, Executive Director of Class Size Matters and co-chair of the Parent Coalition for Student Privacy, “We were startled by the slide released by the White House after the President gave his speech at the FTC that students’ personal data should be able to be sold as long as it was for “educational” purposes.  Student personal data should never be sold, without the knowledge and consent of their parents.  I am very concerned that the Obama administration and the Department of Education  have been captured by the interests of ed tech entrepreneurs, and are members of the cult that believes that outsourcing education and “big data” into the hands of corporations is the answer to all educational ills. This is, after all, the administration that revealed a blind spot as to the need to protect children’s privacy by creating huge loopholes in FERPA in the first place, to encourage the amassing of highly sensitive and confidential student information and allowing it to be disclosed to a wide variety of commercial ventures.”

Rachael Stickland, co-chair of the Coalition for Student Privacy said, “Parents will now fight even harder for a bill that takes their children’s interests into account; that minimizes data sharing without parent notification and consent, and provides for real protections for student privacy and security.  We will continue to speak out until a new law is passed which puts our children’s safety first.  As described by the Ed Week article, the Obama bill clearly does not do the job.”

Weaknesses of the Obama proposal similar to California’s law, according to the EdWeek description:

1. Operators may use personal student information for internal commercial purposes including “for maintaining, developing, supporting, improving, or diagnosing the operator’s site, service or application.”

2. The proposal would allow the use of student information for “adaptive or personalized student learning purposes.” The Parent Coalition for Student Privacy cited this weakness in our press release critiquing the California law here: http://go.shr.lc/1IlSVil

3. Allows the sale of data in mergers and acquisitions “so long as the information remains subject to the same legal protections in place when it was originally collected.” (Quoted section is from EdWeek.)

4. Requires companies to “maintain reasonable security procedures and protocols” for student information, and allow the information to be deleted at the request of a school or district. However, there needs to be specific security and encryption provisions in the law,  as well as parental rights to be notified, consent or delete data.

Areas where the proposal appears to be even weaker than California law:

1. There appears to be no prohibition on vendors amassing profiles of students for non-education purposes. Profiling – whether for targeted advertising or sorting students based on abilities or disabilities - is one of our greatest concerns.

2.  Does not prohibit the collection of student information from an online education site to be used on other commercial websites or services for targeted advertising or marketing purposes. Presumably, this means that if a child uses Google Apps for Education (GAFE), Google would be unable to target ads to the child using GAFE but could target ads to the child on other commercial services linked to Google.  This is entirely unacceptable.

###

Obama on selling student data

Press Release 1.12.15

For immediate release: January 12, 2015

Contact: Leonie Haimson, leonie@classsizematters.org, 917-435-9329;                                                                                                                            Rachael Stickland, rachael.stickland@gmail.com, 303-204-1272

Parent Coalition for Student Privacy on President’s Announcement of Need for New Federal Student Privacy Protections

The Parent Coalition for Student Privacy thanks the President for recognizing the need for new federal student privacy protections, but points out how the California law that the President lauded as a model cannot be used without strengthening its provisions around parental notification, consent, security protections and enforcement.

“Any effort to ban the sale of student information for targeted advertising is a good first step, but the White House’s proposal appears to allow companies to sell and monetize student data for unspecified ‘educational purposes,’ including to develop products that would amass enormous personal profiles on our children. Profiling children based on their learning styles, interests and academic performance and then being able to sell this information could  undermine a student’s future. Parents want to ban sale of student data for any use and demand full notification and opt-out rights before their children’s personal information can be disclosed to or collected by data-mining vendors,” said Rachael Stickland, co-chair of Parent Coalition for Student Privacy.

Leonie Haimson, Parent Coalition co-chair and Executive Director of Class Size Matters said, “We also need strong enforcement and security mechanisms to prevent against breaches.  Schools and vendors are routinely collecting and sharing highly sensitive personal information that could literally ruin children’s lives if breached or used inappropriately.  This has been a year of continuous scandalous breaches; we owe it to our children to require security provisions at least as strict as in the case of personal health information.“

Here is a summary of the gaps and weaknesses in the California student privacy bill, which the President said should serve as a model for a federal law:

  • Bans vendors using personally identifiable information (PII) student data to target advertising or selling of data, but not in case of merger or acquisitions, or presumably in case of bankruptcy, as in the recent Connectedu case.  The President’s proposal would be even weaker, as it would apparently allow the sale of student data for unspecified “educational purposes”;
  • Only regulates online vendors but not the data-sharing activities of schools, districts or states;
  • Provides no notification requirements for parents, nor provides them with the ability to correct, delete, or opt out of their child’s participation in programs operated by data-mining vendors;
  • Unlike HIPAA, sets no specific security or encryption standards for the storage or transmission of children’s personal information, but only that standards should be “reasonable”;
  • Allows tech companies to use children’s PII to create student profiles for “educational” purposes or even to improve products;
  • Allows tech companies to share  PII with additional and unlimited “service” providers, without either parent or district/school knowledge or consent – as long as they abide by similarly vague “reasonable” security provisions;
  • Allows tech companies to redisclose PII for undefined “research” purposes to unlimited third parties, without parental knowledge or consent –without requiring ANY sort of security provisions for these third parties or even that they have recognized status as actual researchers;
  • Contains no enforcement or oversight mechanisms;
  • Would not have stopped inBloom or other similar massive “big data” schemes designed to hand off PII to data-mining vendors – and like inBloom, would also be able to charge vendors or “service providers” fees to access the data, as long as states/districts consented.

###

gray box9

In Wayzata, Minnesota, a school spies on its students

Nathan Ringo is a high school 11th grader at Wayzata High School in Minnesota.  The post is reprinted with his permission from Boing Boing; the Minneapolis Post has also reported on his work to protect student privacy, and its impact.

I’m a student. As a student, my school is one of my favorite places to be: I enjoy learning and find almost all my teachers to be agreeable. I’m also a programmer and an advocate of free speech. In that role, my school holds a more dubious distinction: it’s the first place where my interests in computers and my rights were questioned.

Like many other school districts, #284 of Wayzata, Minnesota puts censorware between students and the Internet. This filter lets the school claim federal funding in exchange for blocking pornography. However, Wayzata chose to implement an unsavory policy of blocking not just porn, but anything and everything they feel is inappropriate in a school setting. Worse, I could not find out who makes the judgements about what should be considered inappropriate. It’s not stated in the school board policy that mandates the filter: that police say that the filter should “only block porn, hate speech, and harassment.” Our censorware, however, blocks material ranging from Twitter to comic books. Meanwhile, students are told to use Twitter as part of our Spanish classes and our school offers a course on comic books. Beyond blocking sites that are used in classes, there are also many false positives.

I started trying to get around the content filtering system in 7th grade, halfway through middle school. I used the old trick of accessing blocked sites by looking up their IPs, then using those in place of their domain names. Back then, the censoring layer was something like a regex matcher strapped onto an HTTP proxy–in other words, all the data was routed through software that simply looked for certain domain names or terms in the URL, then blocked those requests. When the school upgraded their filter to a different product, I was stuck on the censored net again for a few months. By eighth grade, I had taught myself to code in C++, an “actual programming language” more powerful than the basic web scripting languages I’d known up until that point. Although I still wasn’t able to get past the new censorship with my relatively rudimentary knowledge, I did get introduced to the software tools that could – Linux, SSL, and SOCKS5. With these, I was unaffected by all the bad Internet policy decisions made in the next two and a half years: the blocking of YouTube and Vimeo, rate-limiting on downloads, and an exponentially expanding list of addresses that are deemed to be too horrifying for students to view, such as XKCD, Wikipedia, news websites and anywhere else that, somewhere, contains a naughty word.

Prior to starting the 10th grade last year, I’d only ever had one major run-in with my school, when the librarian and I had a misunderstanding about my using the computer lab to teach myself DOS Batch after finishing my classwork. So I was surprised to get a summons to the Associate Principal’s office. When I arrived, I was told that someone had alleged that I was “hacking the firewall.” I have a habit of talking rather quickly when excited, which may have messed up my attempt to explain the difference between cracking and hacking; and that I’d never touched the school’s firewall. This first meeting ended inconclusively, with my insistence that I hadn’t broken any laws or school rules (true), and that she was using the wrong terminology. A couple of days later, I got called into her office again. This time, the school’s webmaster was present. Assuming that he’d know what I was talking about, I then gave a more technical explanation of everything I was doing. The response was that I was still in trouble, despite his understanding that I hadn’t done anything wrong “yet”. I felt like they were implying that by avoiding censorship, I was obviously heading for a life of computer crime. Weeks passed, and I assumed that the whole thing had blown over.

Nope. I was brought to a conference room, and I started to get worried. While I knew that I hadn’t done anything wrong, I also knew that there are very few good things that happen when a student is told to report to a conference room. There, the “Director of Technology” responded to my previous complaint that I was being persecuted for a non-existent rule violation with more implications of future illegal activity, with a librarian chipping in one of my most hated lines, “But if you’re not doing anything wrong, why are you so concerned about privacy?”

The associate principal “helped” by referring to me as a cracker. I don’t think too many people at the meeting had knowledge of the cracker-hacker dichotomy, so there was a bit of silence after that line. The Director of Technology then pulled out a copy of a board policy with a highlighted bit essentially claiming that he personally is entitled to enact and enforce any punishment that he deems fit, regarding any sort of conduct relating to the school’s technology. After that, my Internet access within the school was revoked for the rest of the term. To get it back, I was assigned to write an apologetic letter talking about how I’d be more “responsible” in the future, as if I had shown some outburst of immaturity by wanting uncensored access to the Internet.

This year, the problems started again. Before the year even started I got in trouble for opposing the upcoming technology plan. The school board decided to purchase an iPad for every student, fill it up with spyware and more censorware, and hand them out with little explanation of this software and what it did.

I thought this was horrible, so naturally I fought it. I stood by the line for iPads and read aloud the “contract” that all students were forced to agree to, and loudly pointed out the clause that explicitly allows the district to monitor us at any time, for any reason.

I was directed to the same Associate Principal. I was once again subjected to the “if you’re innocent, why are you hiding stuff” line before being directed out of the building, without an iPad. Since then, the ban on Internet access from the school has been reinstated, until I meet with a different Associate Principal and the Director of Technology.

Students don’t get to call those meetings, so I’m just waiting until my day comes. In the meantime, I’ve had to use my own tablet– a Surface Pro 1 running Arch Linux–and my own Internet connection–over Bluetooth from my phone–while in school.

As a student, I find my school a great place to be. As an advocate of free speech, however, the school’s policies are terrible.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

gray box9

Restoring Privacy in the Era of Big Data by Kris Alman

Edward Snowden became a household name after he leaked top secret documents that demonstrated the vast scope of our government’s domestic surveillance programs. Much of this work is outsourced to private companies–such as Booz Allen Hamilton, owned by the Carlyle Group, a US-based investment fund with $176 billion in assets.

But the “war on terrorism” and the long arm of the Patriot Act (passed by Congress in October, 2001) go beyond telephone and Internet communications. Government and law enforcement now have unparalleled access to student records and medical records.

It’s been the perfect storm for business to swoop into pubic coffers to mine personal data.  “Authorized representatives” and “business associates” access personally identifiable information in both education records and “Protected” Health Information (PHI) in our medical records. In the meantime, state agencies collect this data in big databases–without attention to fair information practices and principals, the central contribution of an HEW (Health, Education, Welfare) Advisory Committee on Automated Data Systems in 1972.

Unfortunately there are no Edward Snowdens among education and healthcare technocrats. They seem to be both smitten with data utopia and tempted by “free” services of the digital economy. The train with our education and medical data collected without our consent has already left the station.

Case in point: The Los Angeles Unified School District has spent more than $130 million on a student information system, which has become a technological disaster. Ron Chandler, the district’s Internet technology officer, said that once the problems are ironed out, the system will free the district from the consent decree and provide a valuable tool for tracking and boosting student success.

A parallel explosion of big data since 2001 is not coincidental. Big data utopians proclaim better integration of fragmented health and education sectors and data analysis will improve outcomes and improve value. The question never seems to be asked, “For whom?”

The P in HIPAA does not stand for privacy.

HIPAA is the Health Insurance Portability and Accountability Act. For one brief year in 2001, newly implemented HIPAA privacy rules meant “…a covered healthcare provider must obtain the individual’s consent, in accordance with this section, prior to using or disclosing protected health information to carry out treatment, payment or health care operations.” That all changed in 2002 when Health and Human Services eliminated the right of consent and replaced it with a “new provision…that provides regulatory permission for covered entities to use and disclose protected health information for treatment, payment, or health care operations.”

Traditional (doctors, pharmacists, hospitals, health plans, Medicare/Medicaid etc.) and not-so-traditional (just what is a clearinghouse?) covered entities must comply with HIPAA privacy and security rules, enacted in 2002. Businesses that contract with covered entities gain access to our PHI, without our consent, by signing a business associate agreement to comply with these rules.

It’s impossible to create a detailed map of where sensitive personal health information flows from prescription records, to DNA, to diagnoses. And without a “chain of custody,” it’s also impossible to know who uses our data or why. Dr. Deborah Peel from Patient Privacy Rights points out in a recent TEDx talk, if the 2002 HIPAA were supposed to improve care and cut costs, why has the opposite occurred?

Big data simplifies access to data—a win-win for business and government. While corporations learn our secrets, trade secrets simultaneously protect how they profit from data mining our private lives. And it’s far more efficient for the government to obtain confidential information data mining big businesses, thus bypassing teachers and doctors, who would compromise professional ethics when confidentiality is compromised.

Many states have created, or are in the process of creating all payer health care claims databases. The goal is “a regional all payer dataset… (which is) seamless across state lines in terms of being a longitudinal record based on the patient.”

In Oregon, payers (insurance carriers, other third-party payers, or health plan sponsors, such as employers or unions) directly send “patient demographic information such as date of birth, gender, geography, and race/ethnicity” along with “medical and pharmacy insurance claims (that) capture plan payments, member financial responsibility (co-pay, co-insurance, deductible), diagnoses, procedures performed, and numerous other data fields” to Milliman Inc.

Milliman is one of the top purchasers of medical records. Oregon pays this global actuarial firm to collect an incredible amount of confidential data—all done without patient consent. Could Milliman’s computers glean data that could be used to deny life insurance for companies that use Milliman’s services? After all, they boast that, “No firm has a more complete understanding of insurance than Milliman, from the nuances of various regulatory regimes to the patterns in policyholder behavior.

While Oregon’s goal is to provide information to consumers and purchasers of health care, most states, including Oregon score an F when it comes to price transparency. Trade secrets protections are used to prohibit databases from “revealing proprietary fee schedule amounts for any payer/provider.”

Patients across the nation are feeling the financial sting when it comes to the not-so-Affordable Care Act. Wanna’ have a baby? A financial counselor may spring a “global fee” on you, which doesn’t include hospital charges or anything else on a long list of exclusions. And while they may point to an “average” cost in the “summary of benefits,” disclaimers allow for actual costs that may be higher.  So much for market-based transformations!

Pushback from parents for student data privacy

Privacy protections in FERPA, the Family Educational Rights and Privacy Act, were gutted with rule changes in 2008 (including those relating to section 507 of the USA Patriot Act) and 2011. US Secretary of Education Arne Duncan, Obama’s basketball buddy, implemented these rule changes and sweetened the pot with stimulus money. States were tasked to create statewide longitudinal data systems that collect and warehouse student data.

Earlier this year, parent activists successfully pushed back in shutting down inBloom. Founded in 2011 with $100 million from the Bill & Melinda Gates Foundation and the Carnegie Corp, this nonprofit was designed to collect confidential and personally identifiable student and teacher data.

This data included student names, addresses, grades, test scores, economic, race, special education status, disciplinary status and more from school districts and states throughout the country… on a data cloud run by Amazon.com, with an operating system by Wireless/Amplify, a subsidiary of Rupert Murdoch’s News Corporation. What’s more, InBloom planned to share this highly sensitive information with software companies and other for-profit vendors.

Constitutional rights to data privacy?

Is data speech, protected by 1st Amendment rights? Or property, protected by the 4th Amendment.

Authors of a recent Stanford Law Review article argued for the former. “When the collection or distribution of data troubles lawmakers, it does so because data has the potential to inform and to inspire new opinions. Data privacy laws regulate minds, not technology.” The authors state that whenever state regulations interfere with the creation of knowledge, that regulation should draw First Amendment scrutiny.

If you think your data is property, protected against unlawful search and seizure with Fourth Amendment protections, think again. As reviewed in the Emory Law Journal, “if a person “volunteers” information to a third party, she loses all constitutional protection for the information, regardless of whether it reflects an underlying autonomy interest that is otherwise protected by the Constitution.” This is the third-party doctrine.

Media conglomerates and bloggers compete for readers to monetize digital content through “behaviorally targeted advertising.”  The third party doctrine allows private companies to track individuals and create single, comprehensive profiles for each user. Campaigns strategically mine our hobbies, passions and vulnerabilities to micro-target a tailored message that effectively sells politics and products. The Federal Trade Commission has taken a hands-off approach when pressuring businesses to self-regulate when it comes to behavioral targeting. So states are responding.

California passed a new student privacy law that “prohibit(s)an operator of an Internet Web site, online service, online application, or mobile application from knowingly engaging in targeted advertising to students or their parents or legal guardians, using covered information to amass a profile about a K–12 student, selling a student’s information, or disclosing covered information.”

The application of FERPA to data derived from online personalized learning programs is not entirely clear. Are “personalized learning programs,” a hybrid model that combines online and traditional instruction, another type of behavioral targeting? Can the third party doctrine be invoked when districts and universities sign privacy agreements with businesses for these outsourced services?

Should we put faith in industry signatories to a “student privacy pledge“? The Future of Privacy Forum and the Software and Information Industry Association conceived this pledge. Interestingly, Google has not signed the pledge, though they are one of the many data miners supporting the Future of Privacy Forum.

Google Apps for surreptitious user profiles

Google Apps for Education is one of the freebies school districts and universities clamor for.  Bram Bout, the head of Google Apps for Education told the Guardian, “More than 30 million students, teachers and administrators rely on Google Apps for Education every day to communicate and collaborate more efficiently.” But Google presents “take-it-or–leave-it contracts” and a “gag clause” in its negotiations with schools for this service. As such, Berkley IT professionals couldn’t learn “how other campuses protected the privacy of their students and faculty.”

In a lawsuit against Google, students (both as individuals and in a class action complaint) claimed Google violated federal and state wiretap laws by intercepting electronic Gmail messages and data-mining those messages for advertising-related purposes–including the building of “surreptitious user profiles.” Google sought dismissal, saying “automated (non-human) scanning is not illegal ‘interception’ ” and that “the processes at issue are a standard and fully-disclosed part of the Gmail service.”

Judge Lucy Koh, whose jurisdiction is in the heart of Silicon Valley, denied a motion from Google to dismiss the case entirely. She rejected the company’s argument that Gmail users agreed to let their messages be scanned when they accepted subscription service terms and privacy policies.

But she later denied the plaintiffs’ motion to turn the suit into a class action on the grounds that it would be impossible to determine which email users consented to Google’s privacy policies. This means email users must sue individually or in small groups, lowering recoveries and boosting costs.

Joel R Reidenberg, a law professor at Fordham University, told Education Week, “The complexity of these arrangements exceeds what FERPA is really capable of addressing.” The 40-year-old FERPA does not adequately define what constitutes an education record at a time when previously unthinkable amounts of digital data about students proliferate.

With this lawsuit in mind, should patients feel reassured by Google’s Business Associate Agreement that offers “HIPAA compliant online services for covered entities”?

Data breaches, big data and identity theft

Then there are the inevitable breaches. The Office of Civil Rights must investigate and post health record breaches of over 500. The many flavors include hacking/IT incident, improper disposal, loss, theft, unauthorized access/disclosure, unknown and other.

One of the most recent breaches reported (and not yet in the database) affected 4.5 million patients served by the for-profit hospital chain, Community Health Systems Inc. Investigators believe the attack was the work of Chinese hackers that exploited the Heartbleed bug. Affected patients must worry about identity theft.

As USA Today reports, medical identity theft is epidemic and we should all be on the alert for that possibility. Having experienced tax related identity theft this past March, I assume my husband and I will never understand how our identity was stolen. This is especially disturbing when one considers that child identity theft rates are fifty-one times higher than adults. While these digital natives are savvier with technology, they are more vulnerable as well.

Furthermore, there is “no private right of action” when unlawful access, use or disclosure of protected health information or student’s protected information occurs. In other words, you can’t sue under HIPAA or FERPA laws when your personal data has been compromised.

Heath, Education and Welfare?

The Department of Health Education and Welfare was a Cabinet post from 1953-1979, when the Department of Education was created. But these departments still intersect. Joint guidance on the application of FERPA and HIPAA to student health records was published in 2008.

Schools use assessments for special education eligibility and 504 accommodations (such as for ADD/ADHD). The monopoly on these tests is London-based Pearson, the largest education company and book publisher in the world. Since last year, Pearson Clinical has been using Q-global to score and store tests. This decreased administrative burden is attractive for districts that are increasingly choosing the Q-Global option instead of scoring manually or with software.

Students who receive special education or 504 accommodations are afforded confidentiality provisions under IDEA, the Individuals with Disabilities Education Act. How could parents feel reassured that safeguards and policies to destroy information will be enforced?

Should Pearson Q-Global have the right to glean data for and use “non-personally identifiable statistically aggregated data raw test data and other information collected in the testing process for our research, quality control, operations management, security and internal marketing purposes and to enhance, develop or improve tests and testing processes”? Or transfer the data “in connection with a sale, joint venture or other transfer of some or all of the assets of NCS Pearson, Inc.” or “to our contractors or agents who are committed or obliged to protect the privacy of Personal Information in a manner consistent with this Privacy Policy“?

Conclusion: Without strong privacy and security protections for individuals, the costs of 21st Century digital disruption appear to outweigh benefits. Our identity is fundamentally our intellectual and spiritual property. Corporations protect their intellectual property with trade secret laws, yet laws don’t afford the same privacy rights to people. 

We must demand the right to privacy. As such, we should support the Student Privacy Bill of Rights, (conceived by the Electronic Privacy Information Center) as an enforceable student privacy and data security framework. The Patient’s Bill of Rights, implemented in 2010, doesn’t address privacy–reflecting the need to modernize HIPAA.

In June 2014 Joel R Reidenberg testified before two Congressional sub-committees on “How Data Mining Threatens Student Privacy.” His four recommendations equally apply to patient privacy. (Suggested modifications are in parentheses.)

  1. Modernize FERPA (and HIPAA) to protect and limit the use of all student (and patient) information whether held by schools (and covered entities) or vendors (and business associates)—including a prohibition on non-educational (and non-medical) uses of student (and patient) information and graduated enforcement remedies such as private rights of action.
  2. Require that the processing of student (and patient) data under any federally financed educational (and health care) program be prohibited unless there is a written agreement spelling out the purposes for the processing, restricting the processing to the minimum amount of data necessary for those purposes, restricting the processing to permissible educational (and health care) uses, mandating (enhanced) data security, requiring data deletion at the end of the contract, and providing for schools’ (and covered entities’) audit and inspection rights with respect to vendors (and business associates).
  3. Require that states adopt an oversight mechanism for the collection and use of student (and patient) data by local and state (educational) agencies. A Chief Privacy Officer (in state departments of education) is essential to provide transparency to the public, assistance for local school districts (and coveredentities) to meet their privacy responsibilities, and oversight for compliance with privacy requirements.
  4. Provide support to the Departments of Education (and Health and Human Services) and to the research community to address privacy in the context of rapidly evolving educational technologies, including support for a clearing center to assist schools (and covered entities) and vendors (and business associates) find appropriate best practices for their needs.

The Chief Privacy Officer (CPO) should be independent of the state agency involved. One state serves as a potential model: Ohio.

Further, an advisory group that includes agency representatives and citizens from stakeholder groups should help the CPO develop privacy policies. We need to restore full consent and notification of confidential data sharing and oversee data collection that include longitudinal data systems, created in direct response to various federal programs. Meetings should be open to the public to foster participation. These steps are essential to restoring trust in our government.

To be a free and democratic and globally responsive society, power should be in the hands of the people and not the 1%. We need digital innovations that put people in control of their data. We should repeal the Patriot Act and demand net neutrality.  With that power, we can battle the huge problems facing us—including climate change, Ebola and poverty.

These are not simple solutions. We need to learn more and to get involved. For more information, go to Patient Privacy Rights and the Parent Coalition for Student Privacy.

 

gray box9

Parent Coalition for Student Privacy Not Satisfied with Tech Industry “pledge”

For Immediate Release: October 7, 2014

For more information contact:
Leonie Haimson, leonie@classsizematters.org; 917-435-9329
Rachael Stickland, info@studentprivacymatters.org; 303-204-1272

While parents and advocates involved defeating inBloom are appreciative that the voluntary pledge released today by members of the software industry bars the selling of student data and its use for targeting ads, its provisions fall far short of what would be necessary to uphold the rights of parents to control access to their children’s personal information and protect their privacy. It appears that technology vendors and their supporters are trying to forestall stronger federal and state laws that would really hold them accountable.

The provisions do not include any parental consent or notification requirements before schools disclose the highly sensitive personal data of their children to vendors, and contain no specific security or enforcement standards for its collection, use or transmission. It would also allow for the infinite disclosure or sale of the data from one company to another, when the first one goes bankrupt, is merged or acquired by another corporation.

Leonie Haimson, Executive Director of Class Size Matters based in NYC and co-chair of the Parent Coalition for Student Privacy, said: “We need legally enforceable provisions requiring parental notification and consent for the disclosure and redisclosure of personal student data, as well as rigorous security protocols. This pledge will not achieve these goals, and will not satisfy most parents, deeply concerned about protecting their children from rampant data sharing, data-mining and data breaches.”

As Rachael Stickland, Colorado parent and co-chair of the Coalition pointed out, “The pledge explicitly allows for the use of student personal information for ‘adaptive learning.’ Parents are very worried that predictive analytics will lead to stereotyping, profiling and undermining their children’s future chance of success. At the least, industry leaders should support full disclosure of the specific student data elements employed for these purposes, and understand the need for informed parental consent.”

Said Melissa Westbrook, moderator of the Seattle Schools Community Forum and co-founder of Washington State’s Student Privacy Now, “This so-called pledge, filled with mumbo-jumbo, has one glaring item missing – legally enforceable punishment for K-12 service providers who don’t protect student data. Without that, students and their data have no real protections. ”

Concluded Josh Golin, Associate Director for the Campaign for Commercial-Free Childhood, “Across industries, self-regulation has been proven inadequate when it comes to protecting children, and there is absolutely no reason to believe that students’ most sensitive information can be safeguarded through voluntary pledges. Only federal and state legislation that have clear enforcement mechanisms and penalties will give students the protections – and parents the peace of mind – they deserve. It’s disappointing the ed tech industry’s main takeaway from the inBloom fiasco is that they need better PR.”

###

gray box1

Barmak Nassirian’s quick review of the Markey/Hatch privacy legislation 7.31.2014

This is done too quickly to be comprehensive, but is intended as a first reaction to the Markey/Hatch privacy bill’s language.  – Barmak Nassirian.

  1. The bill is very narrow and does not attempt to address the main objections raised by parents and privacy advocates about the ways in which the 2008 and 2011 FERPA regs undermined educational privacy rights. Specific topics like the 2011 regs’ definition of “education program,” or “authorized representative” are left unresolved, with authorized representative only being referenced (infelicitously at that, since a comma is missing on page 2, line 23 before “and”) as an outside party that would be subject to unspecified security requirements.
  2. On the affirmative front, the language does specifically condition receipt of federal funds on “protection” of personally identifiable information, and requires ed agencies and institutions to impose that same requirement on any “outside parties” to whom they disclose PII. The problem here is that “protection” is undefined, and more importantly, that the issue is not so much protection of records from unauthorized access, but limiting the universe of entities and individuals who may inappropriately be granted authorized access. (Page 2, new section (4)(A) lines 7-19)
  3. The language prohibits receipt of federal funds by programs that use or disclose PII “to advertise or market a product or service.” This language is incomplete and problematic at a couple of levels. First, why not, at the very least, ban all commercial uses of PII? Why only marketing and advertising, but not sale of PII to improve software, develop for-profit tests, or design products? Second, there’s no distinction made between directory and non-directory information. (Would providing a list of students to a photographer taking yearbook pictures be a violations?) Finally, no distinction is made between non-consensual and consensual disclosures. The most comprehensive solution would be to ban all commercial uses as well as non-consensual disclosures to any entity without a legitimate educational interest as that term is defined and applied to school officials. There may have to be targeted exceptions for disclosures like transcripts (involving fees and very sensitive PII) or transactional interactions like the photographer example above. (New Section 5, page 3, lines 3-10)
  4. The amendment imposes new requirements on “outside parties” that are intended to parallel the “inspection, correction, amendment” provisions of existing law, but do so in an unorthodox and problematic way. First, absent a parallel notice requirement to parents and students, how would they even know about disclosure of PII to outside parties? Second, probably inadvertently but maybe not, the rights are provided for parents but not for students themselves, which opens a huge and very messy can of worms particularly with regard to postsecondary students. (I couldn’t review my records at my age, but my parents could?) Third, the language departs from the standard “inspection, correction, or amendment” and expands the list to “challenge,correct, or delete.” While this confusing language may arguably be viewed as an expansion of privacy rights, the rest of the sentence immediately takes back what the bill giveth, by limiting the rights only to “inaccurate, misleading, or otherwise inappropriate data” which are left undefined. Current law, of course, makes no such distinctions, and imposes no such limitations or burdens on students or parents, who may amend the record—with no mandate for adjudicating the veracity of its contents—as they see fit. (Pages 3, line 11 through page 4, line 17)
  5. The new section (7) in the bill explicitly requires data minimization, but proceeds to define it in a most unconventional manner as attempting to respond to “appropriate” (i.e., Legally allowed? Legally required? Something else?) requests for PII through provision of de-identified data, if such de-identified data meet the “effective” purpose of the request. Leaving the obscurity and vagueness of the terms aside, this language is oblivious to the enormous difficulty of robust de-identification (which goes well beyond dropping names and SSNs) and the relative ease of re-identification of putatively anonymized records. Subsection (B) of this section adds a data retention rule, which would require that data be destroyed once the original purpose for their initial disclosure has been met. This is a positive improvement on current law. (Page 4, line 18 through page 5, line 6.)
gray box1

Our response to the Markey/Hatch student privacy bill introduced 7.30.2014

For immediate release: July 30, 2014

 

Rachael Stickland, 303-204-1272; info@studentprivacymatters.org

Leonie Haimson: 917-435-9329; leonie@classsizematters.org

 

On the Markey/Hatch student privacy bill

 

Rachael Stickland, co-chair of the Parent Coalition for Student Privacy, said: “Though we appreciate the effort that Senators Markey and Hatch have undertaken on behalf of better privacy protections for students, their proposed legislative fix falls short of what’s needed; it sets no specific security standards for the storage or transmission of children’s personal information, allows unlimited disclosures and redisclosures  to for-profit vendors and other third parties without parental consent as long as the data isn’t used for marketing purposes, and doesn’t even require that schools and districts inform parents as to what personal information is being shared with which particular vendors.  Thus the clause that requires that parents be able to amend the information held by the vendor is nonsensical as its unclear how they would even know who to contact.” 

 

Said Leonie Haimson, the other co-chair of the Parent Coalition, “Nothing in this bill would have stopped the outrageous data-grab of inBloom, or any of the other companies set to take its place. We need a far stronger bill to do the job that parents are demanding:  protecting their children’s privacy and safety from breaches and  unwarranted data-mining.”

 

###

  

The link to the “Protecting Student Privacy Act ” is here.

 

gray box1

Press Release 7.24.2014 – Louisiana

FOR IMMEDIATE RELEASE
July 24, 2014
For more information contact:
Leonie Haimson: leonie@classsizematters.org; 401-466-2262; 917-435-9329
Rachael Stickland: info@studentprivacymatters.org; 303-204-1272
Lee P. Barrios: lee@saveourschoolsmarch.org; 985-789-8304
 
New Coalition Urges Congress to Listen to Parents and Strengthen Student Privacy Protections
A new national coalition called the Parent Coalition for Student Privacy released a letter this week to the leaders of the committees of the House and Senate Education Committees, urging Congress to strengthen FERPA and involve parents in the decision-making process to ensure that their children’s privacy is protected.
Many of the groups and individuals in the Coalition were involved in the battle over inBloom, which closed its doors last spring.  They were shocked to learn during this struggle how federal privacy  protections and parental rights to protect their children’s safety through the Family Educational Rights and Privacy Act (FERPA)  had eroded over the last decade. These parents represent a broad spectrum of personal, political, and religious beliefs but are united in their concern for their parental rights and the privacy of their children.  
The letter is posted here, and calls for Congress to hold hearings and enact new privacy protections that would minimize the sharing of highly sensitive student data with vendors and among state agencies and would maximize the right of parents to notification and consent.  The letter also asks for strict security requirements, that the law be enforceable through fines, and that parents have the right to sue if their children’s privacy is violated.
Lee Barrios, teacher,  member of the Coalition for Louisiana Public Education, Information Coordinator for Save Our Schools March, and PCSP founding member said that Louisiana parents crossed only the first hurdle in protecting their children with the passage of Act 837 during the 2014 legislative session.  The legislation was precipitated by parents whose investigations revealed that State Department of Education Superintendent John White had contracted with inBloom to store personally identifiable student information including social security numbers. The bill requires that the Louisiana Department of Education develop anonymous student identification numbers and the department will also be prohibited from seeing or keeping any personally identifiable data about a child. Students’ names, addresses and other information will only be maintained at the local school district level. 
St. Tammany parent Debbie Sachs, along with her daughter Rachel, became privacy activists as a result of Rachel’s realization that her personal information was targeted.  Rachel’s testimonies before legislative committees and the State Board of Education were compelling.  Ms. Sachs says, “It is a sad day when children have to take a day off of school to travel to Baton Rouge to ask legislators to please protect their right to privacy.  it is an even sadder day to see the chilling effect of the 21st century data mining in the classroom.  Children no longer feel safe using technology to submit essays, opinions, and other assignments.  Teachers and parents are becoming wary as well.”  In Rachel’s words, “Will this data be used against me?  It all comes down to fear.” 
 
Jason France, Baton Rouge parent formerly employed by LDE as an IT expert, said, “Information is proving to be the most valuable commodity of the 21st Century. We must all fight to keep ourselves and our society safe from the information prospectors that see us and our children as little more than their next Klondike while they conspire to chain us inextricably to their Big Data mines.”
 
Louisiana attorney and parent of four Sara Wood, who understands the legal and constitutional ramifications of massive data collection, said,Privacy is a foundational principle of freedom.  Freedoms are not absolute and they can be burdened by government action, however,  the integrity of that freedom is maintained by requiring due process and consent where applicable for government action.”  
Rachael Stickland, a leader in the fight for student privacy in Colorado and co-chair of the Coalition to Protect Student Privacy points out, “inBloom’s egregious attempt to siphon off massive amounts of sensitive student information and to share it with for-profit vendors took parents by surprise.  Once we learned that recent changes to FERPA allowed non-consensual disclosure of highly personal data, parents became fierce advocates for their children’s privacy.  We’re now prepared to organize nationally to promote strong, ethical privacy protections at the state and federal levels.”
Diane Ravitch, President of the Network for Public Education said: “Since the passage of FERPA in 1974, parents expected that Congress was protecting the confidentiality of information about their children. However, in recent years, the US Department of Education has rewritten the regulations governing FERPA, eviscerating its purpose and allowing outside parties to gain access to data about children that should not be divulged to vendors and other third parties. The Network for Public Education calls on Congress to strengthen FERPA and restore the protection of families’ right to privacy.”
“The uprising against inBloom demonstrated the extent to which parents will not tolerate the misuse of their children’s sensitive personal information,” said Campaign for a Commercial-Free Childhood’s Associate Director Josh Golin. “But parents cannot be expected to mobilize against each and every threat to their children’s privacy, particularly if they’re not even aware of which vendors have access to student data. It is critical that Congress take real steps to protect schoolchildren from those who see student data as a commodity to be exploited for profit.”
“Parents Across America, a national network of public school parents , emphatically supports this call for hearings as a first step toward reversing federal actions that have eroded parental authority over student data, and including even stronger privacy protections for our children,” said Julie Woestehoff, a Chicago parent activist and PAA secretary.  She added: “PAA recommends restoring parental authority over student data that was removed from FERPA by the US Department of Education, enacting state laws that include parental opt out provisions in any statewide data sharing program, strictly regulating in-school use of electronic hardware and software that collect student information, and including significant parent representation on any advisory committees overseeing student data collection.”
Lisa Guisbond, executive director of Citizens for Public Schools, a Massachusetts public education advocacy group, said, “Citizens for Public Schools members, including many parents, are deeply concerned about threats to the privacy of student information. We support hearings and strong legislation to protect the privacy of this data. Parents are increasingly left out of important education policy discussions. In this, as in all crucial school policy discussions, they must have a voice.”
“Parents will accept nothing less than parental consent, when it comes to their child’s personally identifiable sensitive information. As a parent of a child with special needs, I understand the devastation that confidential information used without my consent could have on my child’s future.  As a long-time advocate for people with autism and other developmental disabilities, I implore the U.S. House and Senate to put the necessary language back into FERPA to protect students and uphold the right of their families to control their personally identifiable data,”   said Lisa Rudley, Director of Education Policy, Autism Action Network and Co-Founder of NYS Allies for Public Education.
Emmett McGroarty of the American Principles Project said, “Regardless of intention, the collection of an individual’s personal information is a source of discomfort and intimidation.  Government’s broad collection of such information threatens to undermine America’s founding structure:  if government intimidates the people, government cannot be by and for the people.”
Leonie Haimson, Executive Director of Class Size Matters and co-chair of the Coalition, concluded, “Since inBloom’s demise, many of the post-mortems have centered around the failure of elected officials and organizations who support more data sharing to include parents in the conversation around student privacy.   We are no longer waiting to be invited to this debate.  It is up to parents to see that we are heard , not only in statehouses but also in the nation’s capital when it comes to the critical need to safeguard our children’s most sensitive data – which if breached or misused could harm their prospects for life.  We are urging Congress to listen to our concerns, and act now.”
For more information see www.studentprivacymatters.org
 
Lee P. Barrios, M.Ed., NBCT
985-789-8304
Debbie Sachs
985-626-3595
Jason France
225-892-4410
Sara Wood
985-727-1981 
gray box1

Press Release 7.23.2014

FOR IMMEDIATE RELEASE

July 23, 2014

For more information contact:

Leonie Haimson: leonie@classsizematters.org; 401-466-2262; 917-435-9329

Rachael Stickland: info@studentprivacymatters.org; 303-204-1272

New Coalition Urges Congress to Listen to Parents and Strengthen Student Privacy Protections

A new coalition called the Parent Coalition for Student Privacy released a letter today to the leaders of the committees of the House and Senate Education Committees, urging Congress to strengthen FERPA and involve parents in the decision-making process to ensure that their children’s privacy is protected.

Many of the groups and individuals in the Coalition were involved in the battle over inBloom, which closed its doors last spring.  They were shocked to learn during this struggle how federal privacy  protections and parental rights to protect their children’s safety through the Family Educational Rights and Privacy Act (FERPA)  had eroded over the last decade.

The letter is posted here, and calls for Congress to hold hearings and enact new privacy protections that would minimize the sharing of highly sensitive student data with vendors and among state agencies and would maximize the right of parents to notification and consent.  The letter also asks for strict security requirements, that the law be enforceable through fines, and that parents have the right to sue if their children’s privacy is violated.

Rachael Stickland, a leader in the fight for student privacy in Colorado and co-chair of the Coalition to Protect Student Privacy points out, “inBloom’s egregious attempt to siphon off massive amounts of sensitive student information and to share it with for-profit vendors took parents by surprise.  Once we learned that recent changes to FERPA allowed non-consensual disclosure of highly personal data, parents became fierce advocates for their children’s privacy.  We’re now prepared to organize nationally to promote strong, ethical privacy protections at the state and federal levels.”

Diane Ravitch, President of the Network for Public Education said: “Since the passage of FERPA in 1974, parents expected that Congress was protecting the confidentiality of information about their children. However, in recent years, the US Department of Education has rewritten the regulations governing FERPA, eviscerating its purpose and allowing outside parties to gain access to data about children that should not be divulged to vendors and other third parties. The Network for Public Education calls on Congress to strengthen FERPA and restore the protection of families’ right to privacy.”

“The uprising against inBloom demonstrated the extent to which parents will not tolerate the misuse of their children’s sensitive personal information,” said Campaign for a Commercial-Free Childhood’s Associate Director Josh Golin. “But parents cannot be expected to mobilize against each and every threat to their children’s privacy, particularly if they’re not even aware of which vendors have access to student data. It is critical that Congress take real steps to protect schoolchildren from those who see student data as a commodity to be exploited for profit.”

“Parents Across America, a national network of public school parents, emphatically supports this call for hearings as a first step toward reversing federal actions that have eroded parental authority over student data, and including even stronger privacy protections for our children,” said Julie Woestehoff, a Chicago parent activist and PAA secretary.  She added: “PAA recommends restoring parental authority over student data that was removed from FERPA by the US Department of Education, enacting state laws that include parental opt out provisions in any statewide data sharing program, strictly regulating in-school use of electronic hardware and software that collect student information, and including significant parent representation on any advisory committees overseeing student data collection.”

Lisa Guisbond, executive director of Citizens for Public Schools, a Massachusetts public education advocacy group, said, “Citizens for Public Schools members, including many parents, are deeply concerned about threats to the privacy of student information. We support hearings and strong legislation to protect the privacy of this data. Parents are increasingly left out of important education policy discussions. In this, as in all crucial school policy discussions, they must have a voice.”

“Parents will accept nothing less than parental consent, when it comes to their child’s personally identifiable sensitive information. As a parent of a child with special needs, I understand the devastation that confidential information used without my consent could have on my child’s future.  As a long-time advocate for people with autism and other developmental disabilities, I implore the U.S. House and Senate to put the necessary language back into FERPA to protect students and uphold the right of their families to control their personally identifiable data,”   said Lisa Rudley, Director of Education Policy, Autism Action Network and Co-Founder of NYS Allies for Public Education.

Emmett McGroarty of the American Principles Project said, “Regardless of intention, the collection of an individual’s personal information is a source of discomfort and intimidation.  Government’s broad collection of such information threatens to undermine America’s founding structure:  if government intimidates the people, government cannot be by and for the people.”

Leonie Haimson, Executive Director of Class Size Matters and co-chair of the Coalition, concluded, “Since inBloom’s demise, many of the post-mortems have centered around the failure of elected officials and organizations who support more data sharing to include parents in the conversation around student privacy.   We are no longer waiting to be invited to this debate.  It is up to parents to see that we are heard , not only in statehouses but also in the nation’s capital when it comes to the critical need to safeguard our children’s most sensitive data – which if breached or misused could harm their prospects for life.  We are urging Congress to listen to our concerns, and act now.”

###

 

 

 

gray box1

Our letter to Congress

Today, our Parent Coalition for Student Privacy launched.  Our letter to Congress urging them to strengthen federal student privacy protections is here (pdf) and below; our press release is here.

July 23, 2014

Dear member of Congress:

We write on behalf of a broad coalition of parents across the country to urge Congressional review of emerging threats to student privacy rights and to request legislative action to address significant shortcomings in current law. Specifically, we are alarmed about ill-thought-through federal policies that, instead of providing safeguards against non-consensual disclosure and downstream uses of children’s personally identifiable information, actually promote policies in which a child’s highly sensitive personal data is disclosed to third-parties for purposes that go well beyond reasonable educational uses and deny parents the right of notification or consent.

First, we respectfully urge Congress to hold hearings on why the U.S. Department of Education has abdicated its historic role as the guardian of educational privacy rights. In responding to interest groups that included Big Data enthusiasts, influential foundations and their grantees, and educational technology firms, the Departmenthas re-interpreted (and, in effect, unilaterally amended) the Family Educational Rights and Privacy Act of 1974 to nullify many of its most important privacy protections. This radical re-invention of FERPA is at the root of much of the data free-for-all that has resulted in massive amounts of personally identifiable student data being collected and divulged to third parties, including for-profit vendors.

As the controversy over one such third party, inBloom, has revealedthere is a wide gap between the view of most parents that they should be able to control access to their children’s personal information to protect their privacy and safety, and the perspective of various governmental agencies and private corporations that are intent on collecting and using that data without informing parents or providing them with the right to consent.

The inBloom data-mart, funded with $100 million from the Gates Foundation, sought to capture records of millions of children to enable the creation of a market in technological learning tools that would utilize and data-mine this information in name of “personalized learning.” Parents mobilized in opposition because they justly feared that the transmission and storage of their children’s most personal data on data clouds, as well as inBloom’s stated intent to provide it to a large number of for-profit vendors, was both a security and a privacy threat.

We are pleased to say that parental concerns and protests won the day over the poor judgment of state and district education officials, resulting in inBloom being driven out of business. But sadly, many other vendors seek to take inBloom’s place or to sell their wares directly to schools and districts with inadequate protections for security or privacy, and very little respect for parental rights.

Second, we respectfully urge Congress to review privacy and security practices of the multiple state longitudinal data systems created in direct response to various federal programs in recent years. These data systems are designed to collect, store and share an increasing amount of children’s personal information among a variety of state agencies and to track students over time without sufficient oversight and protections for privacy.

Finally, werespectfully urge Congress to review and strengthen both FERPA and Children’s Online Privacy Protection Act (COPPA), to roll back the harmful provisions of the 2009 and 2011 FERPA regulations, and to update both laws in light of new and unforeseen threats to privacy rights. Particularly with the growth of the educational technology industry, there has been a huge push to expand the access to personal student data with little or no federal restrictions to slow down this trend. We are dissatisfied with the recommendations of the recent White House report on privacy that evades most of the important issues and simply asserts that any student data disclosed to third parties should be used only for “educational purposes.” This generic statement is far too vague to be reassuring.

The push for greater access to educational data is motivated by the desire of the educational technology sector to develop new products and grow their market, as well as by advocates who claim that big data will revolutionize education. We believe parents—not school officials—should be in charge of deciding whether or how much of their children’s information may be shared with vendors. The benefits of big-data and data-mining software in the area of education are still highly hypothetical and cannot be used to justify the massive amount of personal data that is being collected and shared with third parties without parental knowledge or consent.

Many parents do not want their children to spend hours more each day in front of a computer and do not believe that the model of mechanized instruction that is being promoted can deliver true personalized learning. We certainly do not want our children’s disability, health and disciplinary records shared widely with third parties.

We believe that any legislation should uphold the following principles:

  • Minimize the collection by governmental agencies of highly sensitive student data and their ability to share this data with third parties;
  • Maximize the opportunities for parental notification and consent;
  • Except in very limited circumstances, restrict non-consensual access to personal student data to education authorities and roll back the 2012 “authorized representative” loophole, by which nearly anyone can be designated as an authorized representative of officials entitled to its access;
  • Mandate strict security provisions for the storage and transmission of personal student data, regular audits, and the training of education personnel about the need to maintain robust privacy and security provisions;
  • Ensure that the law is enforceable, including but not limited to the ability of the federal government to impose fines and families to sue if their children’s privacy is violated.

We urge you to open up a dialogue with parents as soon as possible. Since inBloom’s demise, much has been written about the importance of including parents in the debate over how to protect their children’s privacy yet very little has been done to involve them in the discussion. We thank you for your leadership and stand ready to work with you on this important issue.

Signed:

Leonie Haimson, Executive Director, Class Size Matters, co-chair Parent Coalition for Student Privacy 

Rachael Stickland, founder, School Belongs to the Children (CO), co-chair Parent Coalition for Student Privacy

Diane Ravitch, President, Network for Public Education

Dora Taylor, President, Parents Across America

Julie Woestehoff, Executive Director, Parents United for Responsible Education

Cassie Creswell, organizer, More Than a Score (Chicago)

Lisa Rudley, Director of Education Policy, Autism Action Network, co-founder of NY State Allies for Public Education

Josh Golin, Associate Director, Campaign for a Commercial-Free Childhood

Emmett McGroarty and Jane Robbins, American Principles Project, Washington, D.C.

SOS Oregon

Lisa Guisbond, Executive Director, Citizens for Public Schools (MA)

Robin Hiller, Executive Director, Voices for Education (AZ)

United Opt Out

Lourdes Perez, HispanEduca

Change the Stakes (NYC)

Northeast Indiana Friends of Public Education

Helen Gym, Parents United for Public Education, Philadelphia, PA.

Julia Sass Rubin, co-founder, Save Our Schools NJ

Jean Ann Guliano, Parents Across Rhode Island

Ilana Spiegel on behalf of SPEAK (Supportive Parents, Educators and Kids)for Cherry Creek (CO)

Deb Mayer, Great Schools for America

Danielle Arnold-Schwartz, Suburban Philadelphia Parents Across America

Melissa Westbrook, Seattle Schools Community Forum, Student Privacy Now

Mary Battenfeld , QUEST (Quality Education for Every Student)  Boston

Deborah Abramson Brooks, New York parent, attorney, and children’s privacy advocate

Kris Alman, privacy advocate, Oregon

Lee P. Barrios, M.Ed., NBCT, privacy activist, Louisiana

Amy DeValk and Stefanie Fuhr, founders of Voices for Public Education (CO)

Sheila Resseger, Coalition to Defend Public Education (Providence, RI)

Jose A. Soler, co-coordinator of SE Mass and RI Save Our Schools Coalition

Lisa Shultz, privacy advocate, Oregon

Colleen Doherty Wood, co-founder, 50th No More (FL)

Joy Pullmann, Managing Editor, School Reform News