Students in the great state of Connecticut are fortunate to have warrior parents protecting their private information.
Read how Jennifer Jacobson, a member of the Parent Coalition for Student Privacy, and a handful of other parents joined together to create CAPE, the Connecticut Alliance for Privacy in Education. Read how how their group was able to work with stakeholders and legislators to enact the state’s first student privacy law. This is a great example of how parent power can affect meaningful change.
Congratulations to Jennifer, CAPE, and the students of Connecticut!
HB 5469 An Act Concerning Student Data: Origin, Outcome and Gratitude
What began as a labor of love through the collaboration of four moms; Maria Naughton, Anne Manusky, Kimberly Norton Butler and myself, became a venture into our own education in how student information, used as a tool to help our educators can also pose risks to students. We met with many other concerned parents and several state representatives after learning how a majority of other states have already enacted such legislation. We began advocating for a state law that would serve to protect the children of our state and provide greater awareness to their families.
After an unsuccessful first attempt in 2015, an alliance of organizations was created, across ideological perspectives who came together to have this important conversation- known as CAPE. Together we were able to focus our priority areas within a complex issue that were pertinent to our stakeholders and advocate for their addition into a first state law for Connecticut.
What this bill does: HB 5469 An Act Concerning Student Data Privacy regulates contracts with third party vendors and operators of websites and apps who utilize student information, student records and student generated content via a written agreement with a local or regional school board.
Clarifies what must be included in contract provision with vendors who receive student information, student records or student generated content.
Restricts the use of student information, student records and student generated content to purposes defined within the contract.
Requires a means by which a parent can review student information held by a vendor and correct any erroneous information
Specifies that student information, student records and student generated content cannot be retained by a contractor after the contracted services expire, unless requested by the parent.
Clarifies that contractors and vendors do not “own” the data and that all student generated content remains property of the parent or student.
Defines technical security standards for the maintenance, transmission, access and destruction of sensitive student data.
Requires parental notification of a locally executed contract to which their children are a party to, details of the contact, and requires that contracts be posted.
Bans targeted advertising based on a students use of websites and apps used at school for school purposes.
Bans the sale, rent or trading of student information unless the sale is part of a merger.
Details the conditions and instances when an operator may disclose, use and share student information.
Specifies the timelines and process for breach notification to local and regional school boards and parents.
Creates a Task Force to examine other important issues relating to student data including: parent deletion of student information when appropriate, notice of website and apps used in school to parents, reasonable penalties for violators of the law, training on secure data handling, developing a list of approved websites and apps for use in school, a grievance process for parents and students, developing a tool kit for schools, and raising awareness on the issue of student data. The task force shall report to the general assembly with any findings and recommendations by January 1, 2017.
This bill does not stop the collection of student data or its appropriate use for instructional purposes or to improve student outcomes. It simply provides greater notice and transparency for parents and delineates contract provisions and technical security safeguards, while seeking to address misuse in an under regulated and under enforced industry.
HB5469 is a bill that serves to provide greater protection for our students, information for our parents, guidance for our schools and grants a vehicle to bring all stakeholders to the table to continue this important conversation. A bill which was borne by parents and their representatives who heard their concerns and acted to address the issue.
HB 5469 truly represents the best of us in Hartford. When constituents, lawmakers, organizations and advocates work together, listen to one another and work across the aisle we can create good policy that benefits kids, families and leaves open the door for further conversation
This is an important first step for Connecticut’s students and families and we are incredibly grateful that the legislature has heard our call this year. The bill passed unanimously in the House on May 3rd and on consent in the Senate on May 4th.
We wish to extend our sincere gratitude to those representatives who championed this work: Cristin McCarthy-Vahey, Gail Lavielle, and Toni Boucher. To the Co-Chairs of the Education Committee- Andrew Fleischmann and Gayle Slossberg, all of the co-sponsors of the bill and every member of the House and Senate for their support and vote.
I wish to also thank CAPE member representatives from the Connecticut Parental Rights Coalition-Pam Lucashu and Anne Manusky, Connecticut PTA-Marne Usher and Kathleen Kennedy, American Civil Liberties Union CT-David McGuire, Connecticut Association of Private Special Education Facilities-Ana Wittig, Connecticut Council of Administrators of Special Education-David Scata, Connecticut Association of School Administrators-Ann Jellison and Kevin Graff, Connecticut Education Association-Ray Rossomando and Susan Williams, Connecticut Federation of School Administrators-Gary Maynard and Paul Stinger, American Federation of Teachers- Jen Berigen and Jen Hochadel and Oak Hill School-Stan Stoby for their insight, support and tireless dedication to our states students and parents. It is truly an honor.
To the Grassroots contingency, starting with the original foursome and stretching across the state- what can I say ? Your fierce and fearless voices, always ready to stand guard- for which I can only bow down in awe of your continued action and advocacy.
To the parents and children of this state- this one’s for you!
On to the Governor with vigilance through to the finish line, who you may contact at 860-566-4840 to urge his signing. Nationally and within state there is more work to be done, but we have a start.
Jennifer Jacobsen, M.Ed
“Never doubt that a small group of thoughtful, committed citizens can change the world”
Heather Hicks is a parent and teacher who resides in Lacey Township, New Jersey. She spoke up at her school board meeting, criticizing Edgenuity – an online learning program produced by Pearson that her son’s school was using. In Heather’s words,
My concerns continued to grow when my son began to complain about his Biology class and a program product they were using for Blended Learning. I researched Blended Learning, the specific program- Edgenuity, by Pearson, and spoke with other parents and my son’s friends. I also watched some lesson segments with my son. The program was garbage and I spoke at two board of education meetings about it. The district ultimately did not renew the contract, and many parents and students were relieved.
Heather was surprised to discover later that she was repeatedly criticized by Bruce Friend, the chief operating officer of iNACOL (the International Association of K-12 Online Learning) in a February 10, 2016 workshop he gave at Pearson’s CITE 2016 conference – in a presentation called “Gaining Stakeholder Buy-in for your Online/Blended Learning Program.” He later gave the same presentation at the Mid-Atlantic Conference on Personalized Learning, where the session was described this way:
Gaining Stakeholder Buy-in for Blended Learning This session will address the importance of gaining stakeholder support as you seek to build a blended (or online) learning program. Stakeholders include students, parents, teachers, school leaders. We will share effective strategies in gaining the support of these key contacts; discuss barriers to gaining support; and share examples of the consequences when stakeholder support is not achieved.
It is difficult to conceive of how effective strategies for gaining parent support would include attacking concerned parents by name, (although at the second forum he mistakenly called her “Heather Micks.”) He showed a screen shot of her face taken from the school board presentation, and accused her of being ignorant about the purported benefits of blended learning and technology. He said she “killed just about three and half years of work” with her presentation, in which she had refused to “let the facts get in the way of the truth.” He also revealed her son’s log-in data in the Edgenuity program – a violation of his personal privacy by both him and presumably Pearson – and suggested that the school board should have shut off her microphone.
More recently, Susan Patrick, the CEO of iNACOL, called online learning the “Trojan horse for education reform” in a video posted on their website. This video was subsequently taken down from the website after the Parent Coalition for Student Privacy called attention to it, but the video is still posted on YouTube.
Below is the letter from Parent Coalition for Student Privacy, Parents Across America, Network for Public Education, FairTest and many state and local parent groups to the Education Commissioners in the PARCC and SBAC states, asking if they use machine scoring of their Common Core exams. Please send your own letter to your State Education Chief if you are in one of these states. More information about the lack of evidence for machine scoring is in this issue brief here and the Washington Post Answer Sheet here.
UPDATE: In response to our (or reporter) queries, PARCC finally posted their study from March 2014 on automated scoring here. The SBAC automated scoring study is here. Both are problematic in different ways. Our analysis featuring Les Perelman’s comments was published in the WaPost AnswerSheet (see above).
Rhode Island Commissioner Ken Wagner mentioned this issue at a board meeting, and confirmed they would be using machine scoring for most of the state’s PARCC written responses, while falsely saying that this was standard practice for SAT and GRE exams as well — although each of these exams is scored at least once and sometimes twice by human beings. (see video here).
Angela Chamness, Illinois Director of Assessments, ambiguously responded to a parent’s specific queries about what percent of the writing samples were scored by machine this way: “Like the majority of PARCC states, Illinois PARCC writing assessments are evaluated using automated and non-automated scoring approaches.” We can only surmise that Illinois is using the standard PARCC method of scoring 2/3 of the exams by machine, as in Rhode Island and Colorado, though she refused to make that clear.
After six weeks, none of these states have responded to our letter or other parent queries as far as I know: CA, CT, DE, DC, HI, ID, LA, MI, MT, NH, NJ, NM, ND, SD, VT, WA, WV.
If you are a parent from one of these states: please continue to send in your questions, especially #1-#3 below. The email addresses of your State Commissioners are posted here. And please let us know if you get a response by emailing us at email@example.com
April 5, 2016
To the Education Commissioners in the PARCC and SBAC states:
As parents and advocates, we have many outstanding concerns about the administration and scoring of the PARCC and SBAC Common Core exams this spring. There are several unresolved questions the answers to which have not been publicly revealed. The original PARCC contract called for two thirds of the students to have their ELA exams, including written responses, entirely scored by computers this spring, with only 10 percent of them re-checked by humans.
Similarly, according to the SBAC contract, 100 percent of students’ written responses would be scored by computers, with only half re-checked by a human being.
This is despite the fact that many experts have cited the inability of computers to assess the creativity and critical thought that the Common Core standards were supposed to demand and these exams to assess, no less distinguish nonsense from coherent narrative and reasoning. In each case, however, states had the option of having the exams entirely hand-scored for an additional charge.
So we demand that you answer the following questions:
What percentage of the ELA exams in our state are being scored by machines this year, and how many of these exams will then be re-scored by a human being?
What happens if the machine score varies significantly from the score given by the human being?
Will parents have the opportunity to learn whether their children’s ELA exam was scored by a human being or a machine?
Will you provide the “proof of concept” or efficacy studies promised months ago by Pearson in the case of PARCC, and AIR in the case of SBAC, and cited in the contracts as attesting to the validity and reliability of the machine-scoring method being used?
Will you provide any independent research that provides evidence of the reliability of this method, and preferably studies published in peer-reviewed journals?
We look forward to your prompt reply,
Leonie Haimson and Rachael Stickland, Co-Chairs, Parent Coalition for Student Privacy
Julie Woestehoff, Executive Director, Parents Across America and Wyoming parent advocate
Carol Burris, Executive Director, Network for Public Education
Monty Neill, Executive Director, FairTest
Save Our Schools New Jersey
Parents Across Rhode Island
Lee P. Barrios, M.Ed., NBCT, Louisiana Friends of Public Education
Cheri Kiesecker, CO parent, privacy advocate and blogger, Missouri Education Watchdog
Cassie Creswell, More Than A Score, Chicago IL
Dawn Collins, board member, East Baton Rouge (LA) school board
Stephanie Zimmerman, Idahoans For Local Education
Wendy Katten, Raise Your Hand for Illinois Public Education
Michelle Fine, Lynn Fedele, C. McGoey , R. Tuma & E.Halberstadt , Montclair Cares About Schools [NJ]
Arthur Freitas and Kayla Kirkpatrick, M.Ed., Colorado parents
Sheila Resseger, retired teacher from the RI School for the Deaf
On Tuesday, March 22, 2016, Parent Coalition for Student Privacy co-chair Rachael Stickland was invited to testify before the U.S. House Education & the Workforce Committee at a hearing entitled “Strengthening Education Research and Privacy Protections to Better Serve Students.”
The Committee’s media advisory can be viewed here along with the press release here. Rachael’s full testimony can be found here (and below).
Webcast of the hearing can be viewed here:
For articles about the hearing, please visit the following:
Testimony of Rachael Stickland, Co-Founder, Co-Chair
Parent Coalition for Student Privacy
Before the United States House of Representatives
House Committee on Education and the Workforce
Hearing on Strengthening Education Research and Privacy Protections to Better Serve Students
March 22, 2016
Good morning Chairman Kline, Ranking Member Scott and distinguished members of the Committee. I would like to thank you for the opportunity to testify today on behalf of parents concerned about strengthening privacy protections to better serve students.
My name is Rachael Stickland. I am a parent of two public school children in Colorado, and I am co-founder and co-chair of the Parent Coalition for Student Privacy which represents a wide coalition of parents from across the nation, from Florida to Washington, California to New York, including Democrats, Republicans and Independents, public school parents and homeschoolers, professionals and stay-at-home mothers. We receive no funding from special interests, and are united in our effort to protect all children and their privacy. We came together in July 2014 after working together as individuals and groups to defeat the widely criticized inBloom project.
The controversy surrounding this corporation that was designed to collect the personal information from students in nine states and districts sparked a new awareness among parents nationwide about how widely their children’s personal data was already being disclosed to third parties beyond the schoolhouse doors, and how few protections existed against its misuse. Though inBloom is now gone, parents continue to seek answers to exactly what information pertaining to their children is being collected, who has access to the information and for what purpose, and when that information will be destroyed.
I would like to focus my testimony today on the need to strengthen federal educational law to meet the challenges of our modern educational ecosystem and to address the current threats to student privacy. Specifically, I will place an emphasis on personal student information collected by schools and school districts that are then disclosed to state education departments and maintained in Statewide Longitudinal Data Systems or SLDS.
Currently, schools collect much more information on students than most parents realize. While some was required by No Child Left Behind and individual state mandates, much of the data now collected appears to transcend legal requirements. Beyond standard transcript-type data like student names, addresses, courses taken, grades earned and days absent, schools also collect hundreds of pieces of information like disabilities and interventions, medical information from 504 plans, disciplinary incident reports, scores on standardized exams, school readiness scores and recommendations for grade retention. Additionally, schools or commercial vendors used by schools collect highly personal information from students as they use online education tools such as Google Apps for Education or Khan Academy.
Once this information is collected at the local level, much of it is pushed up to the state to be maintained in the state unit record system called the SLDS or the P-20W (preschool through workforce). These unit record systems have been funded partly through federal grants awarded in five rounds of funding from 2005-2012. Forty seven of fifty states as well as the District of Columbia, Puerto Rico, and the Virgin Islands have received at least one SLDS grant. These systems are intended to match students and teachers for the purpose of teacher evaluation, and to promote interoperability across multiple state agencies, as well as across state lines via multi-state consortia.
Rather than simply collecting standard administrative data, these SLDS systems have the capability to maintain upwards of 400 data elements on each individual child. According to the Colorado State Department of Education, our SLDS project is designed to link information from the education department to five other state agencies, including the Colorado Department of Higher Education (CDHE), Colorado Department of Labor and Employment (CDLE), Colorado Department of Corrections (CDOC), Colorado Department of Public Safety (CDPS) and the Colorado Department of Human Services (CDHS).  The individually identifiable life-information that is so neatly organized in these systems effectively become life-long dossiers and, if or when compromised, could give away the entire life history of every student in a state.
Interagency linkages like Colorado’s SLDS and even interstate linkages  would not have been permissible prior to the unilateral regulatory changes to the federal student privacy law known as FERPA by the Department of Education in 2011.  The parents we represent strongly urge Congress to strengthen FERPA and restore the robust protections it originally contained that prohibited the expansion of the SLDS program.
SLDS’s purported purpose is to help states, districts, schools, educators, and other stakeholders make data-informed decisions to improve student learning and outcomes; as well as to facilitate research to increase student achievement and close achievement gaps. Parents don’t disagree with the premise that data can and should be used for purposes to help advance their children’s education. However, parents are concerned about SLDS because of the lack of compelling governmental interest which would justify this level of tracking that serves as an open invitation to mission creep. The availability of a dataset as rich as SLDS quickly turns it into the go-to data mart for authorized or unauthorized use by other institutions, organizations, and state agencies.
For example, earlier this year a California organization filed a lawsuit alleging that the state is failing to ensure districts provide services to all children who need them. The federal judge ruled in favor of the plaintiff and ordered the release of records for 10 million California students dating back to 2008 maintained in the state SLDS known as CALPADS. Highly sensitive information on every child in the state’s education system were to be made available to the plaintiff’s legal team including student “names, addresses, disciplinary records, grades, test scores, and even details such as pregnancy, addiction and criminal history.” Since the initial ruling in February, thousands of parents including the California PTA vehemently protested this unprecedented release. Because of the backlash, the judge has since modified her order allowing the plaintiff’s legal team to access and query the CALPADS data system rather than receive a full copy of the system. It’s worth noting that this disclosure of student information is authorized under current federal law, and as a result of the controversy the judge has since suggested modernizing FERPA.
Another example of the unintended yet currently allowable use of SLDS was the attempt by the New York State Education Department, without public input or comment, to declare that all data in the SLDS should be placed into the state archives for a hundred years or more with no clear restrictions on access. After parent advocates discovered this decision in an obscure memo and protested, the state is now reconsidering this decision, but such a reckless policy without strong citizen oversight should never be allowed. Should children of uniformed parents be any less protected?
Examples of authorized uses of SLDSs such as the California and New York cases are threat enough in their own right, but the high probability of breach or abuse should give advocates of maximal data collection in SLDS considerable pause. There are currently no specific security protections required for the collection and storage of this data unlike those required in HIPPA, for example, even though education records maintained by the SLDS often contain equally sensitive health information.
As Congress weighs competing interests in the student privacy debate, parents in our coalition urge you to always first think of the individual child. Allowing or incentivizing the government to track autonomous individuals through most of their lives in the name of research has speculative benefits at best and can instead lead to profiling, stereotyping and discrimination that can hinder a child’s potential for growth and success. We agree with both the testimony provided by National PTA and Microsoft to the House Subcommittee on Early Childhood, Elementary and Secondary Education in February 2015 that an individual owns his or her own data. Parents believe this to mean the right to decide with whom it will be shared and under what conditions.
Should Congress continue supporting the development and expansion of SLDS through federal grants, and as you contemplate student privacy as a legislative matter, please consider our coalition’s recommendations for the SLDS program as well as the use of personal student information by schools and districts:
Increased transparency: At minimum, SLDS unit record systems must be subject to the Privacy Act of 1974’s code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies. Optimally, parents must be told what student information is collected and by whom, how it is to be used and when it is to be destroyed, and to be notified in advance of any disclosure of personal student information to any persons, companies or organizations outside of the school or district.
In addition to increased transparency, parents also advocate for state Institutional Review Boards or IRBs to vet all uses of personal data, to question whether de-identified, anonymized or aggregated data could not be used in its stead, and to ensure that there are strict security standards and requirements for data destruction. We also urge that citizen oversight of the SLDS be required.
There should be no commercial uses of personal student information; or use for any marketing purposes should be banned.
Security protections: At minimum, there must be encryption of ALL personal data at motion and at rest, required training for all individuals with access to personal student data, audit logs, and security audits by an independent auditor.
Increased parent/student rights: Re-disclosures by vendors or any other third parties to additional individuals, sub-contractors, or organizations should be prohibited without parental notification and consent. Parents must be allowed to see any data collected directly from their child by a school or a vendor given access through the school, delete the data if it is in error or is nonessential to the child’s transcript, and opt out of further collection, unless that data is part of their child’s educational records at school. Any data-mining for purpose of creating student profiles, even for educational purposes, must be done with full parental knowledge. Parental consent must be required for disclosure for highly sensitive information such as their child’s disabilities, health and disciplinary information. We also urge that HIPPA be used as a model which requires individual notice and consent before personal health information can be used in research, with few exceptions.
Enforcement: Any federal student privacy law should specify fines if the school, district or third party violates the law, their contracts and/or privacy policies; with parents able to seek redress on behalf of their children as well.
Thank you again for the opportunity to participate in this hearing and for your consideration of my testimony.
See Benjamin Herold, inBloom to shut down amid growing privacy concerns, Education Week, Apr. 21, 2014 http://blogs.edweek.org/edweek/DigitalEducation/2014/04/inbloom_to_shut_down_amid_growing_data_privacy_concerns.html
 See U.S. Department of Education, Institute of Education Sciences, National Center for Education Statistics Statewide Longitudinal Data Systems Grant Program http://nces.ed.gov/programs/slds/stateinfo.asp
See Colorado Department of Education’s Statewide Longitudinal Data System “RISE” project https://www.cde.state.co.us/rise/connect
See Western Interstate Commission for Higher Education report Beyond Borders: Understanding the Development and Mobility of Human Capital in an Age of Data-Driven Accountability http://www.wiche.edu/info/longitudinalDataExchange/publications/MLDE_BeyondBorders.pdf
See U.S. Department of Education Family Education Rights and Privacy Act, Final Rule Dec. 2, 2011 https://www.gpo.gov/fdsys/pkg/FR-2011-12-02/pdf/2011-30683.pdf
See Elizabeth Weise, Calif. judge allows data release on 10M students, USA Today, Feb. 17, 2016 http://www.usatoday.com/story/tech/news/2016/02/16/morgan-hill-kimberly-mueller-california-public-schools-information-disabled-release-10-million/80472900/
See Sharon Noguchi, Judge backtracks on release of California student records, San Jose Mercury News, Mar. 4, 2016 http://www.mercurynews.com/bay-area-news/ci_29590794/judge-pulls-back-from-calif-student-records-release?source=infinite-up
 New York Archives, Records Disposition Request rec-3, dated 12/20/13
See Ms. Shannon Servier, National PTA, testimony before the U.S. House of Representatives Subcommittee on Early Childhood, Elementary and Secondary Education, Feb. 12, 2015 http://edworkforce.house.gov/uploadedfiles/sevier_testimony_final.pdf
See Ms. Allyson Knox, Microsoft, testimony before the U.S. House of Representatives Subcommittee on Early Childhood, Elementary and Secondary Education, Feb. 12, 2015 http://edworkforce.house.gov/uploadedfiles/knox_testimony_final.pdf
 The Privacy Act of 1974, 5 U.S.C. § 552a, establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies. The Privacy Act of 1974 requires each federal agency that maintains a system of records shall publish in the Federal Register upon establishment or revision a notice of the existence and character of the system of records, which notice shall include:
(A) the name and location of the system;
(B) the categories of individuals on whom records are maintained in the system;
(C) the categories of records maintained in the system;
(D) each routine use of the records contained in the system, including the categories of users and the purpose of such use;
(E) the policies and practices of the agency regarding storage, retrievability, access controls, retention, and disposal of the records;
(F) the title and business address of the agency official who is responsible for the system of records;
(G) the agency procedures whereby an individual can be notified at his request if the system of records contains a record pertaining to him;
(H) the agency procedures whereby an individual can be notified at his request how he can gain access to any record pertaining to him contained in the system of records, and how he can contest its content; and;
(I) the categories of sources of records in the system.
The U.S. Department of Education intends to create a new student database to house the personally identifiable information of 12,000 students, 500 teachers and 104 principals from 104 unidentified schools in 12 school districts across the country.
The information collected on students will include vast amounts of sensitive data including, but not limited to, standardized test scores, race/ethnicity, individual education plan status, and discipline records in order to facilitate “a rigorous study of the effectiveness of providing data-driven instruction professional development to teachers and principals.” The Department of Education is accepting public comments about its data-collection plans until February 18, 2016. There was an article about this plan in the Washington Post Answer Sheet last month, before the comment period was extended.
Please send in your comments and join the Parent Coalition for Student Privacy in telling the Department of Education that the federal government should never collect personally identifiable student information for any reason and that it should cease plans to develop this database at once. However, if the Department is intent on moving forward with this study, we believe it should be obligated to:
explain why aggregate information can’t be used instead of personally identifiable information;
specifically define the personally identifiable elements that will be collected and why each data element is needed;
notify parents of student who are involved in the study, or at least reveal which districts are participating, and report the names of any other third parties to whom the personally identifiable information will be disclosed;
demand that districts obtain informed consent from parents whose children are participating in the study;
demonstrate “significant improvement” in the four key areas identified as a result of a recent Congressional hearing on cybersecurity, or at least report what security protections will be used to safeguard the data;
disclose specifically when the data will be deleted or destroyed;
explain why the federal government has a need to collect or maintain any personally identifiable data when districts could provide it directly to the researchers for their analysis.
Feel free to simply copy our recommendations, add/subtract, or write your own, and submit themhere by Thursday, February 18th.
To view our full comments to the U.S. Department of Education, please visit here; and see the official notice here.
Thank you for your continued support to protect student privacy! —