Five principles to protect student data privacy

The Parent Coalition for Student Privacy believes that the following five principles should be incorporated in any law or policy regarding the protection of personal student data in grades preK-12.  After   students reach age 18,  all these rights, including those related to notification and consent,  should devolve to them:

  • Transparency: Parents must be notified by their children’s school or district in advance of any disclosure of personal student information to any persons, companies or organizations outside of the school or district.

All disclosures to third parties should also require publicly available contracts and privacy policies that specify  what types of data are to be disclosed for what purposes, and provide a date certain when the data will be destroyed.

  •  No commercial uses: Selling of personal student data and;or use for marketing purposes should be banned.  NO advertising should be allowed on instructional software or websites assigned to students by their schools, since ads are a distraction from learning and serve no legitimate educational purpose.

While some of the current bills ban “targeted” ads, others ban targeted ads except for those derived from a student’s one- time internet use.   But how can any parent know whether an ad displayed to their children was based on data-mining their child a single time or over a longer period?

  •  Security protections:  At minimum, there must be encryption of personal data at motion and at rest, required training for all individuals with access to personal student data, audit logs, and security audits by an independent auditor.   Passwords should be protected in the same manner as all other personal student information.

There must be notification to parents of all breaches, and indemnification of the same.

No “anonymized” or “de-identified” student information should be disclosed without verifiable safeguards to ensure data cannot be easily re-identified.

  •  Parental/ student rights: NO re-disclosures by vendors or any other third parties to additional individuals, sub-contractors, or organizations should be allowed without parental notification and consent (or students, if they are 18 or older).

Parents must be allowed to see any data collected directly from their child by a school or a vendor given access through the school, delete the data if it is in error or is nonessential to the child’s transcript, and opt out of further collection, unless that data is part of their child’s educational records at school.

Any data-mining for purpose of creating student profiles, even for educational purposes, must be done with full parental knowledge.

Parental consent must be required for disclosure of personal data, especially for highly sensitive information such as their child’s disabilities, health and disciplinary information.

  •  Enforcement :  The law should specify fines if the school, district or third party violates the law, their contracts and/or privacy policies; with parents able to sue on behalf of their children’s rights as well.

Without strong enforcement provisions, any law or policy protecting student privacy is likely to be ignored.

Barmak Nassirian: Is the Student Right to Know Bill Worth the Risk to Privacy?

Here are Barmak Nassirian’s views of the bill recently re-introduced in the House and the Senate, Student Right to Know Before You Go Act, which would authorize the creation of a federal database of all college students, complete with their personally identifiable information, tracking them through college and into the workforce, including their earnings, Social Security numbers, and more.  The ostensible purpose of the bill?  To  provide better consumer information to parents and students so they can make “smart higher education investments.”

The Parent Coalition for Student Privacy opposes this bill, and believes that allowing the federal government to collect the personal data of all college students with no provision for consent or opt out is unacceptable – and would create huge risks to their privacy and safety. This is especially true given the recent revelations of the massive breach of the personal information of millions of federal employees, and the sensitive information of other individuals as well, referenced in their security clearances. We are especially disappointed that Sen. Ron Wyden, a strong privacy advocate, is a co-sponsor of this bill.

Barmak’s comments were originally posted in response to an article in US News and World Report by Kevin James and Andrew Kelly of the American Enterprise Institute.

by Barmak Nassirian

The authors are thoughtful higher education analysts, whose interest in more comprehensive and more granular data is certainly understandable. Unfortunately, the slam-dunk case they attempt to make on behalf of a national, student-level educational/employment data system fails to acknowledge, let alone address, some of the most basic questions about the wisdom of building such a system.

First, let’s be clear that the data in question would be personally identifiable information of every student (regardless of whether they seek or obtain any benefits from the government), that these data would be collected without the individual’s consent or knowledge, that each individual’s educational data would be linked to income data collected for unrelated purposes, and that the highly personal information residing for the first time in the same data-system would be tracked and updated over time.

Second, the open-ended justification for the collection and maintenance of the data (“better consumer information”) strongly suggests that the data systems in question would have very long, if not permanent, record-retention policies. They, in other words, would effectively become life-long dossiers on individuals.

Third, the amorphous rationale for matching collegiate and employment data would predictably spread and justify the concatenation of other “related” data into individuals’ longitudinal records. The giant sucking sound we would hear could be the sound of personally identifiable data from individuals’ K12, juvenile justice, military service, incarceration, and health records being pulled into their national dossiers.

Fourth, the lack of explicit intentionality as to the compelling governmental interest that would justify such a surveillance system is an open invitation for mission creep. The availability of a dataset as rich as even the most basic version of the system in question would quickly turn it into the go-to data mart for other federal and state agencies, and result in currently unthinkable uses that would never have been authorized if proposed as allowable disclosures in the first place.

Fifth, while the numerous authorized uses of the data system are scary enough in their own right, the high probability of unauthorized access should give advocates some pause. The individually identifiable life-information that would be neatly organized in the system, if/when compromised, would give away the entire identity of every former student, with data elements that go far beyond the terrifying data breaches we know about.

Finally, given all of the above, shouldn’t we ponder whether there are other ways of addressing the one argument for the data system–i.e., better information about outcomes–through less intrusive mechanisms? As the authors point out, proxies for exact knowledge of outcomes are already at hand, and may be tweaked to produce better information.

Tracking autonomous free individuals through most of their lives in the name of better information for the benefit of others may be justifiable, but its extremism should at the very least be acknowledged and addressed. Unfortunately, the legislation in question (and this defense of that legislation) fails to do either.

The thought that the proposed system doesn’t pose new privacy risks is quite astonishing. I seriously doubt that a much less intrusive data system, such as placing a transponder in every car to generate better transportation data, would be met with much enthusiasm at AEI, despite the fact that driving is privilege not a right, and that cars are already required to register with the government to drive on public roads.

Leonie Haimson & Rachael Stickland discuss student privacy at NPE’s second annual conference in Chicago

The Network for Public Education hosted its second annual conference in Chicago on April 25-26, 2015. It was an awesome opportunity for education advocates from across the country to gather and learn from one another to save our schools. Parent Coalition for Student Privacy Co-chairs Leonie Haimson and Rachael Stickland were honored to sit on a panel titled “Perils of Ed Tech: Student Privacy and Corruption” along with Cynthia Liu and student Nathan Ringo. Please see below to view the panel discussion and to access Leonie and Rachael’s powerpoint presentations. Thanks to everyone who joined us in Chicago!

Network for Public Education National Conference: Perils of Ed Tech from Schoolhouse Live on Vimeo.


SB 187A Oregon Student Privacy Bill Testimony by Lisa Shultz

In September 2014, California passed “landmark” student privacy legislation known as SOPIPA (Student Online Personal Information Protection Act). At least 15 states have attempted to pass similar legislation this year, including Oregon. Lisa Shultz, an education advocate and member of the Parent Coalition for Student Privacy, addressed members of the Oregon House Education Committee to express her concern over proposed amendments that would significantly weaken the bill. Similar amendments were added to bills in Colorado, Maryland and Connecticut by lobbyists representing Google, Microsoft, K12 Online Inc. and others. Please read Lisa’s testimony:


Testimony in Opposition to SB 187A

Lisa A. Shultz, M.S.E.E.

18 May 2015

Dear Chair Doherty and Members of the House Education Committee:

I am writing today in opposition to SB 187A.  Please note that I had earlier submitted testimony in support of SB187-1.  However, the bill that was passed by the Senate, with little to no discussion, was the -3 amendment that significantly changes the bill and undermines the good intentions of the bill to safeguard the online privacy protections of Oregon’s students.

A glaring example of these changes is the language in the bill that initially “prohibited the service provider from disclosing any covered information provided by the operator to subsequent third parties (period)”.  SB 187A adds the troubling “except in furtherance of kindergarten through grade 12 purposes of the site, service or application or for a purpose permitted by subsection…”  while also expanding the definition of ‘kindergarten through grade 12 purposes’ and ‘operator’.  These changes effectively remove downstream restrictions and subsequent re-disclosure.

I hope that you will review the testimony submitted by James Steyer, CEO of Common Sense Media submitted on April 14, 2015.  Mr. Steyer had previously written in support of the -1 amendment and withdrew his support with the -3 amendment.   His testimony is an excellent summary of the changes and their effects that “create new loopholes and weaken OSIPA’s protections for students.”

Other states similar to Oregon that are trying to copy the California bill ,(e.g. Colorado, Connecticut, Maryland), see a similar watering down of the protections provided by California’s SB 1177 as a result of industry lobbying.  I remind you that children do not have lobbyists. I urge this Committee to act on their behalf by either restoring the protections of the -1 amendment, or rejecting this bill and working to create legislation that will restore the intent to provide the same protections granted to California’s students as a result of passage of their landmark legislation.


Lisa Shultz



Press Release: Messer/Polis Privacy Bill Still Inadequate to Protect Children from Commercial Exploitation and Data Breaches

For immediate release: April 29, 2015

Contact: Rachael Stickland, 303-204-1272,

Leonie Haimson, 917-435-9329,

Messer/Polis Privacy Bill Still Inadequate to Protect Children from Commercial Exploitation and Data Breaches

The student privacy bill just introduced by Representatives Messer and Polis is an improvement from their previous draft, but still has many loopholes that make it inadequate to address many parental concerns about their children’s privacy and safety.

Leonie Haimson, co-chair of the Parent Coalition for Student Privacy said, “The bill still doesn’t require any parental notification or consent before schools share personal data with third parties.  It wouldn’t stop the surveillance of students, or the collection of huge amounts of highly sensitive student information by third parties, as inBloom was designed to do.”

“The bill still allows targeting ads to kids –as long as the ads are “contextual” or selected based on information gathered via student’s single online session. We strongly believe that there should be no advertising allowed in instructional programs assigned to students at school, as ads do not aid learning but is a huge distraction to kids. Moreover, how can a parent know if their child is subjected to an ad, whether it is based on data-mining during one session or over time?”

Rachael Stickland, Colorado co-chair of the Parent Coalition said: “We’re pleased to see some of our recommendations reflected in this draft, including enhanced transparency and some limitations on re-disclosures. This bill allows parents to delete personal information from the data collected from their children, but it doesn’t require that parents be informed by either the vendor or the school that this data is being disclosed, collected and data-mined, so how would parents know to ask to delete it? It also allows vendors to data-mine personal information to improve their products or create profiles that could severely limit student’s success by stereotyping them and limiting their opportunities.”

Other remaining weaknesses of the bill:

  • There are NO specific security protections outlined in the bill, only that procedures should be “reasonable.” We believe that any vendor collecting and using sensitive student personal information should be required to employ data encryption, undergo regular security audits, and other important measures to protect against damaging breaches.
  • Vendors would not have to inform parents or even school officials of data breaches unless they deem this “appropriate” without defining when that would be required, and there are no specific amounts required for fines.
  • Vendors could transfer the personal student data to another company if there is a merger or acquisition.
  • Vendors would be able to re-disclose students’ personal information to an unlimited number of unspecified service providers, without the knowledge or consent of schools or parents
  • Vendors would be allowed to disclose de-identified and aggregate data, while using “reasonable” methods to ensure that the data could not be re-identified. This again is inadequate protection, given how easy it has become to re-identify personal information with current methods and widely available data sets.
  • The bill’s protections would not apply to children in preschool and “K-12 Purposes” is only vaguely defined.
  • Vendors could use student information for many commercial purposes including “maintaining, developing, supporting, improving, or diagnosing the operator’s school service.”

Rachael Stickland concludes: “This bill is clearly a step in the right direction but it needs to be further improved if it is going to protect our children from commercial exploitation and devastating breaches. Our children’s privacy and safety is invaluable and should not be put at risk by being handed off carelessly for profit or for gain.”