Here’s an important piece on the issue by Leonie Haimson and Cheri Kiesecker. Haimson was a leading advocate against the inBloom project who then, along with Rachael Stickland, created the Parent Coalition for Student Privacy, a national alliance of parents and advocates defending the rights of parents and students to protect their data. Kiesecker is a member of the coalition.
By Leonie Haimson and Cheri Kiesecker
Remember that ominous threat from your childhood, “This will go down on your permanent record?” Well, your children’s permanent record is a whole lot bigger today and it may be permanent. Information about your children’s behavior and nearly everything else that a school or state agency knows about them is being tracked, profiled and potentially shared.
During a February 2015 congressional hearing on “How Emerging Technology Affects Student Privacy,” Rep. Glenn Grothman of Wisconsin asked the panel to “provide a summary of all the information collected by the time a student reaches graduate school.” Joel Reidenberg, director of the Center on Law & Information Policy at Fordham Law School, responded:
“Just think George Orwell, and take it to the nth degree. We’re in an environment of surveillance, essentially. It will be an extraordinarily rich data set of your life.”
Most student data is gathered at school via multiple routes; either through children’s online usage or information provided by parents, teachers or other school staff. A student’s education record generally includes demographic information, including race, ethnicity, and income level; discipline records, grades and test scores, disabilities and Individual Education Plans (IEPs), mental health and medical history, counseling records and much more.
Under the federal Family Educational Rights and Privacy Act (FERPA), medical and counseling records that are included in your child’s education records are unprotected by HIPAA (the Health Insurance Portability and Accountability Act passed by Congress in 1996). Thus, very sensitive mental and physical health information can be shared outside of the school without parent consent.
Many parents first became aware of how widely their children’s personal data is being shared with third parties of all sorts when the controversy erupted over inBloom in 2012, the $100 million corporation funded by the Gates Foundation. Because of intense parent opposition, inBloom closed its doors in 2014, but in the process, parents discovered that inBloom was only the tip of the iceberg, and that the federal government and the Gates Foundation have been assisting the goal of amassing and disclosing personal student data in many other ways.
Ten organizations joined together, funded by the Gates Foundation, to create the Data Quality Campaign in 2005, with the following objectives:
- Fully develop high-quality longitudinal data systems in every state by 2009;
- Increase understanding and promote the valuable uses of longitudinal and financial data to improve student achievement; and
- Promote, develop, and use common data standards and efficient data transfer and exchange.
Since that time, the federal government has mandated that every state collect personal student information in the form of longitudinal databases, called Student Longitudinal Data Systems or SLDS, in which the personal information for each child is compiled and tracked from birth or preschool onwards, including medical information, survey data, and data from many state agencies such as the criminal justice system, child services, and health departments.
A state’s SLDS, or sometimes called a P20 database (pre-K to 20 years of age), P12, or B-20 (data tracking from birth), have been paid for partly through federal grants awarded in five rounds of funding from 2005-2012. Forty-seven of 50 states, as well as the District of Columbia, Puerto Rico, and the Virgin Islands, have received at least one SLDS grant.
Although Alabama, Wyoming and New Mexico are not included on the site linked to above, Alabama’s governor recently declared by executive order that “Alabama P-20W Longitudinal Data System is hereby created to match information about students from early learning through postsecondary education and into employment.” Wyoming uses a data dictionary, Fusion, that includes information from birth. New Mexico’s technology plan shows that they moved their P-20 SLDS to production status in 2014 and will expand in 2015. This site run by the Data Quality Campaign tracks each state’s SLDS.
Every SLDS has a data dictionary filled with hundreds of common data elements, so that students can be tracked from birth or pre-school through college and beyond, and their data more easily shared with vendors, other governmental agencies, across states, and with organizations or individuals engaged in education-related “research” or evaluation — all without parental knowledge or consent,.
Every SLDS uses the same code to define the data, aligned with the federal CEDS, or Common Education Data Standards, a collaborative effort run by the US Department of Education, “to develop voluntary, common data standards for a key set of education data elements to streamline the exchange, comparison, and understanding of data within and across P-20W institutions and sectors.”
Every few months, more data elements are “defined” and added to the CEDS, so that more information about a child’s life can be easily collected, stored, shared across agencies, and disclosed to third parties. You can check out the CEDS database yourself, including data points recently added, or enter the various terms like “disability,” “homeless” or “income” in the search bar.
In relation to discipline, for example, CEDS includes information concerning student detentions, letters of apology, demerits, warnings, counseling, suspension and expulsion records, whether the student was involved in an incident that involved weapons, whether he or she was arrested, whether there was a court hearing and what the judicial outcome and punishment was, including incarceration.
This type of information is obviously very sensitive and prejudicial, and often in juvenile court, records are kept sealed or destroyed after a certain period of time, especially if the child is found innocent or there is no additional offense; yet all this information can now be entered into his or her longitudinal record with no particular restriction on access and no time certain when the data would be destroyed.
Expanding and Linking Data across States
Nearly every state recently applied for a new federal grant to expand its existing student longitudinal data system, including collection, linking and sharing abilities. You can see the federal request for proposals. Pay special attention to Section V, the Data Use section of the grant proposal, requiring states to collect and share early childhood data, match students and teachers for the purpose of teacher evaluation, and promote inter-operability across institutions, agencies, and states.
The 15 states and one territory, American Samoa, that won the grants were announced Sept. 17, 2015, and are posted here. President Obama’s 2016 budget request has a number of additional data related provisions, including a near tripling in funding for State Longitudinal Data Systems ($70 million) and Department of Labor Workforce Data Quality Initiative ($37 million) aimed at attaching adult workforce personal data with his or her student records.
Though the federal government is barred by law from creating a national student database, the U.S. Department of Education has evaded this restriction by means of several strategies, including funding multi-state databases, which would have been illegal before FERPA’s regulations and guidance were rewritten by the Department in 2012.
The federal grants encourage participation in these multi-state data exchanges. One existing multi-state database is WICHE, the Western Interstate Commission for Higher Education, which includes the 15 Western states that recently received an additional $3 million from the federal government. This WICHE document explains that the project was originally funded by the Gates Foundation, and that the foundation’s goal of sharing personal student data across state lines and across state agencies without parental consent was impermissible under FERPA until it was weakened in 2012:
Upon approval of WICHE’s proposal by the Gates Foundation, the pilot MLDE (Multistate Longitudinal Data Exchange) project began in earnest in June, 2010, and the initial meeting to begin constructing the MLDE was held in Portland, Oregon, in October, 2010. It is worth placing the launch of the MLDE pilot within an historical timeline of events bearing on the development and use of longitudinal data. As the project got underway, the federal government’s guidance on the application of the Family Educational Rights and Privacy Act (FERPA) was still fairly restrictive. Indeed, based on a subsequent conversation with a member of the Washington State Attorney General’s office, our plans to actually exchange personally identifiable data among the states would be impermissible under the FERPA guidance in effect at that time. Though we were told we would have been able to assemble and use a de-identified dataset, which would have shown much of the value of combining data across states, not being able to give enhanced data back to participating states would have been a serious setback. Changes in the federal government’s guidance on FERPA that went into effect in January, 2012 resolved this problem.The new guidance permitted the participating states to designate WICHE as an authorized representative for the purposes of assembling the combined data, while also allowing the disclosure of data across state lines and between state agencies.
Since 2010, the Gates Foundation has funded WICHE with more than $13 million. Just to underscore how powerful this organization has become, Colorado Lieutenant Governor Joe Garcia just stepped down from his post to head WICHE. Here is a helpful chart showing how student personal data is to be shared, among state agencies and across state lines.
Existing multi-state databases include not just WICHE, but also SEED, formerly Southeastern Education Data Exchange, now called the State Exchange of Education Data, including Alabama, Colorado, Florida, Georgia, Kentucky, North Carolina, Oklahoma, and South Carolina.
This North Carolina PowerPoint from 2013 describes what detailed information is to be shared among the states participating in SEED: data aligned with CEDS, including demographic information, academic and test score data, and disciplinary records. Here is a Georgia document, explaining how SEED will be “CEDs compliant” and describes in even more detail the sort of information that will be exchanged.
What Parents Can Do
Ask your State Education Department if they applied for this new grant to expand their SLDS, and if so, ask to see the grant proposal. You can also make a Freedom of Information request to the U.S. Department of Education to see the grant application. Ask what methods your state is using to protect the data that the SLDS already holds, and if the data is kept encrypted, at rest and in transit. Ask what categories of children’s data they are collecting, which agencies are contributing to it, and what third parties, including vendors and other states, may have gained access to it. Ask to see any inter-agency agreements or MOUs allowing the sharing education data with other state agencies. Ask if any governance or advisory body made up of citizen stakeholders exists to oversee its policies.
You should also demand to see the specific data the SLDS holds for your own child, and to challenge it if it’s incorrect – and the state cannot legally deny you this right nor charge you for this information under FERPA.
This was conclusively decided when a father named John Eppolito requested that the Nevada Department of Education provide him with a copy of his children’s SLDS records, and the state demanded $10,000 in exchange. He then filed a complaint with the US Department of Education, which responded with a letter on July 28, 2014, stating that the state must provide him with the data it holds for his child, as well as a record of every third party who has received it; and that they cannot charge a fee for this service.
Parents also have the right to correct their child’s data if it is in error. Apparently Mr. Eppolito found many errors in his children’s data. Even if it is accurate, the data that follows your child through life and across states could diminish his or her future prospects. As this Department of Education study points out,
“…imagine a student transferring from another district into a middle school that offers three levels of mathematics classes. If school staff associate irrelevant personal features with mathematics difficulties, the representativeness bias could influence the student’s placement… educators have been found to have a tendency to pay more attention to data and evidence that conform to what they expect to find.”
Schools could use this data to reject students, push them out, or relegate them to remedial classes or vocational tracks.
There is also abundant research that shows that a teacher’s expectations play a significant role in how a student performs – especially for marginalized groups. This is called the Pygmalion effect in the case of a teacher’s positive expectations, and the Golem effect in the case of negative expectations. These studies reveal that if teachers are provided with positive or negative information about their students before having a chance to form their own opinions based upon actual experience, this prior information often tends to bias their judgments and perceptions of that student, creating self-fulfilling prophecies. Parents should be legitimately fearful that positive or negative data may be used to profile their children, and potentially damage their chance of success.
What Else Can You Do?
If you send your children to a public school, under current federal law you have no way of opting out of the P20 profile that has been created by your state and potentially shared with others. You also have no right to refuse to have your child’s data disclosed to testing companies and other corporations in the name of evaluation and research. Researchers have legitimate interests in being able to analyze and evaluate educational programs, but any sensitive personal data should be properly de-identified and there must be strict security provisions to safeguard its access and restrict further disclosures, as well as a time certain when it will be destroyed. You do have the right to see that data, and challenge it if it is inaccurate.
You should also advocate for stronger state and federal laws to protect your child’s data and laws that give parents and students the right of ownership, including the ability to decide with whom it will be shared. You should urge your state Education Department to create advisory or governance boards that include stakeholder members, to provide input on restrictions on access and security requirements.
Any federal and state student privacy legislation should embrace five basic principles of student privacy, transparency and security, developed by the Parent Coalition for Student Privacy. Ask your elected officials to support TRUE data privacy and transparency legislation, to protect children. Parents deserve to know the data collected and shared about their children, and they should be guaranteed that their children’s data is safe from breaches and misuse.