Data de-identification is such a drag. Expert says, “Just don’t do it”
You don’t have to de-identify student data, says a nationally recognized expert and consultant to EdFacts, and former advisor to U. S. Department of Education.
De-identification means removing things like names, social security number, birthdate, pictures or video, address, student ID, anything that could possibly identify someone. This experts says no need to remove any of this information-just share it. “Every action we take to de-identify a data element in our records creates an equal and opposite reaction against our capability to analyze and report from our database. …Therefore, deleting a single data element from a database can in reality disable untold combinations and permutations of relationships and causalities available to a researcher to explore. …Do it at the least disturbed level.” “De-identification. Better yet, don’t do it.”
These are the words of ESP President and CEO, Dr. Glynn Ligon. You can read his full post here. He goes on to explain that you can share data without de-identifying as long as you just “authorize users for approved purposes”. Does that sound familiar? It should. It exemplifies how and why FERPA, the Federal student privacy law, was weakened in 2011. (We’ll get back to FERPA and how it was changed later.)
Dr. Ligon should know; he is an expert in the education data field. You can read all about his credentials and his ESP Solutions Group and their predictions for the future: Data Driven Decision Making 2016 – ESP Solutions Group. MEW wrote about this report in 2014 and did an updated report here. ESP also hosts a Pre-kindergarten through workforce website called the P20W Forum and busy as bees, the ESP and Dr. Ligon also operate ES3, a team that offers solutions and risk avoidance for EdFacts. (Edfacts is a U. S. Department of Education initiative that centralizes data supplied by K-12 state education agencies with other data assets…to enable better analysis and use in policy development, planning and management.) “After ESP had built and managed EDFacts solutions for a half a dozen states, it was clear that a shared solution was possible, even necessary to achieve a reasonable level of efficiency—and risk avoidance. Here’s the team of experts that designed and now manages that EDFacts Shared State Solution, ES3.
So, in advocating for sharing personally identifiable information student information, did this expert just let the cat out of the bag?
Yes. FERPA allows for sharing pii (personally identifiable information) or to paraphrase Dr. Ligon: de-identification: “just don’t do it” because under FERPA, you don’t have to.
So next time you hear someone say they are FERPA compliant, you know the secret.
That means as long as they (not you the parent or student) authorize someone (anyone: bus driver, volunteer, Pearson) to see the data, for their approved purpose, they can share your child’s pii data. They don’t have to tell you. (Those authorized users can be companies, colleges, state and federal agencies, and they can be authorized to do research on and see anything in your child’s education record, including medical, mental health, income, IEP and disability status, etc.)
In honor of National Data Privacy Day January 28th, please stay tuned for tomorrow’s special post that will be dedicated to weakened FERPA: the data sharing law. You will want to read this because the who, the why, the how, and the quotes are shocking.