If you watched the March 23 Congressional Hearing on Strengthening Education Research and Privacy Protections to Better Serve Students –you heard one parent ask for transparency on how student data is collected, shared and used. You also heard many extolling the need for student data–both Congressmen and a panel of chosen research experts stated that it was not a parent’s right to opt out of data collection (one panel expert said that by registering your child in a public school, you are agreeing to have your child’s data collected) and all were very concerned about the effects opt out has on data.
During the hearing, you also heard one Congressman say parents don’t understand existing privacy laws, yet want more laws, you heard experts on the panel (excluding the parent) say things like SLDS student data collection somehow correlated to higher graduation rates, and parents love the SLDSdata system, and one researcher on the panel claimed she literally has the data of millions of students and SLDS is a “goldmine“. Interestingly, all researchers on the panel were emphatic, and stated multiple times, they do not have access to, do not receive, NEVER get, do not want pii, (personally identifiable information).
According to the expert Congressional panel (who were under oath), the information that researchers get is de-identified and/or aggregate. If this statement is true, which we cannot verify, then states and Congress, in an effort to quell opt out and to gain parents’ trust in the SLDS data base, should put this into law: researchers should have access to properly de-identified and aggregate data and researchers, auditors, community partners cannot have access to student personally identifiable information, without parental consent.
LAW allows you to see who has requested your child’s data.
Luckily for parents, there is an existing code requiring education providers to keep very detailed records of data requests and disclosures and they must provide that information to parents.
Use this template letter, send to each education provider to see who has been given access to your child’s pii. This is QUICK and EASY and what you find out will likely be very interesting.
Per this Federal Code, Schools, Districts, State Department of Education must keep a record of every request and every disclosure, (third party re-disclosure) of a student’s personally identifiable information (pii). They must make this record available to parents, including NAME of party requesting and the purpose (legitimate interest) of the data request.
Speaking of data transparency, USDOE is all about the data
Shortly following yesterday’s Congressional Hearing, The Future of Privacy Forum, an edtech corporate funded think tank published this 28 page report on the benefits of using de-identified student data. Even more impressive and equally as timely (and oxymoronic) is the U.S. Department of Education’s newData Sharing Tool Kitfor Communities: How to Leverage Community relationships while protecting student privacy:
To give you a flavor of what’s in this 22 page guide:
page 5: Is data sharing legal?
Yes, Several myths and misinterpretations of privacy laws and regulations keep LEAs from participating in permissible data-sharing activities that have the potential to improve both life and academic outcomes for students.
page 15:May the state board of higher education use the studies exception? Yes, FERPA permits a state educational authority, such as a state board of higher education that has the legal authority to enter into agreements for, or on behalf of, constituent institutions, to re-disclose PII from education records to an organization under the studies exception to conduct a study to improve instruction. It is the responsibility of the state educational authority to ensure that the written agreement specifies the purpose, scope, and duration of the study, as well as the PII to be disclosed. The state educational authority also must ensure the organization uses PII from education records only to meet the purpose of the study; conducts the study in a manner that does not permit identification of parents and students by anyone other than representatives of the organization with legitimate interests; and destroys all PII when it is no longer needed for the purpose for which the study was conducted.
FERPA allows a local or state educational authority to designate a community partner as its authorized representative and disclose PII from education records using the audit/evaluation exception. Records can be provided for two reasons: (1) to audit or evaluate a federal or state-supported education program, or (2) to enforce or comply with federal legal requirements that relate to those education programs.
CouldCommunity Partners be groups like ….Stand for Children, Colorado Education Initiative/Legacy Foundation, Children’s Campaign, Colorado Succeeds, America Succeeds, Chamber of Commerce? You know the Special groups with Special Interests and funding geared toward education reform in your state; ASK if these community partners have access to your child’s data. If they have access to pii, there must be a record of it; if the group gets de-identified data, the school (or District or State Dept. of Ed) in the spirit of transparency, should still tell you what data has been shared. ASK.