Pearson Tells Stock Holders It’s Worried About Data Security
Pearson, who is by far the largest educational supply company in the world, filed their annual SEC Form 20-F report in March 2015 with an analysis of the potential risks and liabilities the company will face, as well as growth opportunities. The company states that their goal is to “help people make measurable progress in their lives through all kinds of learning.” They believe that “the real problem in education is not finding a great teacher or a really good school, but being able to replicate that excellence at scale.” Measurable is a key word in the previous statement which means they only focus on things which they have quantified, developed a test for and can collect data on, and they want to be able to do it on a massive scale. If Pearson can’t measure it, it may as well not exist.
The report has five priorities for the company for 2015. One of them is digital products.
New digital products — to further this work we will be launching new global products to meet the need for much better learning outcomes. They connect content with assessment and feedback. They use analytics and big data to personalize learning — making it a far more collaborative and effective experience for students and teachers.
All that big data collection by their digital products comes with a risk which they note in their report.
We operate in markets that are dependent on Information Technology (IT) systems and technological change.
All our businesses, to a greater or lesser extent, are dependent on information technology. We either provide software and/or internet services to our customers or we use complex IT systems and products to support our business activities, including customer-facing systems, back-office processing and infrastructure. We face several technological risks associated with software product development and service delivery, information technology security (including virus and cyber-attacks), e-commerce, enterprise resource planning system implementations and upgrades. Although plans and procedures are in place to reduce such risks, from time to time we have experienced verifiable attacks on our systems by unauthorized parties. To date such attacks have not resulted in any material damage to us, but our businesses could be adversely affected if our systems and infrastructure experience a significant failure or interruption.
That is the initial warning to investors. We may get hacked. But Pearson is not worried about the direct effect on their business from such an attack. It is the consumer fall out which is more troublesome, or more specifically their responsibilities when such data breaches do happen. Pearson is worried about legislation and regulation regarding data breaches and their impact the bottom line.
Failure to comply with data privacy regulations and standards or weakness in information security, including a failure to prevent or detect a malicious attack on our systems, could result in a major data privacy breach causing reputational damage to our brands and financial loss.
Across our businesses we hold large volumes of personal data including that of employees, customers, students and citizens. Despite our implementation of security measures, individuals may try to gain unauthorized access to our data in order to misappropriate such information for potentially fraudulent purposes. Any perceived or actual unauthorized disclosure of personally-identifiable information, whether through breach of our network by an unauthorized party, employee theft, misuse or error or otherwise, could harm our reputation, impair our ability to attract and retain our customers, or subject us to claims or litigation arising from damages suffered by individuals, and thereby harm our business and operating results. Failure to adequately protect personal data could lead to penalties, significant remediation costs, reputational damage, potential cancellation of some existing contracts and inability to compete for future business. In addition, we could incur significant costs in complying with the relevant laws and regulations regarding the unauthorized disclosure of personal information.
This last statement makes it pretty clear Pearson would like as few laws or regulations regarding their obligation to report data breaches as possible. Such reporting could be expensive.
Pearson collects data through multiple digital sources. These include their curriculum modules, but also their testing services like PARCC , NAEP and ACT Aspire.
For our School businesses, State funding pressures, the Federal sequester and the transition to Common Core assessments continued to make market conditions difficult. Revenues grew modestly in 2013 with declines in State assessment contracts and learning assessments more than offset by gains in national assessment contracts for the PARCC consortium (as defined below) and the federal government’s NAEP programme, (as defined below), as well as demand for Connections Education’s virtual charter schools and Common Core reading/language arts and math programmes…
ACT Aspire, a college and career readiness assessment aligned to the Common Core State Standards, successfully launched its first field test on the new TestNav 8 assessment system. ACT Aspire is a joint venture between Pearson and ACT, Inc. Alabama is the first state to adopt the ACT Aspire system for measuring the Common Core State Standards.
It could be hard for parents to avoid their child using a Pearson test somewhere along the line.
For a company who is concerned about the scalability of products, the benefit of a single set of standards used across multiple states who also are required to have standardized tests aligned with those standards is a boon beyond measure. Of course that upside is predicated on the belief that the actual product Pearson supplies is good at doing what it claims to do. That has not necessarily been the case (recall the Hare and the Pineapple passage.)
Bob Schaeffer, director of public education at FairTest, told Alternet.com, “Pearson has had a worse track record than anyone else, not just with computer-based testing but also dating back to its paper-and-pencil tests.” Because they haven’t actually delivered on their high quality promises, Pearson recently lost the contract for New York’s statewide exams. State membership in PARCC itself has been declining. Other companies like AIR and Questar are bringing competition to the testing market.
What all these companies will be able to provide, at the end of the day, is a number that says something, but not everything, about your child. They will be able to provide lots of reports about how a child did on a particular item or skill set compared to other children. If you don’t care about that skill set, then the report will have little meaning for you as a parent. If you the teacher already knew what that child could or couldn’t do, the report will have little meaning for you. Lots and lots of data that is not terribly useful to the end users. Mostly the reports will be able to provide cover for districts to prove that they are teaching what they are supposed to. Value is apparently in the eye of the shareholder.