There Is No Protection For Student Data
“The control of information is something the elite always does, particularly in a despotic form of government. Information, knowledge, is power. If you can control information, you can control people.” – Tom Clancy
Electronic information certainly hurt Missouri Republicans this week. We all got to see how dangerous and powerful digitized information is and how little control over it we have once it is digitized. And though Clancy’s quote above refers to powerful governments, in today’s world the line between business and government has become extremely blurred. The Supreme Court ruled that NSA collection of private phone information violated the constitution. But phone companies’ collection of that data as part of their normal course of business was not questioned. All the NSA will have to do is subpoena that information from the phone companies if they have probable cause to investigate those records. In fact, they don’t even need to have the subpoena. Companies like Google regularly turn over data without being legally required to. Government now has an incentive to make sure that private companies hold on to data for longer periods, too.
ConnectEDU had amassed, in its college- and career-ready technology platform for students from middle school through college, millions of data records. The company filed for bankruptcy this year. Of course, in bankruptcy, part of the process is to liquidate assets to satisfy debt. Those data records were a tremendous asset. As Silicon Valley is likely to say, “If the software is free, you are the product.” Not that ConnectEDU’s products were free, unlike Google’s education apps, but the greater value to many of these companies is the data that those products can collect from users. What happened in the bankruptcy case was the sale of that data to two other companies, a sale which violated ConnectEDU’s own privacy policies and ignored federal warnings.
Sadly for the millions of students and their families who potentially had their student’s test scores, grade point average, learning disability, email and home addresses, phone number, date of birth and more collected by ConnectEDU, none of the FTC recommendations were acted on because, by that time, there were no ConnectEDU employees to do the work. The data were sold to both Academic Management Systems Inc. and Graduation Alliance.
ConnectEDU’s bankruptcy is not a fringe event for education suppliers. “Many ed-tech companies today are small startups, collecting lots of data. Many of them are not going to succeed. What’s the protection when these companies go bankrupt?” said Joel R. Reidenberg, a law professor at Fordham and Princeton universities.
The Software and Information Industry Association thinks the solution lies in their public pledge to protect student privacy. This pledge made its way to Missouri via SB546 (Schaefer-R) and had many issues that the Missouri Coalition Against Common Core brought to the sponsor’s attention. The bill was not passed this session. SIIA says their pledge is enforceable by the FTC since it is a public pledge. But given what happened with ConnectEDU, one has to wonder whether that promise really means anything.
James P. Steyer, CEO and founder of Common Sense Media, a San Francisco-based nonprofit that advocates for safe technology use for children said, “You cannot always leave it up to the industry to do the right thing or even stand by their own privacy policies,” You might remember them from their “Day In The Life of A Data Mined Kid” which they put out in September of last year. According to SIIA, sales of educational technology software for kids in kindergarten through high school reached nearly $8 billion last year. Knewton is one of the biggest companies collecting this data. They are supposed to have “five orders of magnitude more data on you than Google.” That data weighs heavily on Knewton’s asset sheets. Most companies cannot afford to leave large assets untouched, especially when those assets can be used to provide more income. It is common business practice to sell data, in various forms. Sometimes this side of the business can provide more income than the main product of the business.
“Parents are right to feel betrayed when schools collect and release information about their kids. This is real, sensitive information – and it doesn’t belong to some bureaucrat in Washington D.C.,” Vitter said. “We need to make sure that parents and students have complete control over their own information.”
• Reinstate protections originally outlined under the Family Educational Rights and Privacy Act (FERPA) by clarifying who can access student data and what information is accessible.
• Require educational agencies to gain prior consent from students or parents and implement measures to ensure records remain private. Any educational agency, school, or third party that fails to get consent will be held liable through monetary fines.
• Extend FERPA’s protections to ensure records of homeschooled students are treated equally.
• Prohibit educational agencies, schools, and the Secretary of Education from including personally identifiable information obtained from federal or state agencies through data matches in student data.
Read more here
- Rolling back the disastrous extra-congressional regulatory changes that vastly expanded access of third parties to our children’s personally identifiable data, now limiting that access and requiring parental consent in all cases
Holding educational agencies, schools, and third parties liable for violations of the law through monetary fines, damages, and court costs
- Prohibiting psychological or attitudinal profiling of students or gathering of sensitive family information via any assessments, including academic assessments or surveys
Extending data protections for homeschooled students required to submit educational data to public school districts
- Prohibiting educational agencies, schools, and the Secretary of Education from including personally identifiable information obtained from Federal or State agencies through data matches in student data.
Banning Federal education funds to states or districts that film, record, or monitor students or teachers in the classroom or remotely without parent or adult student and teacher consent.
We strongly urge the senators of our respective states to co-sponsor this critically important piece of legislation and our congressional representatives to author and co-sponsor this bill in the US House.