Tuesday, September 11, 2012

Federal education plan puts students' personal data and family privacy at risk

By J.R. Wilson


When enrolling or filling out forms during the school year, parents give schools personal information about themselves and their child. A school employee enters the information into the school office computer. No thought is given to this since computers are a good way to store, organize and manage data. Most parents don’t realize the data don’t stay in the school office computer. The computer is networked and shares data with other computers. This information, or data, once it is entered, becomes a part of a district or multi-district database that is uploaded to a state longitudinal data system at least once a month.

Are parents informed this is happening with personal information they provide? Are parents asked permission or consent for their information to become part of a database beyond the confines and use of the brick and mortar school? Should parents be made aware of this practice? Should they be required to give consent?

State Longitudinal Data Systems, Purposes, and Prohibition

The state longitudinal data systems are for preschool through grade 12 education and post secondary education or P-16. Basically, states are collecting data on all preschool through grade 16 individuals. It is interesting to note for the purposes of data collection, the “P” for preschool means birth to school. They want to collect data from the time of birth through an individual’s career.

Federal legislation calls for the collection of data to include:
  • gender,
  • ethnic or racial groups,
  • limited English proficiency status,
  • migrant students,
  • disabilities,
  • economically disadvantaged,
  • assessment results,
  • demographics,
  • student-level enrollment,
  • program participation,
  • courses completed,
  • student transcript information,
  • transfers, teachers,
  • family income.
Will state longitudinal data systems collect data beyond what is called for in legislation? What is the purpose of the data collection? How will it be used? What will be next? Collecting prenatal data? The pre-conception-gleam-in-the-eye data? In addition to the state longitudinal data systems containing far more information on students, parents, and teachers than necessary for educational purposes, I believe the system will eventually include information on all taxpayers, with or without kids, so they may be held adequately accountable for how others spend their hard-earned tax dollars.

There has been a push for state longitudinal data systems for many years. As early as 1965, the initial Elementary & Secondary Education Act (ESEA) mentions providing support for collecting and storing data and using automated data systems. Federal legislation and programs encourage or require data collection systems and the development of state longitudinal data systems. These include:
  • Goals 2000
  • Educate America Act
  • Improving America’s Schools Act
  • No Child Left Behind
  • America Competes Act
  • American Recovery and Reinvestment Act
  • Race to the Top
Each state has a State Longitudinal Data System (SLDS) and names its SLDS a little differently to suit its own creativity. As an example, Oregon has Project ALDER: Advancing Longitudinal Data for Educational Reform. Washington has CEDARS: Comprehensive Education Data and Research System.

The early stated purposes for data collection were to determine things like graduation rates, job placement rates, and program effectiveness. The Race to the Top grant program created mandates for data systems to be used to inform decisions and improve instruction. While this is laudable, it is questionable as the driving need for data collection. An abundance of available data and research findings has been ignored in the reform education decision-making process. Many reform measures being pushed from the federal level on down have no evidence of effectiveness -- some have evidence of negative effectiveness -- yet continue to be foisted upon the states and local districts to implement.

Are our decision makers "Confusing Evidence and Politics"? Do they really have our students’ academic interest as a top priority? Does anyone know how to make effective decisions based on this information? Will the information be so overwhelming as to be useless except for cherry picking to support pet programs? Who will benefit most? Our students? Private corporations? Non-profit corporations? Individuals and groups in positions of power and authority?

Our society’s moral and ethical values might have slipped to the point at which individuals and groups in positions of power and authority feel it is appropriate to publicly release information that most people feel is confidential. Recently, state officials in Oklahoma posted private educational records of several students online. This information might not have come from their state longitudinal data system, but think of the control and power such information provides, especially if one is able to personally identify individuals. When "Big Brother" has the informational goods on the public, are people likely to speak up? Or will they maintain a cautious place in line?

There is a prohibition on the development of a nationwide database of personally identifiable information (PII). The Act that created No Child Left Behind says: PROHIBITION ON NATIONWIDE DATABASE.
Nothing in this Act (other than section 1308(b)) shall be construed to authorize the development of a nationwide database of personally identifiable information on individuals involved in studies or other collections of data under this Act. 20 USC 7911.
Does that mean it is okay to develop a nationwide database provided no personally identifiable information is used? It appears the federal government is dancing around the issue of developing a nationwide database. While the federal government is not developing it, it is supporting, promoting, encouraging, and funding with tax dollars the development of state longitudinal data systems. The Data Quality Campaign (DQC) is well under way, with federal encouragement, to have the state longitudinal data systems compatible for data sharing between and among states. This effort will result in a defacto nationwide database.

The Data Quality Campaign’s report "Data for Action 2011: Empower with Data" indicates no states having all 10 Essential Elements of Statewide Longitudinal Data Systems in place in 2005. In 2011, every state had at least seven of the 10 Elements in place and 36 states had all 10 Elements in place.

The Data Quality Campaign lists the National Governors Association (NGA) Center for Best Practices and the Council of Chief State School Officers (CCSSO) among its Partners. The NGA and the CCSSO joined efforts in an initiative to develop the Common Core State Standards, and they share some of the same partners. Both the Data Quality Campaign and Common Core State Standards Initiative have been supported with grants from the Bill & Melinda Gates Foundation (see 1, 2, 3).

The Common Core State Standards initiatives have provided investors and entrepreneurs with a lucrative market place. Besides the technology industry and service industry, who is it who stands to financially gain from the Data Quality Campaign and the state longitudinal data systems?

The Council of Chief State School Officers (CCSSO) and State Higher Education Executive Officers (SHEEO) are working to "Promote the Voluntary Adoption of a Model of Common Data Standards," and they say: "The U.S. Department of Education will facilitate the leveraging, and where needed, the development of model common data standards for a core set of student-level variables to increase comparability of data, interoperability and portability of data, and reduce collection burden."

Funding for State Longitudinal Data Systems
"Leveraging Federal Funding for Longitudinal Data Systems - A Roadmap for States" shows some federal programs are encouraging states to use funds for longitudinal data systems. These programs include:
It is difficult to determine how much taxpayer money states have spent on longitudinal data systems. As indicated above, there are numerous sources of funds available. The Statewide Longitudinal Data System Grants Program does show how much grant money has been awarded to each state from its program. Since 2006, more than $612 million has been awarded, with $254 million of that in American Recovery and Reinvestment Act of 2009 (stimulus) funds. Information from this program’s website has been compiled into a table showing amounts each state has been awarded.
Personally Identifiable Information, Data Mining and Matching, and Security Breaches
State longitudinal data systems are not to permit users of the system to individually identify students. What about abusers of the system? Data from state longitudinal data systems can be matched with data from other databases, enabling the identification of individuals no matter how much effort is put into keeping personally identifiable information (PII) out of the state longitudinal data systems. Records can be matched by identifying overlapping data.
With the ability to match data, and thus enabling the identification of individuals, it is reasonable to think these data may find their way into the hands of data brokers and database marketers like Acxiom Corporation who may mine, analyze, refine, and sell the data. While we may laugh at the "Ordering Pizza in 2015" video, it hits really close to reality.
Eventually, whether for sport, competition or profit, hackers will compromise the state longitudinal data systems. Perhaps they already have been exploiting these systems, and the public and parents are never informed it is taking place.

Below is a notice that I have written and which I believe should be provided to parents and all of the media. For obvious reasons, it never will be provided:
We have discovered that our state longitudinal data system servers were attacked, resulting in a security breach. The hackers were able to access information on all students, parents and teachers in the state. Our team has worked to secure the state longitudinal data system against this type of attack from recurring.
Please understand that we are under no obligation to inform you that sensitive data about the students, parents, and teachers in the state were accessed and copied by unauthorized and unknown individuals. Since our data system contains no personally identifiable information, you should comfortably know we assume no liability for any damages resulting from the hacker’s ability to personally identify individuals by matching overlapping information with other database information over which we have no control.
We sincerely apologize for this inconvenience. Should you find the consequences of this security breach to be devastating to your life, we suggest you consider assuming another identity and starting a new life. Should you wish to exercise this option, for a fee we can assist you in this effort. We take the security of our data seriously and can assure you we are taking measures to protect the system from this kind of breach until it happens again, at which time we will simply send you another message similar to this one, reassuring you that there is nothing to be concerned about.



J.R. Wilson is a parent and an education advocate with 25+ years experience in public education as an elementary teacher, curriculum consultant, staff development coordinator, and principal.

For the complete original article, plus Wilson's references and his two sidebars of additional information, please see this Google document.


Wilson's article was originally published August 27, 2012, on EducationNews.com at
http://www.educationnews.org/parenting/jr-wilson-parents-need-to-know-about-student-data-privacy/. It was lightly edited and is republished here with permission from the author.

No comments:

Post a Comment