Parents And Educators Wary Of Program
The state may soon begin compiling private student information in a statewide database-which will include disciplinary histories, addresses, health information and socio-economic status- that will be made available to third parties who develop teaching tools.
The state would use information held in this “education data portal” (EDP) to help tailor curriculum to students’ individual needs and allow educators to share best practices, but no opt-out provision and questions about data security have left parents and education advocates reeling.
“I’m totally opposed to it … I think it’s insane,” said Barbara Doyle-Sarti, who has a child at P.S. 49 in Middle Village.
Currently, local school districts maintain similar databases, according to a March 2013 memo from Ken Wagner, associate commissioner of curriculum, assessment and educa- tional technology with the New York State Education Department (NYSED).
“The NYSED has collected these types of data for approximately 10 years in order to meet its state and federal compliance and program evaluation mandates, including public reporting of school report cards, school and district accountability determinations, cohort graduation rates, and college- and career-readiness determinations,” according to the memo.
The EDP would be administered by inBloom, a nonprofit backed by the Bill and Melinda Gates Foundation, that focuses on “improving the effectiveness, variety and affordability of education technology,” according to its website.
Under the program, inBloom would be able to release students’ personal information to third parties for the purposes of creating educational material and programs.
Privacy and FERPA
Chief among many parents’ concerns is their childrens’ privacy.
The Family Educational Rights and Privacy Act (FERPA) is a Federal law that protects the privacy of public school students’ education records and prevents the release of “personally identifiable information.”
However, according to inBloom, FERPA “expressly authorizes disclosures of [personal information] from student education records to an educational agency’s own officials, including teachers, with a legitimate educational interest in the data.”
Furthermore, FERPA allows the release of such information to “contractors that perform outsourced services for the educational agency”-meaning inBloom-according to the organization.
Despite federal provisions protecting patients’ private information, the database may store and release students’ health records, as well.
Student health information is not protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), according to a joint guidance from the U.S. Department of Health and Human Services (HHS) and the U.S. Department of Education (DOE) issued in 2008.
HIPAA was enacted, in part, to protect the privacy and security of individually identifiable health information, but health data compiled by elementary and secondary schools are not covered by HIPAA, because they are considered “education records,” the guidance said.
“… [B]y definition ‘education records’ [fall] under FERPA and, therefore, is not subject to the HIPAA Privacy Rule,” according to the joint guidance.
Storage and security
During the District 24 Community Education Council Meeting (CEC), last Tuesday, Apr. 23., Molly Moody, a research associate at the nonprofit Class Size Matters, raised concerns over who handles the data and how secure it will be.
Information used by inBloom will be stored on an operating system built by Wireless Generation, a subsidiary of Rupert Murdoch-owned News Corp., according to Class Size Matters’ executive director, Leonie Haimson, who cited a Dec. 14, 2012 Wall Street Jornal article.
“They don’t like to publicize that,” she said.
News Corp.came under scrutiny in 2011 when it was revealed some of News Corp.’s subsidiary news outlets hacked the voice mails of celebrities, politicians, members of the British Royal Family, a murdered schoolgirl, relatives of deceased British soldiers and victims of the 7/7 London bombings.
In addition, the data will be hosted by Amazon.com, Moody said, suggesting private information could be leveraged for marketing purposes.
According to inBloom, sensitive data will be encrypted before it reaches the database’s host (i.e. Amazon), but “the organizations responsible for operating [i.e. Wireless Generation] or maintaining [i.e. in- Bloom] the [database] will have access” to personal information solely for the purposes of operating and maintaining the database.
In his March 2013 memo, Wagner stated the system will increase security by bringing disparate school districts’ databases under one umbrella.
“Currently, each of New York’s 693 school districts bears all of the legal and technical burdens for ensuring that vendors abide by the data security and privacy standards consistent with FERPA and properly authorize user accounts so only the right people view the right data,” Wagner said. “Authorization processes are typically designed and maintained by the same vendors providing the services, which increases the number of logins used to access information and increases the potential for data breach. Because user authorization and data access is facilitated in the EDP by statewide standards and protocols, and because the EDP single sign-on portal eliminates the need to store multiple usernames and passwords for each individual service, the EDP will allow local school districts to enhance their data security and privacy protections.”
As the state ramps up to start compiling data, many parents are wondering why they didn’t kow aobut this sooner.
“I never knew anything about it until I heard it now,” said Doyle- Sarti, who learned about the program at the CEC meeting. “I’ll be making myself more aware.”
