Empty Promises of Privacy Protection
PA House Resolution 338 touted by Seth Grove, et al states:
“The Secretary of Education and the State Board of Education be urged to ensure that Pennsylvania academic standards do not result in intrusion into student and family privacy or in the collection or reporting of additional data to the Federal Government.”
A group called the Data Quality Campaign published a document titled Next Generation State Data System: What is Needed to Support the Next Generation Assessment and Accountability Systems which is found on Achieve, Inc.’s website provides some insight into the Big Data movement. On Page 6 of this document, Student IDs are discussed:
“Most states have implemented a statewide unique student identifier (ID) within the past three years … This student ID allows states to track students as they move across schools and districts within the state and track students as they move from one grade to another. Typically, these IDs are generated by the state and may be shared with the district. Ohio, however, has a state law that says that the SEA cannot maintain students’ identifiable information (i.e., names, dates of birth). The SEA does have access to the student ID, but without other personally identifiable information it is difficult for them to share data with other entities.”
The article goes on to discuss Assessment Data:
“SEA [State Education Agency] systems typically collect data on the statewide assessment system … As states are building more robust student-level data systems, though, SEA’s are beginning to collect student-level scores, and in some cases even item-level responses, from the testing contractors. States enter into contracts with testing vendors and specify in the contracts what types of reports are to be sent directly to the districts versus to the SEA. …”
In conclusion, the document discusses the “cultural, political, and financial” obstacles to data collection [emphasis mine]:
“…Culturally, educators and administrators need to learn to embrace the use of data, instead of fear it. Politically, policymakers need to make the sharing of student-level data — while protecting student confidentiality — not only acceptable, but mandatory across educational institutions. State laws, such as those in OH, that prevent the SEA from maintaining identifiable student information create a burden to the state, both from a financial and a data perspective. Interpretations of the Family Educational Rights and Privacy Act (FERPA) that prevent P-12 and post-secondary systems from sharing student-level data hinder the ability to improve student achievement. … The next generation data system will likely come to fruition when we have both local educators and state policymakers calling for access to more data in easy to use formats on a more frequent basis. The convergence of demands from the ‘bottom up’ and the ‘top down’ will create the perfect storm to create a new breed of data system, but that demand can only be filled if financial commitments are made to ensure that the systems are built and sustained.”
So what they seem to be saying is, in order to the get the data they need, it must be personally identifiable and they find it quite annoying that state’s like Ohio have created such a burden by not allowing this to happen. And I don’t think anyone “fears” the use of data, but the misuse and abuse that happens when private records are “accidentally” exposed or hacked. Although this document is not specifically applicable to PA, as I’ve said before, it shows the mindset and the intentions of the folks behind Big Data. They are just biding their time until the right folks get into office to lift the restrictions on getting them the data they want and they are constantly pushing the ball down the court. This is why our elections matter.
The National School Board Association’s website published information on how the federal education privacy law intersects and in many cases overrides the health care information privacy law:
“The U.S. Department of Health and Human Services (HHS) and the U.S. Department of Education (ED) have issued a joint guidance on the application of the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to student health records… …the new guidance notes that the HIPAA Privacy Rule generally does not apply to elementary or secondary schools … ”
If your child has a medical or psychological condition and the child’s medical records becomes part of the education record it sounds like federal education privacy rules trumps healthcare privacy rules. And remember, this was done under the radar through regulatory changes, not a Congressional vote.
As we have all seen more and more in recent years, promises of anonymity and privacy with these “secure” ID’s are empty and meaningless when it’s your data that has been unwittingly exposed. As Paul Ohm published in 2009 ‘Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization at the University of Colorado School of Law, we know security breaches occur on a regular basis, therefore, there is no way to guarantee the privacy of our children’s information, especially on-line or in these “clouds.” Anyone who has ever had his credit card information or identity stolen knows that “encryption” can be unencrypted and unlinked data can be linked. As parents, we were never even given a privacy agreement to review and sign with respect to this data system.
Besides the obvious fraud and identity theft (especially if Social Security Numbers are used) this can lead to if data is not secured properly, what impact might this have on our children once a historical database by name is compiled on them beginning in infancy? And what of trying to correct misinformation that might be recorded on our child? Remember, this is massive bureaucratic administrative state that does not readily or easily respond to those it serves.