Bye-bye privacy - Beckley, Bluefield & Lewisburg News, Weather, Sports

Bye-bye privacy

Posted: Updated:

How safe is one's information once it is thrown into the technological world?

By merely looking at the National Security Agency spying debacle and the recent hacking of almost 40 million credit card accounts that had been used at Target, one would be quick to answer "not very."

Coming soon to a state near you, more than just "a little" student information will not only be entered into cyberspace, but tracked and shared among every other state to create a national database of student information, courtesy of Common Core. In West Virginia, the information will be shared through the state's longitudinal data system called ZoomWV.

Addressing privacy concerns

At a meeting convened to address concerns raised about Common Core, president of Harrison County Board of Education Michael Queen conducted a dialogue with state lawmakers, concerned community members and state Board of Education members.

Queen said one of the "sticking points," from a political perspective, is the "comprehensive data collection."

"People aren't going to settle with the data collection," he said.

Another group not going to settle with the data collection, among other things, is West Virginia Against Common Core, a group that sent a proposal to Gov. Earl Ray Tomblin.

In the proposal, West Virginia Against Common Core asks for "ironclad, no loopholes, student data protection legislation," a two-year moratorium on common core assessment implementation and requires that the West Virginia State Board of Education to prepare a cost analysis.

According to Amy Goodwin, director of communications for Tomblin, the proposal has been received and is under review.

On Nov. 13, 2013, West Virginia Board of Education President Gayle Manchin and State Superintendent of Schools James Phares signed a resolution that would restrict the sharing of information and also would allow parents/guardians to opt out of student directory information being made publicly available. 

The resolution states that the Local Education Agency, or LEA, would be in control of student information.

According to the terms of the SLDS grant, the state interoperability framework, or SIF, must provide interoperability from LEA to LEA, from LEA to Postsecondary, from LEA to the state's office of education and from the state's office of education to the EdFacts Data Exchange, "a centralized portal through which states submit data to the Department of Education."

Many opponents wonder how "sticky" the backtracking "jar of molasses" will be, considering the signed contract with the federal government requires the turnover of student information.

State longitudinal data system

To receive federal money from the "Race to the Top" initiative, states were conditioned to adopt a statewide longitudinal data system. The longitudinal data system, or SLDS, is a data bank of files on all school children within the state from kindergarten through the work force, accessible by the federal government due to the fact the SLDS is federally funded.

All states that took the money have an SLDS. Another golden egg of Race to the Top is that the initiative links the SLDS from state to state, and from agency to agency, literally forming a national database of student information and dismissing another argument that data is kept within the state.

Data in the longitudinal database includes a unique statewide student identifier that connects student data across key databases across years, student-level enrollment, demographic and program participation information, the ability to match individual students' test records from year to year to measure academic growth, information on untested students and the reasons they were not tested, a teacher identifier system with the ability to match teachers to students, student-level transcript information, including information on courses completed and grades earned, student-level college readiness test scores, student-level graduation and dropout data, the ability to match student records between the P–12 and higher education systems and a state data audit system assessing data quality, validity and reliability. 

The Family Educational Rights and Privacy Act of 1974, or FERPA, was enacted to protect the privacy of individual student records. In 2011 and effective January 2012, the U.S. Department of Education altered FERPA without the consent of Congress.

Under the law, third party non-academic entities now have access to student records without parental consent, allowing the release of private student data without parental consent or even knowledge.

Contained in the SLDS are two types of information: aggregate data and personally identifiable information. Aggregate data consists of general information. Personally identifiable information, or PII, is information describing students with no traceability back to the student's name.

While proponents insist that no name, or any identifiable way, exists to reveal students based on their information, the other side strongly disagrees. They argue with the large amount of information, along with biological and behavioral data, one merely has to use his or her brain to connect the dots. 

According to FERPA, data often related to state and federally funded educational programs, such as "data related to assessments, grades, course enrollment and completion, attendance, discipline, special education status, homeless status, migrant status, graduation or dropout status, demographics and unique student identifiers" will be merely a few things stored in this mammoth of a student database.

What about social security number?

Despite proponents stating that one's "social security number will not be used" as PII, the revised FERPA tells a different story. 

According to The Federal Register, concerning FERPA changes, "FERPA does not prohibit the use of a social security number as a personal identifier or as a linking variable." FERPA only suggests that social security numbers be used "minimally."

West Virginia Policy 4350, Title 126, Series 94 Procedures for Collection, Maintenance and Disclosure of Student Data affirms that assessment by stating, "‘personally identifiable' means that the data or information includes, but is not limited to, (a) the name of the student, the student's parent, or other family member, (b) the address of the student or student's family, (c) a personal identifier such as the student's social security number or student number, (d) a list of personal characteristics that would make the students' identity easily traceable or (e) other information that would make the student's identity easily traceable."

What about the possibility of not only sharing information from state to state, but also across international lines?

According to the new FERPA, there are no "distinctions between State and international lines." However, FERPA has the courtesy to at least warn that "transfers of PII from education records across international boundaries, in particular, can raise legal concerns about the Department's ability to enforce FERPA requirements against parties in foreign countries."

When it comes to a student's health information, FERPA now states that "if PII from education records related to a student's health is necessary to evaluate an education program, this information may be disclosed without obtaining consent, provided all other requirements in the regulations are met."

Who can view the information?

While proponents argue that accessibility of data means teachers having easier access to information, opponents point out the problem with disclosing information to third parties without parental consent.

According to West Virginia Policy 4350, Title 126, Series 94 Procedures for Collection, Maintenance and Disclosure of Student Data, "the county board of education may provide access to established directory information to other persons or groups as determined by board action."

That leads to the question of who is allowed to view the plethora of information.

While FERPA states that school officials are teachers and administrators who work within a school, school district or postsecondary institution, the regulations also state that contractors, consultants, volunteers or other parties to whom an educational agency or institution has outsourced institutional services functions under the conditions listed may be considered school officials with legitimate educational interests in students' education records.

Authorized representatives also include "other outside parties (i.e. non-employees) used to conduct an audit, evaluation or compliance or enforcement activities or other institutional services or functions for which the official or agency would otherwise use as its own employee." An example provided is an outside computer consultant hired to develop and manage a data system for education records. Non profit organizations that receive department funds also may have the access to share information. 

Many point out that the list of viewers and sharers seems quite lengthy, considering the amount and type of sensitive information ensconced in the data bank.

What about parents?

As stated in FERPA, "We decline to adopt the suggestion that schools be required to notify parents and eligible students when PII from education records is re-disclosed to an outside entity, and to provide parents and eligible students with an opportunity to opt out of the disclosure. FERPA expressly provides for disclosure without consent in these circumstances."

Furthermore, the "statute does not provide any right to inspect and review education records held by authorized representative of FERPA-permitted entities or third parties."

While the revised law allows for parents and eligible students to "seek to amend their education records," many strongly voice the opinion that parents should have the ultimate right to view and amend the information of their own children.

Opponents not only view parents as having the ultimate right to the access of their children's educational records, but also the ultimate right to know how the information is being shared and who it is being shared to. 

What about those who wish to prevent information for one purpose from being used for another? According to FERPA, it "expressly permits the re-disclosure, without consent, of PII from education records for a reason other than the reason for which the PII was originally collected."

In other words, the student or parents are not in control of their own information.

What about information violators?

One would think stiff penalties apply for those who violate the sharing PII policy.

However, the only penalty is loss of access to personally identifiable information from education records for at least five years. Who's to say that after five years, the offender won't repeat the offense?  And is there any way to track offenders?

According to FERPA, "the Department has decided not to implement the idea of compiling a list of FERPA violators. The Department believes that a public list of entities that have violated FERPA is an intriguing idea and will continue to keep this idea in mind and possibly implement it at a later date."

With the implementation of the SLDS and Smarter Balanced Assessment Consortium, or SBAC, the question is who will be stuck with the bill?

The resounding answer: the states themselves — who took Race to the Top money to avoid that same situation.

The Smarter Balanced Assessment Consortium, responsible for generating Common Core assessments, not only contractually obligates for the turnover of student data to the Department of Education, but according to some projections, will cost in the millions, if not billions, of dollars.

Not only will the SBAC cost states money, but also will "work with the Department of Education to develop a strategy to make student-level data that results from the assessment system available on an ongoing basis for research, including for prospective linking, validity and program improvement studies; subject to applicable privacy laws."

Translation — even more data being shared to even more people.

Joy Pullman, research fellow with the American Principles Project, warns that by implementing SLDS, assessment consortiums and Common Core standards, states may be forced to change their own state laws to accommodate the new implementations and at best, leave their own state laws open-ended.