So dramatic! But true. What started as a platform to share student data across states was soon seen as something much more sinister. Parents sued the New York commissioner of education over the state’s involvement with inBloom. Louisiana education activists issued public records requests for the contract and all communications between the state and the Shared Learning Collaborative, inBloom’s predecessor. Superintendents made comments, observers got riled up, and one New York State assemblyman said, well, this.
Their primary concern? Student data privacy. When inBloom shut down, it was considered a win for privacy advocates. And while there are legitimate privacy concerns, there’s undeniable value in giving parents, teachers, and students easier access to student achievement data. So what’s the real story? What protections are there for data privacy? How are student data being used?
Brennan started her career in ed policy in Tennessee, working at the State Collaborative on Reforming Education. More interested in a 50-state perspective, she started looking in D.C. Even though she remembers saying, “I don’t want to work on data! Who wants to work on data?” an opportunity with DQC changed her mind.
Now, she works with state leaders and advocates to set the record straight on education data and, in the process, is involved in more active policy environments. “Right now, the conversation focuses so much on federal policy,” she says. “But that’s not where the exciting work is happening.”
There are four key federal student data privacy policies.
The biggest dog in the park is FERPA, or the Family Educational Rights and Privacy Act. The law lays out student privacy rights by restricting with whom and what circumstances schools may share individual students’ data. It applies to personally identifiable student education records—the kinds kept at schools, districts, and the state. It does protect student privacy, but there are more online tools and uses for student data now than there ever were in 1974, when FERPA was written. There is some interest on the Hill in amending and updating FERPA, and many states are codifying it, or pieces of it, themselves.
There’s also the Children’s Online Privacy Protection Act (COPPA), which has to do with children under 13 and their presence and information on the internet, and the Health Insurance Portability and Accountability Act (HIPAA), which anyone who’s ever been to a doctor’s office should know about.
The other big one, at least right now, is PPRA, the Protection of Pupil Rights Amendment. PPRA is having its day in the sun because of some misconceptions about collecting sensitive information about students—like their religion, their political affiliation, their sexual preferences, and whether they own a gun. PPRA says that the federal government may sometimes survey students, as they do as part of the National Assessment of Educational Progress test. But before they ask any sensitive questions like those, they need parental consent. Some of these survey questions have gotten mixed up with the new Common Core-aligned assessments. The testing consortia will not be asking questions like these, but somehow it all got lumped together.
What is the most common misconception about data privacy?
I’m going to take some liberties here and tell you two, because it’s been a year of misconceptions!
There’s this misconception that Common Core standards and the related testing are somehow going to lead to a tremendous amount of new data collection on individual students. People are concerned the federal government is going to have new, sensitive info about their kids. Not true. Common Core has nothing to do with data collection. And the U.S. Department of Education does not get identifiable information about individual K-12 students from the states. Data got lumped together with a lot of the federal intrusion concerns about Common Core, but they’re not at all related.
There’s another misconception that once districts and schools collect student data, they’ll sell it to outside providers. Or that vendors who provide classroom services will sell the data. That’s not happening. Selling student data is prohibited by FERPA.
So that’s not what happened with inBloom?
That concern was definitely the root of the pushback against inBloom. inBloom had the potential to be a tool for states and districts that allowed really valuable classroom resources to be created, but the timing was wrong, and the messaging was wrong. It was also the first time that most members of the public and parents had been exposed to the idea that data about students was being collected, shared, and used at all. It was ultimately defeated by worries about Bill Gates and students’ data being sold or used for marketing. The sale of data was never going to happen. I seriously doubt Bill Gates was particularly interested in individual students’ data, but those were the fears.
There are some very real fears about how student data are used and what that means for student privacy. What scares you about data privacy?
I spend a lot of my time trying not to be scared about it so I can help the people who are!
But the biggest concern for me is that, whether people’s fears are real or a misconception, those fears could cause us to roll back on collecting and using data to help teachers and parents (and students themselves) improve instruction and improve outcomes for kids. So instead of taking a proactive approach and putting legislation in place that will protect student data, I worry that we’ll see states going too far in rolling back legitimate use of data, and that’s scary to me.
From a proponent’s perspective, that definitely makes sense. But I’m going to push you a little bit — that’s the only thing that scares you about data privacy, even in our post-gross-invasion-of-privacy world?
I’m a victim of the Target hack. I came out pretty unscathed, but my information was still stolen. There are definitely bad actors out there. That’s a reality of being a citizen, of participating in society, and having a credit card or a Facebook account or an email address. If you’re going to live in the world in 2014, there is the risk.
But we need to have thoughtful conversations about the balance of that risk and the value. We also need thoughtful state policies that provide guidelines and punish bad actors. We can’t just scrap everything because there are bad actors out there.
That was an excellent answer. But on a less forbidding note, let’s talk about you: Tell me something fun about you.
I don’t know if this is fun, but I’m a big believer that your office should be a cool-looking place to be. I use a bookshelf in my office to store all of my heels. I have a sheepskin throw on my chair, and when DQC moves offices, I have plans for a rug and another cool chair. We spend too many hours at our desks in D.C. not to schuss them up a little!
Ashley Mitchel is an analyst with Bellwether Education Partners, and her Q&As with local education leaders are a regular Recess feature. Reach her via email or Twitter.