State Longitudinal databases: Tracking students from birth to the workforce and beyond

This piece is also posted  as “The astonishing amount of data being collected about your children.” at the Washington Post AnswerSheet.

By Leonie Haimson and Cheri Kiesecker, Parent Coalition for Student Privacy

Remember that ominous threat from your childhood, This will go down on your permanent record?” Well, your children’s permanent record is a whole lot bigger today and it may be permanent. Information about your children’s behavior and nearly everything else that a school or state agency knows about them is being tracked, profiled and potentially shared.

During a February 2015 Congressional hearing on “How Emerging Technology Affects Student Privacy,” Rep. Glenn Grothman of Wisconsin asked the panel to “provide a summary of all the information collected by the time a student reaches graduate school.” Joel Reidenberg, The Center on Law & Information Policy Fordham Law School Director, responded:

Just think George Orwell, and take it to the nth degree,” Reidenberg said. “We’re in an environment of surveillance, essentially. It will be an extraordinarily rich data set of your life.”

Most student data is gathered at school-via multiple routes; either through children’s online usage or information provided by parents, teachers or other school staff. A student’s education record generally includes demographic information, including race, ethnicity, and income level; discipline records, grades and test scores, disabilities and Individual education plans (IEPs), mental health and medical history, counseling records and much more.

Under the federal law known as FERPA, the Family Educational Rights and Privacy Act, if medical and counseling records are included in your child’s education records they are unprotected by HIPAA (the Health Insurance Portability and Accountability Act passed by Congress in 1996). Thus, very sensitive mental and physical health information can be shared outside of the school without parent consent.

Many parents first became aware of how widely their children’s personal data is being shared with third parties of all sorts when the controversy erupted over inBloom in 2012, the $100 million corporation funded by the Gates Foundation. Because of intense parent opposition, inBloom closed its doors in 2014, but in the process, parents discovered that inBloom was only the tip of the iceberg, and that the federal government and the Gates Foundation have been dedicated to the goal of amassing and disclosing personal student data in many other ways.

Ten organizations joined together, funded by the Gates Foundation, to create the Data Quality Campaign in 2005, with the following objectives:

  • Fully develop high-quality longitudinal data systems in every state by 2009;
  • Increase understanding and promote the valuable uses of longitudinal and financial data to improve student achievement; and
  • Promote, develop, and use common data standards and efficient data transfer and exchange.

Since that time, the federal government has mandated every state to collect personal student information in the form of longitudinal databases, called Student Longitudinal Data Systems or SLDS, in which the personal information for each child is compiled and tracked from birth or preschool onwards, including medical information, survey data, and data from many state agencies such as the criminal justice system, child services, and health departments.

A state’s SLDS, or sometimes called a P20 database (pre-K to 20 years of age), P12, or B-20 (data tracking from birth), have been paid for partly through federal grants awarded in five rounds of funding from 2005-2012. Forty seven of fifty states as well as the District of Columbia, Puerto Rico, and the Virgin Islands have received at least one SLDS grant.

Although Alabama, Wyoming and New Mexico are not included on the site linked to above, Alabama’s Governor recently declared by executive order that “Alabama P-20W Longitudinal Data System is hereby created to match information about students from early learning through postsecondary education and into employment.” Wyoming uses a data dictionary, Fusion, that includes information from birth. New Mexico’s technology plan shows that they moved their P-20 SLDS to production status in 2014 and will expand in 2015. This site run by the Data Quality Campaign tracks each state’s SLDS.

Every SLDS has a data dictionary filled with hundreds of common data elements, so that students can be tracked from birth or pre-school through college and beyond, and their data more easily shared with vendors, other governmental agencies, across states, and with organizations or individuals engaged in education-related “research” or evaluation — all without parental knowledge or consent,.

Every SLDS uses the same code to define the data, aligned with the federal CEDS, or Common Education Data Standards, a collaborative effort run by the US Department of Education, “to develop voluntary, common data standards for a key set of education data elements to streamline the exchange, comparison, and understanding of data within and across P-20W institutions and sectors.”

Every few months, more data elements are “defined” and added to the CEDS, so that more information about a child’s life can be easily collected, stored, shared across agencies, and disclosed to third parties. You can check out the CEDS database yourself, including data points recently added, or enter the various terms like “disability,” “homeless” or “income” in the search bar.

In relation to discipline, for example, CEDS includes information concerning student detentions, letters of apology, demerits, warnings, counseling, suspension and expulsion records, whether the student was involved in an incident that involved weapons, whether he or she was arrested, whether there was a court hearing and what the judicial outcome and punishment was, including incarceration.

This type of information is obviously very sensitive and prejudicial, and often in juvenile court, records are kept sealed or destroyed after a certain period of time, especially if the child is found innocent or there is no additional offense; yet all this information can now be entered into his or her longitudinal record with no particular restriction on access and no time certain when the data would be destroyed.

Expanding and Linking Data across States

Nearly every state recently applied for a new federal grant to expand its existing student longitudinal data system, including collection, linking and sharing abilities. You can see the federal request for proposals here.  Pay special attention to Section V, the Data Use section of the grant proposal, requiring states to collect and share early childhood data, match students and teachers for the purpose of teacher evaluation, and promote interoperability across institutions, agencies, and states.

The fifteen states and one territory, American Samoa, that won the grants were announced Sept. 17, 2015, and are posted here. The President’s 2016 budget request has a number of additional data­ related provisions, including a near tripling in funding for State Longitudinal Data Systems ($70 million) and Department of Labor Workforce Data Quality Initiative ($37 million) aimed at attaching adult workforce personal data with his or her student records.

Though the federal government is barred by law from creating a national student database, the US Department of Education has evaded this restriction by means of several strategies, including funding multi-state databases, which would have been illegal before FERPA’s regulations and guidance were rewritten by the Department in 2012.

The federal grants encourage participation in these multi-state data exchanges. One existing multi-state database is WICHE, the Western Interstate Commission for Higher Education, which includes the fifteen Western states that recently received an additional $3 million from the federal government. This WICHE document explains that the project was originally funded by the Gates Foundation, and that the Foundation’s goal of sharing personal student data across state lines and across state agencies without parental consent was impermissible under FERPA until it was weakened in 2012:

Upon approval of WICHE’s proposal by the Gates Foundation, the pilot MLDE (Multistate Longitudinal Data Exchange) project began in earnest in June, 2010, and the initial meeting to begin constructing the MLDE was held in Portland, Oregon, in October, 2010. It is worth placing the launch of the MLDE pilot within an historical timeline of events bearing on the development and use of longitudinal data. As the project got underway, the federal government’s guidance on the application of the Family Educational Rights and Privacy Act (FERPA) was still fairly restrictive. Indeed, based on a subsequent conversation with a member of the Washington State Attorney General’s office, our plans to actually exchange personally identifiable data among the states would be impermissible under the FERPA guidance in effect at that time. Though we were told we would have been able to assemble and use a de-identified dataset, which would have shown much of the value of combining data across states, not being able to give enhanced data back to participating states would have been a serious setback. Changes in the federal government’s guidance on FERPA that went into effect in January, 2012 resolved this problem.

The new guidance permitted the participating states to designate WICHE as an authorized representative for the purposes of assembling the combined data, while also allowing the disclosure of data across state lines and between state agencies.

Since 2010, the Gates Foundation has funded WICHE with more than $13 million. Just to underscore how powerful this organization has become, the Lieutenant Governor of Colorado, Joe Garcia, just stepped down from his post to head WICHE. Here is a helpful chart showing how student personal data is to be shared, among state agencies and across state lines.

Existing multi-state databases include not just WICHE, but also SEED, formerly Southeastern Education Data Exchange, now called the State Exchange of Education Data, including Alabama, Colorado, Florida, Georgia, Kentucky, North Carolina, Oklahoma, and South Carolina.

This North Carolina PowerPoint from 2013 describes what detailed information is to be shared among the states participating in SEED: data aligned with CEDS, including demographic information, academic and test score data, and disciplinary records. Here is a Georgia document, explaining how SEED will be “CEDs compliant” and describes in even more detail the sort of information that will be exchanged.

In addition, the two Common Core testing multi-state consortia funded by the federal government, PARCC and Smarter Balanced, are accumulating a huge amount of personal student data across state lines, and potentially sharing that information with other third parties. Under pressure, PARCC released a very porous privacy policy last year; Smarter Balanced has so far refused to provide any privacy policy, even after requests from parents in many of the participating states.

What Parents Should Do

Ask your State Education Department if they applied for this new grant to expand their SLDS, and if so, ask to see the grant proposal. You can also make a Freedom of Information request to the US Department of Education to see the grant application. Ask what methods your state is using to protect the data that the SLDS already holds, and if the data is kept encrypted, at rest and in transit. Ask what categories of children’s data they are collecting, which agencies are contributing to it, and what third parties, including vendors and other states, may have gained access to it. Ask to see any inter-agency agreements or MOUs allowing the sharing education data with other state agencies. Ask if any governance or advisory body made up of citizen stakeholders exists to oversee its policies.

You should also demand to see the specific data the SLDS holds for your own child, and to challenge it if it’s incorrect – and the state cannot legally deny you this right nor charge you for this information under FERPA.

This was conclusively decided when a father named John Eppolito requested that the Nevada Department of Education provide him with a copy of his children’s SLDS records, and the state demanded $10,000 in exchange. He then filed a complaint with the US Department of Education, which responded with a letter on July 28, 2014, stating that the state must provide him with the data it holds for his child, as well as a record of every third party who has received it; and that they cannot charge a fee for this service.

Parents also have the right to correct their child’s data if it is in error. Apparently Mr. Eppolito found many errors in his children’s data. Even if it is accurate, the data that follows your child through life and across states could diminish his or her future prospects. As this Department of Education study points out,

…imagine a student transferring from another district into a middle school that offers three levels of mathematics classes. If school staff associate irrelevant personal features with mathematics difficulties, the representativeness bias could influence the student’s placement… educators have been found to have a tendency to pay more attention to data and evidence that conform to what they expect to find. “

Schools could use this data to reject students, push them out, or relegate them to remedial classes or vocational tracks. There is also abundant research that shows that a teacher’s expectations play a significant role in how a student performs – especially for marginalized groups. This is called the Pygmalion effect in the case of a teacher’s positive expectations, and the Golem effect in the case of negative expectations. These studies reveal that if teachers are provided with positive or negative information about their students before having a chance to form their own opinions based upon actual experience, this prior information often tends to bias their judgments and perceptions of that student, creating self-fulfilling prophecies.   Parents should be legitimately fearful that positive or negative data may be used to profile their children, and potentially damage their chance of success.

What Else Can You Do?

If you send your children to a public school, under current federal law you have no way of opting out of the P20 profile that has been created by your state and potentially shared with others. You also have no right to refuse to have your child’s data disclosed to testing companies and other corporations in the name of evaluation and research. Researchers have legitimate interests in being able to analyze and evaluate educational programs, but any sensitive personal data should be properly de-identified and there must be strict security provisions to safeguard its access and restrict further disclosures, as well as a time certain when it will be destroyed. You do have the right to see that data, and challenge it if it is inaccurate.

You should also advocate for stronger state and federal laws to protect your child’s data and laws that give parents and students the right of ownership, including the ability to decide with whom it will be shared. You should urge your State Education Department to create advisory or governance boards that include stakeholder members, to provide input on restrictions on access and security requirements.

Any federal and state student privacy legislation should embrace five basic principles of student privacy, transparency and security, developed by the Parent Coalition for Student Privacy. Ask your elected officials to support TRUE data privacy and transparency legislation, to protect children. Parents deserve to know the data collected and shared about their children, and they should be guaranteed that their children’s data is safe from breaches and misuse.

Blumenthal/Daines student privacy bill; good start but needs improvement

For immediate release: July 16, 2015

Contact: Leonie Haimson, 917-435-9329;

Rachael Stickland: 303-204-1272;

The student privacy bill introduced today by Senators Blumenthal and Daines, called the ‘‘SAFE KIDS Act’’,  has positive aspects that would close some of the loopholes of current federal law. It allows for parents to delete their children’s personal data if it is collected by vendors and other third parties, as long as that information is not in their education records. It calls for contracts and privacy policies to be required before any school or district can disclose personal information to third parties, and for these privacy policies to be posted. It extends these provisions to children enrolled in prekindergarten and early childhood programs.

However, the bill also has significant weaknesses as well that should be addressed. The specific personal student data that can be deleted by parents is not clearly defined; and the notification provisions are weak, making it questionable as to how parents would be able to access the privacy policies or exercise their rights. The bill would allow both contextual and targeted ads, based on data-mining students each time they go online, which is unacceptable to many parents. The security provisions are weak and the enforcement provisions non-existent.

Said Leonie Haimson, co-chair of the Parent Coalition for Student Privacy, “While we appreciate the efforts of Senators Blumenthal and Daines to regulate the collection and use of student personal information by third parties, we need a stronger bill that includes robust security and enforcement protections. We also believe that parents must be informed by their schools and should consent before their children’s data is disclosed, particularly in the case of sensitive information related to health, disability and disciplinary issues. Consent must absolutely be required before any re-disclosures are allowed from one operator to another, or else we risk an uncontrolled number of re-disclosures, with parents unaware of where their children’s data is being held and under what conditions.”

Josh Golin, Executive Director of the Campaign for a Commercial-Free Childhood, said: “The bill does not go far enough in protecting children from potentially harmful commercial influences.  Websites, apps, and software assigned to students by their schools should be free of all advertising, regardless of whether the ads are contextual or based on data-mining students during each one of their internet sessions.   Ads serve no legitimate educational purpose and are distracting to students.  Schools should not be allowed to sell or offer up their students’ data, time and attention to marketers for any reason.”

Jennifer Jacobsen, a Connecticut public school parent and privacy advocate stated, “My children do not go to school to have their meta-data analyzed. They do not go to school to have advertising embedded within their on-line instructional materials. They do not go to school to have every detail about them uploaded and accessed by people I do not know. They do not go to school to be employed as unpaid product development specialists or forbid, plugged into a laptop all day. They go to school to be inspired, enlightened, impassioned seekers of knowledge, to become able citizens and follow their dreams.”

Rachael Stickland, co-chair of the Parent Coalition for Student Privacy concluded, “We look forward to working with Senators Blumenthal and Daines, and all members of Congress to strengthen every bill that aims to protect the privacy and safety of students. Parents must be fully aware and involved in the decision-making as to how the personal information of their highly vulnerable children is stored, used and shared. Particularly with the news of devastating data breaches reported nearly every day, security protections must be strong if a child’s safety and future chances of success is not to be undermined. We point policymakers to the five principles developed by our Coalition, involving parental and student rights, transparency, security, enforcement, and a ban on commercial uses. All five principles should be and must be included in any student privacy bill going forward.”

These five principles are available on the Student Privacy Matters website here:


Five principles to protect student data privacy

The Parent Coalition for Student Privacy believes that the following five principles should be incorporated in any law or policy regarding the protection of personal student data in grades preK-12.  After   students reach age 18,  all these rights, including those related to notification and consent,  should devolve to them:

  • Transparency: Parents must be notified by their children’s school or district in advance of any disclosure of personal student information to any persons, companies or organizations outside of the school or district.

All disclosures to third parties should also require publicly available contracts and privacy policies that specify  what types of data are to be disclosed for what purposes, and provide a date certain when the data will be destroyed.

  •  No commercial uses: Selling of personal student data and;or use for marketing purposes should be banned.  NO advertising should be allowed on instructional software or websites assigned to students by their schools, since ads are a distraction from learning and serve no legitimate educational purpose.

While some of the current bills ban “targeted” ads, others ban targeted ads except for those derived from a student’s one- time internet use.   But how can any parent know whether an ad displayed to their children was based on data-mining their child a single time or over a longer period?

  •  Security protections:  At minimum, there must be encryption of personal data at motion and at rest, required training for all individuals with access to personal student data, audit logs, and security audits by an independent auditor.   Passwords should be protected in the same manner as all other personal student information.

There must be notification to parents of all breaches, and indemnification of the same.

No “anonymized” or “de-identified” student information should be disclosed without verifiable safeguards to ensure data cannot be easily re-identified.

  •  Parental/ student rights: NO re-disclosures by vendors or any other third parties to additional individuals, sub-contractors, or organizations should be allowed without parental notification and consent (or students, if they are 18 or older).

Parents must be allowed to see any data collected directly from their child by a school or a vendor given access through the school, delete the data if it is in error or is nonessential to the child’s transcript, and opt out of further collection, unless that data is part of their child’s educational records at school.

Any data-mining for purpose of creating student profiles, even for educational purposes, must be done with full parental knowledge.

Parental consent must be required for disclosure of personal data, especially for highly sensitive information such as their child’s disabilities, health and disciplinary information.

  •  Enforcement :  The law should specify fines if the school, district or third party violates the law, their contracts and/or privacy policies; with parents able to sue on behalf of their children’s rights as well.

Without strong enforcement provisions, any law or policy protecting student privacy is likely to be ignored.

Barmak Nassirian: Is the Student Right to Know Bill Worth the Risk to Privacy?

Here are Barmak Nassirian’s views of the bill recently re-introduced in the House and the Senate, Student Right to Know Before You Go Act, which would authorize the creation of a federal database of all college students, complete with their personally identifiable information, tracking them through college and into the workforce, including their earnings, Social Security numbers, and more.  The ostensible purpose of the bill?  To  provide better consumer information to parents and students so they can make “smart higher education investments.”

The Parent Coalition for Student Privacy opposes this bill, and believes that allowing the federal government to collect the personal data of all college students with no provision for consent or opt out is unacceptable – and would create huge risks to their privacy and safety. This is especially true given the recent revelations of the massive breach of the personal information of millions of federal employees, and the sensitive information of other individuals as well, referenced in their security clearances. We are especially disappointed that Sen. Ron Wyden, a strong privacy advocate, is a co-sponsor of this bill.

Barmak’s comments were originally posted in response to an article in US News and World Report by Kevin James and Andrew Kelly of the American Enterprise Institute.

by Barmak Nassirian

The authors are thoughtful higher education analysts, whose interest in more comprehensive and more granular data is certainly understandable. Unfortunately, the slam-dunk case they attempt to make on behalf of a national, student-level educational/employment data system fails to acknowledge, let alone address, some of the most basic questions about the wisdom of building such a system.

First, let’s be clear that the data in question would be personally identifiable information of every student (regardless of whether they seek or obtain any benefits from the government), that these data would be collected without the individual’s consent or knowledge, that each individual’s educational data would be linked to income data collected for unrelated purposes, and that the highly personal information residing for the first time in the same data-system would be tracked and updated over time.

Second, the open-ended justification for the collection and maintenance of the data (“better consumer information”) strongly suggests that the data systems in question would have very long, if not permanent, record-retention policies. They, in other words, would effectively become life-long dossiers on individuals.

Third, the amorphous rationale for matching collegiate and employment data would predictably spread and justify the concatenation of other “related” data into individuals’ longitudinal records. The giant sucking sound we would hear could be the sound of personally identifiable data from individuals’ K12, juvenile justice, military service, incarceration, and health records being pulled into their national dossiers.

Fourth, the lack of explicit intentionality as to the compelling governmental interest that would justify such a surveillance system is an open invitation for mission creep. The availability of a dataset as rich as even the most basic version of the system in question would quickly turn it into the go-to data mart for other federal and state agencies, and result in currently unthinkable uses that would never have been authorized if proposed as allowable disclosures in the first place.

Fifth, while the numerous authorized uses of the data system are scary enough in their own right, the high probability of unauthorized access should give advocates some pause. The individually identifiable life-information that would be neatly organized in the system, if/when compromised, would give away the entire identity of every former student, with data elements that go far beyond the terrifying data breaches we know about.

Finally, given all of the above, shouldn’t we ponder whether there are other ways of addressing the one argument for the data system–i.e., better information about outcomes–through less intrusive mechanisms? As the authors point out, proxies for exact knowledge of outcomes are already at hand, and may be tweaked to produce better information.

Tracking autonomous free individuals through most of their lives in the name of better information for the benefit of others may be justifiable, but its extremism should at the very least be acknowledged and addressed. Unfortunately, the legislation in question (and this defense of that legislation) fails to do either.

The thought that the proposed system doesn’t pose new privacy risks is quite astonishing. I seriously doubt that a much less intrusive data system, such as placing a transponder in every car to generate better transportation data, would be met with much enthusiasm at AEI, despite the fact that driving is privilege not a right, and that cars are already required to register with the government to drive on public roads.

Leonie Haimson & Rachael Stickland discuss student privacy at NPE’s second annual conference in Chicago

The Network for Public Education hosted its second annual conference in Chicago on April 25-26, 2015. It was an awesome opportunity for education advocates from across the country to gather and learn from one another to save our schools. Parent Coalition for Student Privacy Co-chairs Leonie Haimson and Rachael Stickland were honored to sit on a panel titled “Perils of Ed Tech: Student Privacy and Corruption” along with Cynthia Liu and student Nathan Ringo. Please see below to view the panel discussion and to access Leonie and Rachael’s powerpoint presentations. Thanks to everyone who joined us in Chicago!

Network for Public Education National Conference: Perils of Ed Tech from Schoolhouse Live on Vimeo.