Blog

Parent Coalition for Student Privacy Not Satisfied with Tech Industry “pledge”

For Immediate Release: October 7, 2014

For more information contact:
Leonie Haimson, [email protected]; 917-435-9329
Rachael Stickland, [email protected]; 303-204-1272

While parents and advocates involved defeating inBloom are appreciative that the voluntary pledge released today by members of the software industry bars the selling of student data and its use for targeting ads, its provisions fall far short of what would be necessary to uphold the rights of parents to control access to their children’s personal information and protect their privacy. It appears that technology vendors and their supporters are trying to forestall stronger federal and state laws that would really hold them accountable.

The provisions do not include any parental consent or notification requirements before schools disclose the highly sensitive personal data of their children to vendors, and contain no specific security or enforcement standards for its collection, use or transmission. It would also allow for the infinite disclosure or sale of the data from one company to another, when the first one goes bankrupt, is merged or acquired by another corporation.

Leonie Haimson, Executive Director of Class Size Matters based in NYC and co-chair of the Parent Coalition for Student Privacy, said: “We need legally enforceable provisions requiring parental notification and consent for the disclosure and redisclosure of personal student data, as well as rigorous security protocols. This pledge will not achieve these goals, and will not satisfy most parents, deeply concerned about protecting their children from rampant data sharing, data-mining and data breaches.”

As Rachael Stickland, Colorado parent and co-chair of the Coalition pointed out, “The pledge explicitly allows for the use of student personal information for ‘adaptive learning.’ Parents are very worried that predictive analytics will lead to stereotyping, profiling and undermining their children’s future chance of success. At the least, industry leaders should support full disclosure of the specific student data elements employed for these purposes, and understand the need for informed parental consent.”

Said Melissa Westbrook, moderator of the Seattle Schools Community Forum and co-founder of Washington State’s Student Privacy Now, “This so-called pledge, filled with mumbo-jumbo, has one glaring item missing – legally enforceable punishment for K-12 service providers who don’t protect student data. Without that, students and their data have no real protections. ”

Concluded Josh Golin, Associate Director for the Campaign for Commercial-Free Childhood, “Across industries, self-regulation has been proven inadequate when it comes to protecting children, and there is absolutely no reason to believe that students’ most sensitive information can be safeguarded through voluntary pledges. Only federal and state legislation that have clear enforcement mechanisms and penalties will give students the protections – and parents the peace of mind – they deserve. It’s disappointing the ed tech industry’s main takeaway from the inBloom fiasco is that they need better PR.”

###

Blog

Barmak Nassirian’s quick review of the Markey/Hatch privacy legislation 7.31.2014

This is done too quickly to be comprehensive, but is intended as a first reaction to the Markey/Hatch privacy bill’s language.  – Barmak Nassirian.

  1. The bill is very narrow and does not attempt to address the main objections raised by parents and privacy advocates about the ways in which the 2008 and 2011 FERPA regs undermined educational privacy rights. Specific topics like the 2011 regs’ definition of “education program,” or “authorized representative” are left unresolved, with authorized representative only being referenced (infelicitously at that, since a comma is missing on page 2, line 23 before “and”) as an outside party that would be subject to unspecified security requirements.
  2. On the affirmative front, the language does specifically condition receipt of federal funds on “protection” of personally identifiable information, and requires ed agencies and institutions to impose that same requirement on any “outside parties” to whom they disclose PII. The problem here is that “protection” is undefined, and more importantly, that the issue is not so much protection of records from unauthorized access, but limiting the universe of entities and individuals who may inappropriately be granted authorized access. (Page 2, new section (4)(A) lines 7-19)
  3. The language prohibits receipt of federal funds by programs that use or disclose PII “to advertise or market a product or service.” This language is incomplete and problematic at a couple of levels. First, why not, at the very least, ban all commercial uses of PII? Why only marketing and advertising, but not sale of PII to improve software, develop for-profit tests, or design products? Second, there’s no distinction made between directory and non-directory information. (Would providing a list of students to a photographer taking yearbook pictures be a violations?) Finally, no distinction is made between non-consensual and consensual disclosures. The most comprehensive solution would be to ban all commercial uses as well as non-consensual disclosures to any entity without a legitimate educational interest as that term is defined and applied to school officials. There may have to be targeted exceptions for disclosures like transcripts (involving fees and very sensitive PII) or transactional interactions like the photographer example above. (New Section 5, page 3, lines 3-10)
  4. The amendment imposes new requirements on “outside parties” that are intended to parallel the “inspection, correction, amendment” provisions of existing law, but do so in an unorthodox and problematic way. First, absent a parallel notice requirement to parents and students, how would they even know about disclosure of PII to outside parties? Second, probably inadvertently but maybe not, the rights are provided for parents but not for students themselves, which opens a huge and very messy can of worms particularly with regard to postsecondary students. (I couldn’t review my records at my age, but my parents could?) Third, the language departs from the standard “inspection, correction, or amendment” and expands the list to “challenge,correct, or delete.” While this confusing language may arguably be viewed as an expansion of privacy rights, the rest of the sentence immediately takes back what the bill giveth, by limiting the rights only to “inaccurate, misleading, or otherwise inappropriate data” which are left undefined. Current law, of course, makes no such distinctions, and imposes no such limitations or burdens on students or parents, who may amend the record—with no mandate for adjudicating the veracity of its contents—as they see fit. (Pages 3, line 11 through page 4, line 17)
  5. The new section (7) in the bill explicitly requires data minimization, but proceeds to define it in a most unconventional manner as attempting to respond to “appropriate” (i.e., Legally allowed? Legally required? Something else?) requests for PII through provision of de-identified data, if such de-identified data meet the “effective” purpose of the request. Leaving the obscurity and vagueness of the terms aside, this language is oblivious to the enormous difficulty of robust de-identification (which goes well beyond dropping names and SSNs) and the relative ease of re-identification of putatively anonymized records. Subsection (B) of this section adds a data retention rule, which would require that data be destroyed once the original purpose for their initial disclosure has been met. This is a positive improvement on current law. (Page 4, line 18 through page 5, line 6.)
Blog

Our response to the Markey/Hatch student privacy bill introduced 7.30.2014

For immediate release: July 30, 2014

 

Rachael Stickland, 303-204-1272; [email protected]

Leonie Haimson: 917-435-9329; [email protected]

 

On the Markey/Hatch student privacy bill

 

Rachael Stickland, co-chair of the Parent Coalition for Student Privacy, said: “Though we appreciate the effort that Senators Markey and Hatch have undertaken on behalf of better privacy protections for students, their proposed legislative fix falls short of what’s needed; it sets no specific security standards for the storage or transmission of children’s personal information, allows unlimited disclosures and redisclosures  to for-profit vendors and other third parties without parental consent as long as the data isn’t used for marketing purposes, and doesn’t even require that schools and districts inform parents as to what personal information is being shared with which particular vendors.  Thus the clause that requires that parents be able to amend the information held by the vendor is nonsensical as its unclear how they would even know who to contact.” 

 

Said Leonie Haimson, the other co-chair of the Parent Coalition, “Nothing in this bill would have stopped the outrageous data-grab of inBloom, or any of the other companies set to take its place. We need a far stronger bill to do the job that parents are demanding:  protecting their children’s privacy and safety from breaches and  unwarranted data-mining.”

 

###

  

The link to the “Protecting Student Privacy Act ” is here.

 

Blog

Press Release 7.24.2014 – Louisiana

FOR IMMEDIATE RELEASE
July 24, 2014
For more information contact:
Leonie Haimson: [email protected]; 401-466-2262; 917-435-9329
Rachael Stickland: [email protected]; 303-204-1272
Lee P. Barrios: [email protected]; 985-789-8304
 
New Coalition Urges Congress to Listen to Parents and Strengthen Student Privacy Protections
A new national coalition called the Parent Coalition for Student Privacy released a letter this week to the leaders of the committees of the House and Senate Education Committees, urging Congress to strengthen FERPA and involve parents in the decision-making process to ensure that their children’s privacy is protected.
Many of the groups and individuals in the Coalition were involved in the battle over inBloom, which closed its doors last spring.  They were shocked to learn during this struggle how federal privacy  protections and parental rights to protect their children’s safety through the Family Educational Rights and Privacy Act (FERPA)  had eroded over the last decade. These parents represent a broad spectrum of personal, political, and religious beliefs but are united in their concern for their parental rights and the privacy of their children.  
The letter is posted here, and calls for Congress to hold hearings and enact new privacy protections that would minimize the sharing of highly sensitive student data with vendors and among state agencies and would maximize the right of parents to notification and consent.  The letter also asks for strict security requirements, that the law be enforceable through fines, and that parents have the right to sue if their children’s privacy is violated.
Lee Barrios, teacher,  member of the Coalition for Louisiana Public Education, Information Coordinator for Save Our Schools March, and PCSP founding member said that Louisiana parents crossed only the first hurdle in protecting their children with the passage of Act 837 during the 2014 legislative session.  The legislation was precipitated by parents whose investigations revealed that State Department of Education Superintendent John White had contracted with inBloom to store personally identifiable student information including social security numbers. The bill requires that the Louisiana Department of Education develop anonymous student identification numbers and the department will also be prohibited from seeing or keeping any personally identifiable data about a child. Students’ names, addresses and other information will only be maintained at the local school district level. 
St. Tammany parent Debbie Sachs, along with her daughter Rachel, became privacy activists as a result of Rachel’s realization that her personal information was targeted.  Rachel’s testimonies before legislative committees and the State Board of Education were compelling.  Ms. Sachs says, “It is a sad day when children have to take a day off of school to travel to Baton Rouge to ask legislators to please protect their right to privacy.  it is an even sadder day to see the chilling effect of the 21st century data mining in the classroom.  Children no longer feel safe using technology to submit essays, opinions, and other assignments.  Teachers and parents are becoming wary as well.”  In Rachel’s words, “Will this data be used against me?  It all comes down to fear.” 
 
Jason France, Baton Rouge parent formerly employed by LDE as an IT expert, said, “Information is proving to be the most valuable commodity of the 21st Century. We must all fight to keep ourselves and our society safe from the information prospectors that see us and our children as little more than their next Klondike while they conspire to chain us inextricably to their Big Data mines.”
 
Louisiana attorney and parent of four Sara Wood, who understands the legal and constitutional ramifications of massive data collection, said,Privacy is a foundational principle of freedom.  Freedoms are not absolute and they can be burdened by government action, however,  the integrity of that freedom is maintained by requiring due process and consent where applicable for government action.”  
Rachael Stickland, a leader in the fight for student privacy in Colorado and co-chair of the Coalition to Protect Student Privacy points out, “inBloom’s egregious attempt to siphon off massive amounts of sensitive student information and to share it with for-profit vendors took parents by surprise.  Once we learned that recent changes to FERPA allowed non-consensual disclosure of highly personal data, parents became fierce advocates for their children’s privacy.  We’re now prepared to organize nationally to promote strong, ethical privacy protections at the state and federal levels.”
Diane Ravitch, President of the Network for Public Education said: “Since the passage of FERPA in 1974, parents expected that Congress was protecting the confidentiality of information about their children. However, in recent years, the US Department of Education has rewritten the regulations governing FERPA, eviscerating its purpose and allowing outside parties to gain access to data about children that should not be divulged to vendors and other third parties. The Network for Public Education calls on Congress to strengthen FERPA and restore the protection of families’ right to privacy.”
“The uprising against inBloom demonstrated the extent to which parents will not tolerate the misuse of their children’s sensitive personal information,” said Campaign for a Commercial-Free Childhood’s Associate Director Josh Golin. “But parents cannot be expected to mobilize against each and every threat to their children’s privacy, particularly if they’re not even aware of which vendors have access to student data. It is critical that Congress take real steps to protect schoolchildren from those who see student data as a commodity to be exploited for profit.”
“Parents Across America, a national network of public school parents , emphatically supports this call for hearings as a first step toward reversing federal actions that have eroded parental authority over student data, and including even stronger privacy protections for our children,” said Julie Woestehoff, a Chicago parent activist and PAA secretary.  She added: “PAA recommends restoring parental authority over student data that was removed from FERPA by the US Department of Education, enacting state laws that include parental opt out provisions in any statewide data sharing program, strictly regulating in-school use of electronic hardware and software that collect student information, and including significant parent representation on any advisory committees overseeing student data collection.”
Lisa Guisbond, executive director of Citizens for Public Schools, a Massachusetts public education advocacy group, said, “Citizens for Public Schools members, including many parents, are deeply concerned about threats to the privacy of student information. We support hearings and strong legislation to protect the privacy of this data. Parents are increasingly left out of important education policy discussions. In this, as in all crucial school policy discussions, they must have a voice.”
“Parents will accept nothing less than parental consent, when it comes to their child’s personally identifiable sensitive information. As a parent of a child with special needs, I understand the devastation that confidential information used without my consent could have on my child’s future.  As a long-time advocate for people with autism and other developmental disabilities, I implore the U.S. House and Senate to put the necessary language back into FERPA to protect students and uphold the right of their families to control their personally identifiable data,”   said Lisa Rudley, Director of Education Policy, Autism Action Network and Co-Founder of NYS Allies for Public Education.
Emmett McGroarty of the American Principles Project said, “Regardless of intention, the collection of an individual’s personal information is a source of discomfort and intimidation.  Government’s broad collection of such information threatens to undermine America’s founding structure:  if government intimidates the people, government cannot be by and for the people.”
Leonie Haimson, Executive Director of Class Size Matters and co-chair of the Coalition, concluded, “Since inBloom’s demise, many of the post-mortems have centered around the failure of elected officials and organizations who support more data sharing to include parents in the conversation around student privacy.   We are no longer waiting to be invited to this debate.  It is up to parents to see that we are heard , not only in statehouses but also in the nation’s capital when it comes to the critical need to safeguard our children’s most sensitive data – which if breached or misused could harm their prospects for life.  We are urging Congress to listen to our concerns, and act now.”
For more information see www.studentprivacymatters.org
 
Lee P. Barrios, M.Ed., NBCT
985-789-8304
Debbie Sachs
985-626-3595
Jason France
225-892-4410
Sara Wood
985-727-1981 
Blog

Press Release 7.23.2014

FOR IMMEDIATE RELEASE

July 23, 2014

For more information contact:

Leonie Haimson: [email protected]; 401-466-2262; 917-435-9329

Rachael Stickland: [email protected]; 303-204-1272

New Coalition Urges Congress to Listen to Parents and Strengthen Student Privacy Protections

A new coalition called the Parent Coalition for Student Privacy released a letter today to the leaders of the committees of the House and Senate Education Committees, urging Congress to strengthen FERPA and involve parents in the decision-making process to ensure that their children’s privacy is protected.

Many of the groups and individuals in the Coalition were involved in the battle over inBloom, which closed its doors last spring.  They were shocked to learn during this struggle how federal privacy  protections and parental rights to protect their children’s safety through the Family Educational Rights and Privacy Act (FERPA)  had eroded over the last decade.

The letter is posted here, and calls for Congress to hold hearings and enact new privacy protections that would minimize the sharing of highly sensitive student data with vendors and among state agencies and would maximize the right of parents to notification and consent.  The letter also asks for strict security requirements, that the law be enforceable through fines, and that parents have the right to sue if their children’s privacy is violated.

Rachael Stickland, a leader in the fight for student privacy in Colorado and co-chair of the Coalition to Protect Student Privacy points out, “inBloom’s egregious attempt to siphon off massive amounts of sensitive student information and to share it with for-profit vendors took parents by surprise.  Once we learned that recent changes to FERPA allowed non-consensual disclosure of highly personal data, parents became fierce advocates for their children’s privacy.  We’re now prepared to organize nationally to promote strong, ethical privacy protections at the state and federal levels.”

Diane Ravitch, President of the Network for Public Education said: “Since the passage of FERPA in 1974, parents expected that Congress was protecting the confidentiality of information about their children. However, in recent years, the US Department of Education has rewritten the regulations governing FERPA, eviscerating its purpose and allowing outside parties to gain access to data about children that should not be divulged to vendors and other third parties. The Network for Public Education calls on Congress to strengthen FERPA and restore the protection of families’ right to privacy.”

“The uprising against inBloom demonstrated the extent to which parents will not tolerate the misuse of their children’s sensitive personal information,” said Campaign for a Commercial-Free Childhood’s Associate Director Josh Golin. “But parents cannot be expected to mobilize against each and every threat to their children’s privacy, particularly if they’re not even aware of which vendors have access to student data. It is critical that Congress take real steps to protect schoolchildren from those who see student data as a commodity to be exploited for profit.”

“Parents Across America, a national network of public school parents, emphatically supports this call for hearings as a first step toward reversing federal actions that have eroded parental authority over student data, and including even stronger privacy protections for our children,” said Julie Woestehoff, a Chicago parent activist and PAA secretary.  She added: “PAA recommends restoring parental authority over student data that was removed from FERPA by the US Department of Education, enacting state laws that include parental opt out provisions in any statewide data sharing program, strictly regulating in-school use of electronic hardware and software that collect student information, and including significant parent representation on any advisory committees overseeing student data collection.”

Lisa Guisbond, executive director of Citizens for Public Schools, a Massachusetts public education advocacy group, said, “Citizens for Public Schools members, including many parents, are deeply concerned about threats to the privacy of student information. We support hearings and strong legislation to protect the privacy of this data. Parents are increasingly left out of important education policy discussions. In this, as in all crucial school policy discussions, they must have a voice.”

“Parents will accept nothing less than parental consent, when it comes to their child’s personally identifiable sensitive information. As a parent of a child with special needs, I understand the devastation that confidential information used without my consent could have on my child’s future.  As a long-time advocate for people with autism and other developmental disabilities, I implore the U.S. House and Senate to put the necessary language back into FERPA to protect students and uphold the right of their families to control their personally identifiable data,”   said Lisa Rudley, Director of Education Policy, Autism Action Network and Co-Founder of NYS Allies for Public Education.

Emmett McGroarty of the American Principles Project said, “Regardless of intention, the collection of an individual’s personal information is a source of discomfort and intimidation.  Government’s broad collection of such information threatens to undermine America’s founding structure:  if government intimidates the people, government cannot be by and for the people.”

Leonie Haimson, Executive Director of Class Size Matters and co-chair of the Coalition, concluded, “Since inBloom’s demise, many of the post-mortems have centered around the failure of elected officials and organizations who support more data sharing to include parents in the conversation around student privacy.   We are no longer waiting to be invited to this debate.  It is up to parents to see that we are heard , not only in statehouses but also in the nation’s capital when it comes to the critical need to safeguard our children’s most sensitive data – which if breached or misused could harm their prospects for life.  We are urging Congress to listen to our concerns, and act now.”

###