Saturday, November 19, 2016

Student data- Who collects it? Who controls it? Who can access it? What can happen to it? What can we do?


There have been a few high profile data breaches of educational data in the news recently.  On 11/17, it was reported that an employee of Chicago Public Schools had illicitly distributed student information to a charter school operator for advertising purposes.  There have been a number of data breach incidents involving higher education, with Michigan State University reporting an incident this week.  Locally, both University of Maryland and Johns Hopkins University have had student information breaches in the past couple of years.  There was even a major data breach for  Baltimore City Employees this past spring.  Our information is out there, and relatively easy for non-authorized people to obtain.  We know how damaging that can be for adults.  What is the potential impact of students as victims in data theft?
 
Is it right to collect so much data on our youth?   How much information is actually needed versus how much is actually collected?  Are proper procedures in place for data security, for data destruction, and for the authorized intake of data?


Who collects it?


Teachers, schools, districts, states, the federal government and any number of third party organizations that provide services for various educational systems.


Who controls it?
Control of data depends on the provider.   One of the biggest issues is the educational department's proposal to create a national clearinghouse for student data.  "A federal data clearinghouse of student PII (personally identifying information) could effectively create lifelong dossiers on nearly every individual in the nation."
"The Education Department has plans to build a system of records that will collect detailed data on thousands of students — even though experts say there are not sufficient safeguards to protect student privacy. [...] Supporters of the creation of a federal database say it will help schools better counsel students about their post-secondary education and help policymakers make smarter decisions. Critics are concerned that the data will be misused, released to third parties — or hacked."
Will Trump Care About Student Data Privacy?

Who can access it?
Theoretically students can, as well as parents.  

 This is a four-minute video giving an overview of FERPA rights for students and families, outlining the right to see and even challenge student records.
 



There is some concern with third party access to data.  The Privacy Technical Assistance Center (PTAC) was developed by the government to create a one-stop shop on issues of privacy and data.  The following link gives some suggestions for what to look for and what to avoid with terms of service agreements with third-party organizations, to try to limit the mining of student data for "other uses."

PTAC Recommended Terms of Service

 What can happen to it?
Data breaches including deleting, or altering information, hacking, deleting, marketing, tracking for non-educational purposes such as survelliance or discrimination,  public release of private information, etc.

Data breach response training kit PTAC

 What can we do?
As leaders, follow and keep up to date on risks with data usage.   The PTAC released a case study examining some of the best practices regarding accessing personally identifying information.
Best Practices for Minimizing PII Access  

In addition, the following suggests five steps toward proactive data collection and maintenance.


 

Screenshot from Student Data Privacy- 3 Conversations to watch in 2016

Recommendations for the Federal Role Safeguard Data



1. Ensure that federal laws provide a strong foundation to protect student information in a constantly changing and increasingly digital school environment.

2. Ensure that the federal government coordinates across agencies to provide clarity to those on the ground as to how privacy laws work together.

3. Support state and local capacity to safeguard data.


The State Role in Safeguarding Data
"States play a critical role in developing, enforcing, and communicating policies that build on the foundation of federal privacy laws. State policymakers need to implement laws and policies that ensure that quality data is available while also keeping sensitive information secure. States must also go beyond compliance with federal and state laws and create robust and innovative data governance and privacy policies, engaging with the public to build value and trust in the use of education data."