Education Privacy in Peril

You may also like...

6 Responses

  1. Al says:

    Are you arguing that the protections against disclosure are inadequate, or that the information (or some subset thereof) should not be gathered at all absent an explicit cost/benefit analysis on the part of the government?

  2. Daniel Solove says:

    Al — I’m arguing the former — that privacy protections need to be significantly improved. I am not arguing that such information shouldn’t be gathered, though I am concerned about whether it can be gathered and amassed in ways that adequately protect privacy. I have doubts that the government will keep it adequately secure, will not start using it for other purposes down the road, will appropriately limit its disclosure, will provide sufficient transparency about the uses, etc. In a world where the government has a good proven track record to keep data secure, to use it only for limited purposes, and to not allow function creep to continually increase uses over time, I’d be much more sanguine about collection. The problem is that the government has a poor track record with regard to these things.

  3. Dissent says:

    Dan: You’re right on the money as to the security/data protection issues. I’ve been doing my own analyses of available audits in my state and they show an appalling lack of adequate security for student and employee personal and sensitive information. After discussions with my state, the auditor informs me that they have now started conducting more audits, including schools, on this issue.

    Even more troubling was an audit and follow-up of data security issues/protection in the NYC Dept. of Education. Long story short: horrific report in 2004 and the NYC DOE did not address most of the concerns at follow-up a few years later. I will be contacting city auditor to ask them to do another follow-up.

    Outside of my state, I have found extremely little evidence of any audits of school districts to determine whether sensitive student is being adequately protected. I suspect it’s the DOE’s version of “Don’t Ask, Don’t Tell.”

    I do not think the government should be allowed to amass more sensitive data until it demonstrates that it is adequately protecting the data it has already collected.

    I’ll let you know when I write up the results of my own inquiries.

  4. Dan: Great post. CLIP filed comments objecting to the proposed FERPA regulations.
    Many of the provisions are in direct contradiction with the statute itself and with the legislative history of FERPA. We also objected to the extraordinary reach of the data sharing proposed by the Education Department. For example, the proposal would allow test prep companies and the local dog wash training program to receive K-16 educational records (that now include data such as SSN, birthweight of a teenage mother’s baby, family wealth indicators, use of foul language in school …) Seems hard to justify.

    The real problem is that the longitudinal databases require new legislation to address privacy in an effective way.

  5. Bob Gellman says:

    I am glad to see more interest in education privacy. The recent FERPA NRPM is very troublesome. I worked with Pam Dixon at the World Privacy Forum on comments, which are available at:!documentDetail;D=ED-2011-OM-0002-0231.1

    My biggest concern is that this will lead to a cradle to grave database of everyone in an attempt to do a better job of teaching students. The goal is fine, but the methods are not. The risks are much greater than the rewards.

    There are some others paying attention to these issues. Joel Reidenberg’s 2009 study was a monumental job and a real eyeopener. There are a few voices in the educational community, and Chris Calabrese at the ACLU is another voice in the privacy community.

  6. Thank you to commenters 1-5 for sharing your expertise.

    I read most of the comments submitted to the recent FERPA NPRM. Many comments were from parents, stating their desire to control disclosure regarding their children. One person asked when the government was going to ask parents to hand them their children. Unfortunately, most parents remain uninformed about the quantity and specific PII shared by USED with ‘others’.

    I E-mailed USED asking them why they consider “place of birth” non-consensually disclosable via directory information, while at the same time stating you can’t disclose a student’s nationality, ethnicity or race without consent. The answer was they’re not the same. Really? I would imagine people born in Boise, Idaho are Americans.

    Congress needs a wake-up call. Yesterday’s and today’s education news is that Duncan continues to exchange $$ for data aka Race to the Top.

    Education New York comments submitted to FERPA NPRM: