The Parent Coalition for Student Privacy welcomes President Obama’s support for student privacy and suggests ways to strengthen his proposal:
Contact: Leonie Haimson, leonie@classsizematters.org, 917-435-9329;
Rachael Stickland, rachael.stickland@gmail.com, 303-204-1272
Parent Coalition for Student Privacy on President’s Announcement of
Need for new Federal Student Privacy Protections
The Parent Coalition for Student Privacy thanks the President for recognizing the need for new federal student privacy protections, but points out how the California law that the President lauded as a model cannot be used without strengthening its provisions around parental notification, consent, security protections and enforcement.
“Any effort to ban the sale of student information for targeted advertising is a good first step, but the White House’s proposal appears to allow companies to sell and monetize student data for unspecified ‘educational purposes,’ including to develop products that would amass enormous personal profiles on our children. Profiling children based on their learning styles, interests and academic performance and then being able to sell this information could undermine a student’s future. Parents want to ban sale of student data for any use and demand full notification and opt-out rights before their children’s personal information can be disclosed to or collected by data-mining vendors,” said Rachael Stickland, co-chair of Parent Coalition for Student Privacy.
Leonie Haimson, Parent Coalition co-chair and Executive Director of Class Size Matters said, “We also need strong enforcement and security mechanisms to prevent against breaches. Schools and vendors are routinely collecting and sharing highly sensitive personal information that could literally ruin children’s lives if breached or used inappropriately. This has been a year of continuous scandalous breaches; we owe it to our children to require security provisions at least as strict as in the case of personal health information.“
Here is a summary of the gaps and weaknesses in the California student privacy bill, which the President said should serve as a model for a federal law:
· Bans vendors using personally identifiable information (PII) student data to target advertising or selling of data, but not in case of merger or acquisitions, or presumably in case of bankruptcy, as in the recent Connectedu case. The President’s proposal would be even weaker, as it would apparently allow the sale of student data for unspecified “educational purposes”;
· Only regulates online vendors but not the data-sharing activities of schools, districts or states;
· Provides no notification requirements for parents, nor provides them with the ability to correct, delete, or opt out of their child’s participation in programs operated by data-mining vendors;
· Unlike HIPAA, sets no specific security or encryption standards for the storage or transmission of children’s personal information, but only that standards should be “reasonable”;
· Allows tech companies to use children’s PII to create student profiles for “educational” purposes or even to improve products;
· Allows tech companies to share PII with additional and unlimited “service” providers, without either parent or district/school knowledge or consent – as long as they abide by similarly vague “reasonable” security provisions;
· Allows tech companies to redisclose PII for undefined “research” purposes to unlimited third parties, without parental knowledge or consent –without requiring ANY sort of security provisions for these third parties or even that they have recognized status as actual researchers;
· Contains no enforcement or oversight mechanisms;
· Would not have stopped inBloom or other similar massive “big data” schemes designed to hand off PII to data-mining vendors – and like inBloom, would also be able to charge vendors or “service providers” fees to access the data, as long as states/districts consented.
###
Diane Ravitch's blog 
Sorry to say but President Obama is not credible on education policy.
LikeLike
It should go without saying by now that Obama cannot be trusted with this. If he’s starting with legislation that is already problematic, you know it will be watered down to nothing by the time he’s done with it.
LikeLike
It’s a win for the student privacy people, though, that Obama feels he has to offer something. Just a couple of months ago DC met with the industry and tried to sell the pinkie-swear “privacy pledge” as actual regulation:
“Out of that conversation, two industry-backed groups — the Future of Privacy Forum and the Software & Information Industry Association — developed the student privacy pledge to address many of the major privacy concerns. The pledge includes 12 commitments to do or not do certain things with student data, including not selling it, not building student profiles for purposes other than school, and clearly disclosing how data is used in contracts and privacy policies. And it addresses some of the perceived weaknesses of federal legislation on student education record privacy, as well as the major issues that state legislatures dealt with in their new laws.”
http://www.centerdigitaled.com/news/Student-Data-Privacy-Pledge.html
It seemed fairly obvious to me that the unenforceable “privacy pledge” was intended to preempt real regulation.
LikeLike
One wonders. Privacy for ANYONE anymore. Adults and now even our children? A country which believes in democratic principles, a Constitution which guarantees us “liberties”? Do we REALLY believe in these, can we believe in them with what is going on?
Our history is not always compatible with that in which we are taught to believe. All men are created equal espoused by those who owned slaves. We formulated treaties with the native Americans and broke all of them. Ever read “Bury My Heart at Wounded Knee”? The Ku Klux Klan etc etc. And now to whom is our Congress responsible, common people or to moneyed interests?
Eternal vigilance the price of liberty.
Is that really happening?
LikeLike
Check out Louisiana’s Act 837 for a strong privacy/data sharing bill.
LikeLike
This is all well and good to protect students’ personal information from commercial companies but what about section 9538 of the NCLB Act which allows the military to collect student information? How about those students who take the Armed Services Aptitude Battery Test (ASVAB) where students are required to provide personal data such as race, ethnicity, phone numbers and even social security numbers? Another way the Pentagon collects personal data on young people is through use of JAMRS — the Joint Advertising Market Research Survey which are companies contracted out by the Pentagon — such as yearbook publishers and class ring companies in order to obtain information which recruiters utilize to entice young people to enlist. If young people and their parents are fully informed about the pro’s and con’s of military service, then good. However, when students are targeted and parents/guardians are often unaware of their minor son or daughter being singled out, then many of us have a problem with that kind of situation.
LikeLike
The corporate educatoin reformers will not like that. They don’t want anyone to have privacy except them. The corporate reformers want to be totally opaque while every one else is transparent to them.
LikeLike
Actually, two student privacy bills were enacted in California last year. One was SB 1177, authored by Darrell Steinberg, which imposed conditions and requirements on operators of online services and applications. This is apparently the bill referenced in this post. The other was AB 1584, authored by Joan Buchanan, which I staffed. The approach of AB 1584 was to impose requirements on the contracts that are entered into between a school district and a provider of online services or instructional applications. These requirements fill the “gaps and weaknesses in the California student privacy bill” cited in this post. For example, contracts must contain the following: (1) a statement that pupil records continue to be the property of and under the control of the local educational agency; (2) a prohibition against the third party using any information in the pupil record for any purpose other than those required or specifically permitted by the contract; (3) a description of the procedures by which a parent, legal guardian, or eligible pupil may review personally identifiable information and correct errors; (4) a description of the actions the thrid party will take to ensure the security and confidentiality of pupil records; (5) a certification that pupil records shall not be retained or available to the third party upon completion of the terms of the contract and a description of how that certification will be enforced; and (6) a prohibition against the third party using personally identifiable information in pupil recored to engage in targeted advertising. Any contract that fails to comply with any of these requirements shall be rendered void. We did have to make some changes to accommodate concerns voiced by the industry, but we believe this is still pretty strong language. This bill may not have stopped inBloom, but it would have required inBloom to make some fundamental changes to its business plan in order to protect the privacy and confidentiality of students in California.
LikeLike
To Lloyd:
Thank you Lloyd, and it is worth to repeat over and over your warning that:
1) The corporate reformers want to be totally opaque while every one else is transparent to them.
2) They don’t want anyone to have privacy except them.
Please readers pay attention to the above sentences from the most experienced and veteran educator, Mr. Lloyd Lofthouse.
Most of all, please be vigilant to the way of wording from the corporate reformers.
From our assumption of “STUDENT PRIVACY” to the corporate reformers intention of “INDIVIDUAL and/or ADULT PRIVACY” to cover their *ss with the simple reason of High school students who are matured at the age of 18+. Back2basic
LikeLike
As disturbing as the commercialization of student data is, I have found it even more disconcerting how apathetic students are to these breaches of their privacy. Whenever I have conducted lessons that include warnings about privacy issues on the internet or related to corporate practices, too many of them shrug and act like it’s no big deal. They have been raised on the sharing of personal information, so that privacy is practically a foreign concept. They in fact pursue more and more exposure. Vendors collecting information from things like reward cards or cookies seems quite normal to them.
LikeLike