What Are Schools Doing with Your Kids’ Data?
Your child may be a history buff or a math whiz. He may excel at soccer or poetry. She may be planning for a career as a doctor or a lawyer. Each kid is unique, but there’s one thing all students have in common: They are data-generating machines.
It’s not just their test scores and attendance records getting socked away. Every student in every school district generates hundreds of data points each year — from their race and gender to their economic status, behavioral issues, biometric data, health status, and more. This tsunami of data is then absorbed and stored by school districts, state databases, educational service providers, websites, and app makers.
Of course, schools have been collecting data on students since there have been schools. In the past, though, this information was squirreled away in filing cabinets or just on computers used in district offices. Now it lives in the cloud, and it’s being accessed by non-educators who want to apply the principles of big data analysis to it.
What could go wrong? Plenty. Potentially damaging information about your child’s medical conditions or behavioral issues could accidentally leak or be exposed by hackers. Private companies could decide to use the information for commercial purposes. Potential employers, insurance companies, or other government agencies may someday lobby to get their hands on this data.
As our children head back to school this fall, student privacy is an issue that should be on every parent’s mind.
Big data, big problems
This massive data collection effort is being undertaken almost entirely with good intentions. By creating databases that collect information over a long period, researchers, for example, hope to identify patterns in the data and use them to improve how kids learn. If the data showed that students who miss 10 or more school days in seventh grade are 70 percent more likely to drop out three years later, educators could use that to identify at-risk kids and intervene earlier.
Here’s where it gets sticky. Many school districts lack the technical expertise to create and manage these databases, so they outsource the job to professional geeks. This is why, in 2008 and 2011, Congress amended the Family Educational Rights and Privacy Act (FERPA) to allow authorized third parties to access sensitive student data.
Contractors have to follow the same rules as school officials when handling this data — which means they can’t sell it or use it for non-educational purposes. But it’s not clear that anyone is making sure these third parties are actually following the rules or protecting the data adequately, and the penalties for abusing the data are minimal. (A bill that prohibits commercial use of student data was introduced by Sens. Ed Markey [D-Mass.] and Orrin Hatch [R-Utah] in June. It’s currently in committee.)
I reached out to Kathleen Styles, chief privacy officer for the U.S. Department of Education, about these concerns.
“We provide regular FERPA guidance for schools on how to protect student privacy, give technical assistance to states, and established the Privacy Technical Assistance Center to provide that hands-on help,” she replied via email. “While we have seen some security breaches in schools — with both paper and digital records — we have seen few significant instances of systemic misuse of student data. We cannot ask our schools to choose between privacy and progress.”