Redouble Focus on Data Privacy, White House Report Urges
Privacy issues cited, few policy specifics
The impact of a recent White House report on "big data" on privacy in K-12 education remains to be seen, but observers agree it has captured the issue accurately, without necessarily charting a clear course for resolving the challenges surrounding the issue.
The"Big Data: Seizing Opportunities, Preserving Values" report, released by John Podesta, a counselor to President Barack Obama, on May 1, includes a policy recommendation to ensure that data collected on students in school are used for educational purposes. "Schools and districts … must retain 'direct control' over that information," the report says.
Such data in education encompass information including students' grades, standardized test scores, attendance, demographics, and disciplinary records.
Technological innovations, including new online course platforms that provide students with real-time feedback—and generate more data—"promise to transform education by personalizing learning," the report states. "At the same time, the federal government must ensure educational data linked to individual students gathered in school [are] used for educational purposes, and protect students against their data being shared or used inappropriately."
That finding garnered fairly universal praise. But the route to getting there is a murkier matter.
"It's going to take more than an aspirational statement to make that happen," said Joel R. Reidenberg, a law professor at both Fordham University, in New York, and Princeton University. He worked on the "Privacy and Cloud Computing" study released in December by the Fordham Law School's Center on Law and Information Policy, an analysis that uncovered "substantial deficiencies" in policies governing cloud-based technologies and their protection of private student data.
Modernizing the Framework
The White House report, which was produced after President Obama asked earlier this year for a comprehensive review of policy issues at the intersection of big data and privacy, recommends modernizing the privacy regulatory framework that governs how student data are handled, but it's unclear how that updating would be likely to occur.
The framework that protects students includes the Family Educational Rights and Privacy Act of 1974, or FERPA, and the Children's Online Privacy Protection Act of 1998, or COPPA. They have come under fire recently from some privacy advocates as being antiquated in this high-tech age of data collection, cloud data storage, and data-mining.
FERPA, which was written before the Internet was widely available to the public, aims to protect disclosure of the personally identifiable information contained in children's education records. And COPPA, which requires parental consent under certain conditions for the online collection of personal information from children under age 13, was written before the age of smartphones, tablets, apps, the cloud, and big data itself.
Modernizing that technology framework would protect students from having their data shared or used inappropriately, especially when that information is gathered in an educational context, the report indicates. Secondly, it would "ensure that innovation in educational technology, including new approaches and business models, have ample opportunity to flourish," according to the report.
"When they say 'modernize,' we say, 'build upon' because I don't want to get away from the privacy protections that current laws already afford," said Khaliah Barnes, a lawyer for the Washington-based nonprofit Electronic Privacy Information Center, which filed 14 pages of comments on big data for the White House report before it was released.
The Software & Information Industry Association, a trade group for technology businesses, concurred about the value of big data to support student learning. However, the group said in a statement, "modernizing privacy rules need not involve new legislation," since FERPA and COPPA guidance was recently updated.
Last November, Sen. Edward J. Markey, a Massachusetts Democrat, and Rep. Joe Barton, a Texas Republican, introduced the Do Not Track Kids Act, which would extend online and mobile COPPA protection to children up to age 15. Both pieces of legislation have been referred to committee.
Sen. Markey has also announced his plan to introduce legislation that would update FERPA, prohibiting student data from being used for commercial purposes, and giving parents the right to access their children's personal information and amend it if it's incorrect, among other proposed provisions.
While federal lawmakers are still deciding what moves to make, if any, state legislatures have been virtually hyperactive on the privacy-protection front.
Ninety privacy-related bills in 33 states have been proposed this year, said Kristin A. Yochum, the director of federal policy at the Data Quality Campaign, a Washington nonprofit that advocates with state policymakers and others for the improved use of data.
Bills passed in Oklahoma last year and in Maryland in 2010 are examples of legislative initiatives that have succeeded. "The contents were slightly different, but both ultimately ensured that data can be well safeguarded and used to improve student achievement," Ms. Yochum said.
To Keith R. Krueger, the CEO of the Consortium for School Networking, state policymakers' fast moves to address privacy concerns are being handled "sometimes wisely, sometimes not," he wrote in an email. "From that perspective, the report may be too late. We expect that conversation will increasingly move to the community and school board level, so this is a way to frame that discussion."
The next question, according to Ms. Barnes at the electronic-privacy organization, is how the U.S. Department of Education is overseeing and enforcing FERPA. The department is empowered to investigate schools, either in response to a complaint or at its own behest, to monitor compliance.
With that issue in mind, Ms. Barnes' organization has requested information about the specific FERPA complaints received since 2008 regulations went into effect, the number of investigations the department has conducted in response to them, and the results. She expects to have a report on the outcome of that inquiry later this year.
Vol. 33, Issue 31, Page 26