In my April 24 blog post on Alabama’s decision to kill anti-Common-Core legislation, I mentioned that opponents have linked the standards, without citing specifics, to technology they allege the federal government is developing to track students’ facial expressions in classroom.
However, others also have voiced concerns about student privacy involving academic data and the common core. One has recently cropped up in Louisiana, and it involves state Superintendent John White’s decision to withdraw student data from inBloom, a nonprofit organization, and to have discussions with parents in the state about privacy concerns about data being stored that included students’ age, sex, and grade level. The Louisiana controversy could also offer some lessons on how states handle privacy in education in the years ahead, with all the emphasis on tracking students’ academic progress.
“Any product that could help our kids, and help our teachers help our kids, is something that we’re going to at least take a look at,” White said when I interviewed him April 26. “We’re going to go to our families and have a discussion about our data-storage practices, not having anything to do with inBloom.”
What is inBloom? According to the corporate language on its website, it is “a nonprofit provider of technology services that allow states and public school districts to better integrate student data and third-party applications to support sustainable, cost-effective personalized learning.” It gets philanthropic dollars from the Carnegie Corporation of New York and the Bill & Melinda Gates Foundation (which also provides support to Education Week and edweek.org). You can get a sense of inBloom’s goals from its website’s “core components” section, where it talks about connecting student data to actual instruction using the appropriate technology, and using information from both state and local sources.
Other districts partnering with inBloom include New York City, two districts in Illinois, and one district in North Carolina. However, other than Louisiana, no state is working wholesale with inBloom, although three others, Delaware, Georgia, and Kentucky, are slated to have pilot programs this year.
In Louisiana, White said, the state had been storing student data with inBloom so that vendors in the state’s Course Choice program, which allows students to enroll in academic and career education programs offered by institutions from around the state, could verify basic student information like name, sex, and birth date submitted by parents in Course Choice applications.
The News Star in Monroe, La., has a rundown about White’s recent decision regarding inBloom. White announced roughly a week ago that Louisiana was stopping the state’s involvement with the inBloom database so that the state could discuss the issue further with the public. The decision came just a few days after White reiterated his support for the state’s arrangement with inBloom to the state Board of Elementary and Secondary Education (BESE).
“I’m confused,” BESE member Lottie Beebe told the paper after White’s change of heart. “The other day (he said) it was the best thing since mom’s apple pie!”
What’s the issue? InBloom has a “privacy commitment” page where it tries to allay fears about violations of students’ privacy. It says, for example, that, “Neither inBloom nor any other participating agency or vendor may sell, assign, lease or commercially exploit confidential student data,” and that its backers, like the Gates Foundation, don’t have any access to that confidential data.
Beyond being used for verification, Louisiana student data with inBloom didn’t migrate to any Course Choice providers, White stressed: “No data are shared with any vendor.”
But that kind of argument cuts no ice with groups like Class Size Matters, which is led by Diane Ravitch ally Leonie Haimson and lobbies for small class sizes. Class Size Matters has accused inBloom of doing the opposite of what it pledges with respect to privacy: “The plan to share personally identifiable & highly confidential student data in such an unrestricted manner, in an open-ended time frame, without parental notification or consent, is unprecedented in U.S. history, and would violate both FTC [Federal Trade Commission] and HIPAA [Health Insurance Portability and Accountability Act] protections if they had authority over student records.”
The privacy of student data was also a concern mentioned in the resolution adopted by the Republican National Committee earlier this month officially opposing the common core. (InBloom has said that the common core will require new technology and data platforms like the kind inBloom will support.) The resolution does not mention inBloom specifically, however.
The privacy and security section of inBloom’s website states that, “inBloom, Inc. cannot guarantee the security of the information stored in inBloom or that the information will not be intercepted when it is being transmitted.”
When I asked White about this language, he responded, “I don’t know. I’m not a lawyer and I can’t speak for them.”
According to a letter inBloom’s CEO Iwan Streichenberger sent to districts it was working with (and posted on Twitter by education writer Audrey Watters), Louisiana has decided to “pause” its “fast-track implementation” to talk further with the state board and others. Louisiana only got on the “fast-track” implementation recently, after initially being on a “slower” one, he wrote. He referred to White’s action as a “pause,” and that inBloom supported his decision.
“The pause also supports Louisiana’s efforts to transition from using Social Security numbers (SSNs) to randomized student I.D. numbers, in keeping with inBloom’s requirements and with industry best practices,” Streichenberger wrote.
In response to Streichenberger’s comments about a “pause,” White said, “I don’t really know what it means,” and stressed that the state no longer had student data stored with inBloom.
Until recently, inBloom had allowed states and districts to apply for a waiver from the group’s policy in order to use student Social Security numbers for data purposes, but inBloom said it never granted such a waiver and now no longer will grant them.
White had previously expressed confidence that no student data would be misused through Louisiana’s relationship with inBloom, and compared the data-storage deal to parking a car in a garage. He told me that the decision to withdraw data from inBloom did not contradict his earlier statements in support of the arrangement, and only represented his concern that parents better understand how this kind of process works in general, not specifically with inBloom.
He didn’t specify whether he’d be interested in re-establishing the state’s prior relationship with inBloom, or what kind of public outreach to parents he would consider sufficient before proceeding further.
“We owe our families and our educators a continued view of what are the tools that can help kids learn,” he said.
He also noted that the Family Educational Rights and Privacy Act would cover arrangements Louisiana would have with any vendor.
The long-term question is, how will state education departments and others in the education community approach such issues going forward, especially with concerns about inBloom’s practices coming from both sides of the political spectrum?
My colleague Katie Ash at the Digital Education blog also recently wrote about these concerns at the ASU/GSV Education Innovation Summit in Arizona.