As the appetite for educational data on students has grown across the K-12 sector, so has the stated desire among many state lawmakers to try to protect the privacy and security of sensitive student information.
Spurred by concerns that the rise of education technology and the increasing prevalence of new assessments will place student data in unreliable hands or be put to nefarious uses, lawmakers in dozens of states have acted this year to clarify who has what access to student data and to specify the best practices for shielding that data.
In total, for the 2014 legislative sessions, 83 bills in 32 states have addressed student-data protection issues, according to the Data Quality Campaign, a Washington-based group that seeks to promote the use of educational data to inform classroom and policy decisions.
Good Governance
New York has created a chief privacy officer at the state level to coordinate the protection of personally identifiable student data, a move that Arizona, Tennessee, and West Virginia have also considered.
An Idaho law adopted this year requires districts to adopt model policies governing the sharing of data.
And nine states have considered bills based in part on a new law approved last year in Oklahoma that requires the state education department to publish the inventory describing the data it collects on individual students, and also limits the conditions allowing student data to be shared.
The American Legislative Exchange Council, a Washington-based, conservative policy group, has also written a model bill for student-data use that includes the creation of a chief privacy officer.
But approaches focused on general transparency, disclosure, and oversight haven鈥檛 satisfied everyone. Some lawmakers in states like Florida and Kansas have also acted to protect information ranging from biometrics to the political and religious affiliations of students and parents.
And while the Common Core State Standards themselves don鈥檛 make any new demands for student data, concerns by parents and others about the standards鈥 links to a broader thirst for student information have also driven the political dialogue.
In March, after months of such opposition, New York state dropped its partnership with inBloom, an Atlanta-based education nonprofit that provides software to store and synthesize student records in order to improve instruction.
Reginal J. Leichty, a partner at EducationCounsel, a Washington-based consulting firm, said states鈥 legislative efforts in general at addressing the issue have been 鈥渕ixed鈥 in terms of creating a safe environment for data where such information can also be put to good use.
States are looking at a variety of approaches toward regulating student-data privacy and assuring protections. Here鈥檚 a sampling of noteworthy legislation.
Idaho
A newly enacted law vests authority over student-data use with the state board of education, which has to file annual reports about what types of student data are being collected and any breaches in data security. It also requires districts to adopt policies governing student data.
New York
As part of a budget deal approved by lawmakers, the state will create a new position of chief privacy officer to work with local education agencies and make recommendations about the best ways to protect student data.
Florida
A bill that passed the state Senate last month would prohibit collection of students鈥 biometric data, such as fingerprints and retinal information.
Kansas
A measure that originated in the state Senate would prohibit the collection of biometric data as well as any information about students鈥 or their parents鈥 parents religious and political beliefs.
SOURCE: 澳门跑狗论坛
鈥淭hey are responding to some legitimate concerns about how our society deals with student data. I think there鈥檚 always danger in legislating with overreach,鈥 he said.
States need to balance the desire for data protection and security with the significant value such information can have on states鈥 longitudinal data systems as well as local school districts鈥 efforts to craft better instructional practices, said Paige Kowalski, the director of state policy and advocacy at the Data Quality Campaign.
The best bills, Ms. Kowalski said, establish clear responsibilities and policies for data without necessarily eliminating certain types of data from being collected at all.
鈥淗ow do we ensure that the right data is collected, that there is governance to collect and share, protect, and access this information?鈥 Ms. Kowalski said. 鈥淚t鈥檚 that governance piece that is so crucial.鈥
The author of the Idaho bill that became law, Sen. John Goedde, a Republican, said that he tried to hew to a course that would protect state data and create clear areas of responsibility. He said the state school board has the capacity to help districts and set policy, and therefore the state school board should oversee data policy. (The Oklahoma law also places responsibility for securing statewide data with the state board.)
Power Over Data
Taking the approach of recently defeated legislation in Georgia, which could have cut off teachers鈥 access to student data, would have been off the mark, Mr. Goedde said.
鈥淚t鈥檚 a basic tenet of conservatism that you try to get the best bang for your dollar. And that means you have to have some way of assessing whether your education system is working. And without data, there鈥檚 no way to do that,鈥 he said. 鈥淭he same people that are concerned about the collection of data want accountability for their tax dollars.鈥
Sheila Kaplan, a researcher and advocate at Education New York, helped write a proposal for creating a chief privacy officer, which eventually became part of New York state鈥檚 budget deal this year. That state officer is key, Ms. Kaplan said, because he or she will be 鈥渢he person who informs the public about privacy in this state.鈥
鈥淭his bill gives districts control of the data,鈥 she said, noting that her language was separate from that of ALEC.
But legislators in some states favor that prohibitions on specific types of data, or at least on giving parents greater power over what gets shared.
In Florida, legislation that has passed the state Senate, authored by GOP Sen. Dorothy Hukill, would prohibit schools from collecting biometric data on their students, including information like fingerprints. Legislation in Kansas carries the same prohibition, and also bars schools from collecting information about the political and religious affiliations of both students and parents.
Rep. Amanda Grosserode, a Republican, who worked on that legislation in the Kansas House of Representatives, said lawmakers saw no reason not to include the ban on biometric-data collection, and that it was a preemptive measure. If in the future biometric data ends up being truly useful for instructional purposes, she added, the law can always be changed.
鈥淭his bill ended up crossing multiple ideological viewpoints. So it was supported across the spectrum,鈥 she said.Rep. Grosserode added that while the common core may have been the genesis of data-privacy worries in communities, she ultimately didn鈥檛 consider the legislation a 鈥渃ommon-core bill.鈥
Heated Issue
The privacy issue continues to generate great interest and鈥攐ccasionally intense pushback鈥攔ooted in concerns about data breaches and a lack of understanding among parents about how their children鈥檚 data might be disseminated and used.
Last month, after months of such opposition, New York state dropped its partnership with inBloom, an Atlanta-based education nonprofit that provides software to store and synthesize student records in order to improve instruction.
But the creation of a chief privacy officer in New York state and the end of inBloom鈥檚 work won鈥檛 satisfy the fundamental concerns some people harbor about how student data is collected and used.
Last year, state Assemblyman Daniel J. O鈥橠onnell, a Democrat, introduced a bill that would prohibit both the state education department and districts from sharing personally identifiable student data with any third parties without parental consent. Districts could decide individually if their consent policies would require frequent or infrequent requests for consent from parents, he said.
The lingering challenge after the most recent policy changes in New York state, according to Mr. O鈥橠onnell, is to prevent districts from entering into their own agreements through which hundreds of data points about students are used for marketing and other commercial purposes, or are stored and accessed in other inappropriate ways.
鈥淭hat鈥檚 where the next wave of protecting people鈥檚 private information is. Do we have an expectation that what鈥檚 happening in their lives, and what medications they鈥檙e on, and what education they鈥檙e getting ... is not stuff that should be stored forever, accessible to others?鈥 said Mr. O鈥橠onnell.
He rejected the argument that sensitive student data, when shared with and put to use by third parties, is truly useful for instruction. But data advocates like Ms. Kowalski say that using attendance, test scores, grades, and other data to inform 鈥渆arly warning systems鈥 and ultimately help schools formulate plans to get individual students back on track is something new data laws in states should enable, not shut down. She compared such use of data to doctors who help patients switch from smoking two packs of cigarettes a day to a healthier lifestyle.
鈥淭he goal of this is not to be able to ignore you,鈥 she said.
And Ms. Kaplan argued that forcing parents to navigate how they should judge sophisticated uses of data could mean that even mundane matters like putting students on the correct school bus routes would be fouled up.
Learning as They Go
Part of the difficulty for states is that they traditionally haven鈥檛 provided much support when it comes to compliance with federal regulations governing individual student data like the Family Educational Rights and Privacy Act (known as FERPA), said Bob Moore, the founder and chief consultant of RJM Strategies, a consulting firm based in Overland Park, Kan.
The concerns extend beyond the data-sharing and longitudinal systems used by districts and states. States and districts still need to work on the 鈥渨idespread lack of awareness鈥 about how online services and applications that teachers find useful might actually endanger student-data privacy.
鈥淚t鈥檚 easy to blame the classroom teacher, but I don鈥檛 think that鈥檚 fair,鈥 Mr. Moore said.