Wednesday, October 14, 2015

October 7th Interim Study on STUDENT PRIVACY AND DATA COLLECTION


October 7, was the second interim study on Student Privacy and Data Collection at the Oklahoma State Capitol. Representative Jason Nelson called for the study and chaired a very enlightening and educational session related to the necessity of, and wherewithal to keep student data from being used alternatively to state law (HB1989).

Because of an accident in which I dislocated my knee, I was unable to be available at the Capitol, but I listened online through the OkHouse.gov website (here is the archived audio if you'd like to listen) and took copious notes over the speakers present. What follows is a very cursory - but hopefully legible - set of notes from the study. Please take the time to review these notes and the associated links. Please, realize that you as the parent have all the power here to keep your child safe. (As a legislator, you have quite a bit of information here by which to modify HB1989 to protect the privacy of Oklahoma students.) Know the educational programs/apps being used by your student at their school. Opt them out of any program/app that might collect your child's data - especially if you've not been informed of this kind of practice.

Don't forget...we've written a lot about student privacy - including this, "Student Privacy? What Privacy?". You may search our blog using any search terminology that interests you to find more information on this topic.

Speakers are listed in order from first to last. Please note: ROPE does not necessarily agree with all the comments made here. This is simply a transcript of what was said, not how what they've said - or not said - aligns with our own research and study.


*Bus routes, health/sports, lunches all have programs that usurp student personal data. Apps generate a lot of information about kids and then outsource that to third party vendors. For example; a kid uses Skype for a research paper at school. The transaction data is known by Skype. At any point, Skype can begin to develop information on a child that can be very revealing simply by taking enough data to reveal patterns.
*Google apps for education such as Google Docs are free programs for schools. What happens when a student writes an essay on terrorism and shares it? Where does that information go? Who sees it? Once it's on line, it can be data mined.
*The research Reidenberg has done indicate that 40% of all data vendors to public school had no legal obligation to protect student privacy. They also found that most programs haven't been vetted by anyone at the school.
********FERPA/Buckley Amendment: gets a FAILING GRADE at 40 years old. FERPA doesn’t provide privacy protection for students and families. There is a confidentiality statute for student/educational records – according to Supreme Court – but it only applies to a hard copy permanent record maintained by the school. It also only applies to school districts that receive federal funds. FERPA doesn’t apply to vendors. In fact, the only remedy under FERPA for a data breech is to withhold federal funds which has NEVER BEEN DONE IN 40 YEARS! Families have no rights under FERPA and the Supreme Court has made that abundantly clear.************************
*Vendors have no privacy responsibility. Vendor contracts have been studied and have been found to lack student privacy protections.
*The definition of "Educational Record"is a real problem under the law. So many things today are not classified under educational record, that families/schools have no recourse against vendors for student privacy breaches.
*Need to specifically and narrowly define ‘educational uses’ – when can student data be used? Should schools be supplying data to commercial operations to develop and devise various kids of commercial products? Commercialization of data from schools is just left by the wayside – rarely ever addressed.
*An Institutional Review Board process is not involved in any of the data collection programs/apps yet any legitimate research studies done on students/children/individuals have to follow IRB rules.
*Transparency for families is not being followed through FERPA. Public Records Requests don't work. In fact, 40% OF DISTRICTS INCLUDING Oklahoma City haven't responded to public records request.
*There are neither data security obligations nor remedies included in FERPA. States have a critical role to play – without effective student privacy protection, technology can’t be used without trust in the community.  An excellent example here is Connect EDU/InBloom.
*Congress hasn’t done anything on this, but really, the states should be leading the way on this because the kids live in the communities represented by the school misusing data. The consequences of state inaction on the issue of lack of FERPA compliance is that the state's children will be at a substantial risk of loss of privacy.
*States can be very effective when providing a student privacy officer through local schools.
*Anytime data is collected via computer via third party vendor it has a data dictionary and a code to identify what that information is to be used for. Data creep is a common problem – most companies start collecting information they don’t need now because they think they’ll need it later. This creates data breech/data loss. Data must be justifiably needed. Why collect if there's no justifiable reason?
*Need to add a ‘whereas’ clause to include the data to be used in the data sharing agreement and what the data is to be used for, etc. Where is the data going? Who needs it? Why is it being collected?
**********Helpful and necessary but not sufficient to have  a clause in the contract saying they would not share the data because it  would not address whether or not the company misuses the data or collects more than they need for commercial efforts. For example; the free email to schools program (Google) was data mining the emails to advertise to the kids. Google changed their policy to state they would no longer data mine for advertising, but we don’t know if they’re data mining for anything else. A clause in the contract saying they won’t share the data doesn’t fix this problem.**********
*We need to understand the difference between "Research Use" and "Transactional Use"
Transactional Use; child uses an edtech application to learn fractions. The program collects data while the child is using it by assessing the way the child interacts with the material; how long the child takes on one program, what problems they get right and wrong.
Research Use; the transactional data from lots of students are used to determine trends and in the math learning – to find a pattern. Done by data researchers.
*Two large dangers of data collection and how to guard against them:
  1. Data breech: data winds up anywhere because data wasn’t properly stored. Children’s identity theft is growing because kids have no prior records and thieves get clean data. Data must use a data breech identification and there need to be rules and regulations as to what happens if a data breech occurs.
  2. Need data purging rules/regulations: so many data systems we saw had no effective data purge rules. Student data sits there for a long time. If a kid is inappropriately tracked early on, how long does that information stay in their record and effect the child? Is there a statute of limitations for the use/collection of student data? State legislatures can put parameters on storage and uses.
Richard Lane – Director of the Education Division for the NGA Center for Best Practices (NGA Center)

*Need to have laws catch up with data use. 
*Three pillars for data use developed by Data Quality Campaign.
  1. Be clear on the purpose for  the use of the data:
  • Is it for the well-being of students to improve their learning by tailoring an education program to individual students and/or to find out how well a program is working?
  •  Is it to inform parents about how well the student is doing; test results, etc? What are their strengths and weaknesses?
  • Is is to provide accountability at local/state level?
     2.       Provide protections for data and use of data
  •  Need to be sure the data being collected aligns to the priorities of the district and state
  • Need to find the balance between appropriate use and protections
  • Need to train educators to use the data properly
     3.       Insure privacy of data
  •  Data ombudsman/data security officer needed to have a recourse as to how to solve the issue of data misuse.
  •  Need training in best practices
  • Should review the amount of data currently being collected and streamline data already being collected to prevent burdens on local districts for data collection.
*Legislation is important in student privacy protection. Ombudsman would communicate data use legislation to schools/districts/parents. 
*People need to be told about the effort so that people can buy in and use it and be protected.
*Student privacy is as much about implementation as policy. 
*Field educators need training and capacity to use data and protect data.

Lance Nelson - Chief of Staff, OSDE

*Can’t translate data outside the state or to other agencies with a very few exceptions.
*SSN medical/biometric/criminal/juvenile delinquency data not collected 
*FERPA allows for the transfer of student records to other schools. 
*Data is collected for study. Example: data are required to study report card. OSDE enters into an MOU with OU to provide the study and they will collect student level data.
*Use data for federal and state reporting. 
*No student level data is reported. 
*Student level data insures accuracy – makes sure we’re funding the schools at the proper rate. Without student level data it would be extremely hard to provide an A-F report card.
*Behavioral data is only aggregate data reported and sent out.

Nelson then goes on to explain what HB1989 says about what state agencies are to do with data.

*OMES stores data for OSDE but can’t use it for anything because of the OSDE/OMES data sharing agreement.

LEEA MOTE – OMES

*State department is working on metadata dictionary showing all data collections; what it does, why it’s being collected, where, etc.

Leea talked a bit more about how OMES stores data and then closed her portion of the testimony. If you would like to see a copy of her PowerPoint presentation, click here, go to page 5 and click on the interim study number, 15-100. A box will pop up. Click on Student Data Privacy Study presentation.pptx.

LEGISLATORS QUESTION THE PREVIOUS SPEAKERS
(Legislators in attendance included, Representatives, Strohm, Nolan, Coody, Nelson and Rogers)

Representative Chuck Strohm; Data security protocols were developed by?
Mote; Done by SIF. Nationally done.
Strohm; Is there work done to validate the security on the package itself and then another suite of testing done at the state level to make sure the system is secure? Are we doing a secondary test?
Mote; We have a security officer at the OMES. Don’t know his title, or what he does other than he monitors it and the OSDE is to do a risk assessment on their systems which is being done now.
Representative Jason Nelson1989 passed has the board run into situations where the law frustrated something that needed to happened that needs to be considered when we do amendments
David Kinney counsel ODE; I don’t have institutional knowledge but under 1989 board has promulgated policies and rules but don’t know of a specific instance that 1989 has frustrated any situation
Nelson; SLDS grants states received to create a data system, linking students/teachers/programs - what does grant allow to happen and what are we really doing? Should it be done at the state or local level?
Lance; personalized learning takes place where a student’s at and modifies curriculum to that student which is where computer programs are used. Tying student performance with teacher performance is TLE and we’re not there yet – being able to do that.
Nelson; Received SLDS grant in 2012 to link all state level data, is that the same kind of processes that a local district may be using now to personalize child’s education
Lance; linking data is for TLE
Nelson; 1989 required the list of all the data points collected in the wave and the definition for what that data is = metadata dictionary. 
The WAVE document does have that information in 150 pages – but a metadata dictionary isn’t just the WAVE but all data collections including that data out there already.
Can we get a list of all the data collections currently? Including what’s outside the WAVE - all data?
Motes; do have data descriptions though not as detailed as you’d like but you can see them.
Strohm; If there is a data breech and data stolen, do you have a protocol for dealing with that at the state level? Is OMES responsible since they house the data?
Motes; In the past, it wasn’t a data breech (that was the problem), it was something posted that shouldn’t have been. Did work with the agency to notify the students and families if the student was under the age of 18 so we did work in coordination with the OSDE to do that.
Strohm; Whose responsibility is it to manage after effects of data breech – notifying families and students..
Lance; Shared responsibility between OSDE and OMES. Would have to work together. OSDE doesn’t have technical capabilities. OSDE has lead role.
Strohm; What does OMES do with the data when it's purged? What is the contractual limitation on the data for purging with OU/OSU contracts?
Lance; OU/OSU purges data after research done. When a vendor is to do that, the vendor has to provide OSDE in writing that you’ve purged the data.
Strohm; If a project drags on with no end in sight, what is the time frame when the contract has to be re-evaluated? So data doesn’t sit out there where it could be harvested by unscrupulous people.
Kinney; If I understand contracts, there are time tables with deliverables and if the deliverables aren’t met, there are provisions.
Strohm; If we house classified data and we hand this data off to another agency/facility when you’re working with DOD data that facility also has to have a security  in place.
Kinney; If you’re using a computer service to look at data, the person using the data has to comply with the data use agreement.
Strohm; Is there an age of the child or time frame on the OMES data storage
Lance; I don’t know the answer to your question on time frame.
Nelson; Please send the answer to the committee. Need to know the answer. Can we get a copy of what the student data act requires – detailed data security plan and authorized access, etc (from 1989) – from the OSDE/OMES
Representative Jadine Nolan; Are there warnings when the system is trying to be hacked? Who knows this information?
Motes; We monitor potential hackers every day. None have affected OSDE, but there are potentials every day.
Nolan; All state systems – all state agencies?
Motes; We don’t have a number for those that have been breached but we can get from chief security officer and share.
Representative Michael Rogers; Does OSDE  provide policies for what data can be collected?
Lance; Nothing is collected other than required.
Strohm; So districts could have no policy about data being stored on an unsecured computer somewhere – is this possible?
Lance; Hypothetically yes.

Jana Burke - Chief Accountability Officer, Tulsa Public Schools

*Data sharing is so very important, performance driven, reflective…must measure progress and success with evidence, not doing our jobs…

Most of Burke's presentation was in the form of question and answers with the legislators as follows:

Nelson; What level of transparency is there in Tulsa if someone calls to ask what data is being collected?
Burke; Would provide information about their own child – must have FOI to tell what data we share. Very proud of the data we have because it accelerates student learning.
Nelson; Transparency a function of open records law but not pro active…relies on an FOI is there a regular channel/report/package of info developed that explains the kind of data collected?
Burke; I don't know, but accountability office at TPS could generate one immediately. Great idea to do to show parents to keep them from being concerned
Rogers; Does TPS have sites that collect more data than others?
Burke; Collected at a central sight because of (Pearson) PowerSchool and enrollment.
Rogers; Having a diverse district – how have you taken data and increased learning for students
Burke; Achievement scores don’t show the incredible amount of effort and proficiency but using specific student data, important information about teacher and school effectiveness can be unmasked by class and race for example.
Nelson; LDS concern about labeling kids follows kids and creates a bias down the road about the student. How do you guard against that kind of stuff? How much of a concern is that?
Burke; The teacher/administer relationship is effective. Bias comes from our own eyes - that’s the problem. Data is not the issue. Red Tape prevents teachers from having all the information on individual students. I am unaware of a situation in which the teacher found information in a student’s electronic file to create bias.
Strohm; Does TPS purge student data? How and when?
Burke; Outside organizations purge their data and evidence must be provided upon the termination of the contract. I don't know about the purging dates/periods on data current in the system. We need to have longitudinal data. We don’t want to cut off use to data that can help them making decisions.
Strohm; Is that data purged at graduation?
Burke; I don't know.
Strohm; It’s possible that kids coul  be 30 years old and have data still be in the system?
Burke; I don't think so. I'll have to find out that answer.

Tony Hutchison - Associate Vice Chancellor For Strategic Planning and Analysis

*Oklahoma state regents are governed by same laws as OSDE. 
*Very proud of data system – recognized nationally in Strong Foundations…Marion Dilbeck godfather of the system. 
*Top level security, quality of the data and efficiency
*Why do we collect data
  • Compliance with USDept of Ed to get aids and grants
  • Accountability reasons – graduation rates, etc – ethnicity/gender/
  • Predictive analytic – what can we do to improve student performance
*Want to follow privacy standards. 
*Individual level student data doesn’t really help them anyway – the real *Information is in the trends created by aggregating data in order to look at OTAG and other scholarships
*Endgame is always results. 
*The more data we have in terms of increasing the pool we’re looking at the better predictive modeling it can produce.

Strohm; How often do you get a request from a school district?
Hutchison; Used to get one or two a year, getting 2 or 3 a month maybe form the principal or super wondering about remediation issues – trying to figure out why so much remediation is in math.
Strohm; Are you using SSN?
Hutchison; We do use SSN voluntarily – 90% and that’s what lets us link to OESC records. OESC governed by more stringent privacy terms than Higher Ed.


Unfortunately, I missed most of Ryan's testimony. I have asked him for a transcript and if he provides one I will add. Otherwise, please use the link and instructions we have provided to go back and hear his comments.

One of his remarks centered on the fact that public schools are government schools and do we want the government having all that data.

Barmak Nassirian - American Association of State Colleges and Universities

*I'm addressing K12 because these students can’t provide informed consent. *Parental rights are important in this talk.
Privacy vs Security
*Privacy responses tend to be security responses.
*Instead of addressing data availability we need to worry about whether or not the database is really secure. 
*Data security is a very important concern.
*Privacy isn’t about who gets to use the data legally with authorization, it's should anyone have this right? Who should have access to your grades? 
*Just because they’re acting in an official capacity doesn’t mean they need official use of the data. Does a highway patrolmen need your grades to write you a ticket?
*Privacy is very rarely advanced by data disclosures. 
*Data collections and disclosures are appropriate - not just mechanical - but appropriate for each individual situation.
*Parent signatures must be the granting authority.
*With parental consent, everything is possible – the problem comes in when deciding which data is so compelling to get that its done without parent consent. *What information should parents know about in advance? Some information should be collected but which?
*The uses and applications of data must be communicated to parents and policymakers.
*Who has access to data?
*Mission creep is a real problem. Data collected for one purpose should not be used for another purpose without permission.
*We run the risk of cradle to grave system when all the child’s records can be added together to create correlations which don't really mean anything. *Correlations can create causality.
*Record retention again – how long do we keep the records.
*While data collections are increasing and subject to science – computer science – there is no science to back up the ‘science’ of collecting data in order to assist kids in their education.  
*We can’t make legitimate predictions from correlations. 
*Predictions are not actionable because they were based on comparisons, not actual causes.