Bills aim at keeping student data private

LANSING — The apps your kids use at school. The software that helps them improve their reading skills. The consultant who helps analyze test scores.

Chances are they all have access to some information about your child. Now, Michigan lawmakers want to make sure no one can sell that personally identifiable information or use it and students’ online behavior to target them with advertising. It comes in the form of three bills now before legislators in the Michigan House.

It’s a welcome effort to parents like Tammy Luty of Farmington Hills.

“Technology use … is here and it’s staying and it’s the wave of the future,” said Luty, the federal legislative chair for the Michigan PTA, which is urging lawmakers to pass legislation. But “there’s nothing regulating student data privacy.”

Luty testified this fall before the House Education Committee, saying she has become increasingly concerned about the privacy of information about her three children, who are in the third, eighth and 12th grades.

Who owns the data? Who owns the reports her children write? How long will the information be stored and saved? Will this information later be released or shared, and possibly impact them when applying for college or a job? Those are all questions she raised, particularly as many online services used by schools are run by third-party companies.

Many states are starting to address the issue. In 2013, only one state had a law targeting student data privacy. Today, there are 33 states with laws, and many others have bills winding their way through state legislatures, said Rachel Anderson, senior associate for policy and advocacy at the Data Quality Campaign, a Washington-based nonprofit that advocates for the effective use of education data.

At issue is the voluminous amount of information contained in a student’s education record. The record may vary from student to student, but generally includes the student’s name, parents’ names, address, birth date, gender, grade level, race, residency status and a unique identification number. It can also include test scores, disciplinary information, an attendance record, report cards, progress reports and medical information.

Schools have been collecting this information for years, but the potential for abuse is greater as students engage in online learning and parents access attendance information, grades and classroom assignments online. Some programs need personal student information to allow teachers to create classroom assignments, communicate with students and allow students to communicate with each other online.

The absence of federal and state guidelines means it’s left up to school districts to police themselves. And while some have strict guidelines, others have no rules on what teachers or others are looking at and no agreements surrounding the privacy of online student data, Anderson said.

While the federal Family Education Rights and Privacy Act sets some guidelines and the federal Children’s Online Privacy Protection Act protects the privacy of children under 13 when they’re using commercial websites and online services, neither addresses the growing use of technology in schools.

Laws must be modernized to better protect student information, the national PTA said in a recent statement.

Two bills before the Michigan Legislature target third-party companies that work with schools and have access to student data. They wouldn’t be able to sell that information or use it to target advertising at students.

Another bill would bar school districts, the Michigan Department of Education (MDE) and the state Center for Educational Performance and Information (CEPI) from selling student information. The state agencies would have to be transparent about the information they collect, and school districts would be required to provide that information if parents ask.

Officials at both the MDE and CEPI said they already have strict protocols in place to protect student data. CEPI, for instance, outlines online what data it collects and what it does to keep that data private.

“Protecting student privacy and data security has been a CEPI priority ever since it was established in September 2000,” said Kurt Weiss, spokesman for the department. “While we will need to carefully review the bills should they pass, we think we’re well-poised to meet their provisions as currently written.”

Sen. Phil Pavlov, R-St. Clair, the main sponsor of the two Senate bills, said lawmakers are trying to get in front of the issue.

“More and more of our K-12 educational opportunities are being routed through learning portals, online services and at the very front of this conversation is protecting the privacy of the students that are trying to learn in a safe environment,” he said.

The bills are less about fixing existing problems in the state and more about addressing fears and looking ahead, Pavlov said.

A national survey of about 1,000 parents, conducted this spring for the Washington, D.C.-based Future of Privacy Forum, found that most parents say they support the use of their child’s information if it helps improve teaching and learning. But they want some justification for why the information is necessary, according to a September report on the survey.

When asked who they’re comfortable with having access to their child’s records, parents overwhelmingly were OK with principals, teachers, and colleges and universities. But far fewer were comfortable with companies that create educational software, websites and apps having that access.

Pavlov’s bills — Senate Bill 33 and Senate Bill 510 — passed unanimously in the Senate earlier this month. A separate bill — House Bill 4894 — is before the House Education Committee. Its primary sponsor is Rep. Jim Tedder, R-Clarkston.

Meanwhile, an effort is afoot to have companies that work with schools sign a pledge promising to safeguard student privacy. So far, more than 200 companies — including Microsoft and Google — have signed on.

But those pledges can’t replace the presence of strong laws, Luty said. She cited the example of a company that had a privacy policy in place but went bankrupt. When that happened, the records of millions of students from middle school to college ended up with other companies that bought pieces of the bankrupt company.

Anderson said states rushing to enact student data privacy laws shouldn’t treat it as a “check the box and move on” type of issue. “They need to keep revisiting these questions as educational opportunities and technologies change.”

Pavlov is already looking ahead, saying the next step is to look at what data is being collected and why.

“Are we collecting this info to benefit vendors? Are we collecting this info to drive test scores and outcomes? And are we using this information in an appropriate, educational way?”


Posted by Tribune News Services

Leave a Reply