Testimony before The New York State Assembly Committee on Education Regarding the Disclosure of Student Information

February 28, 2014

Thank you to the committee for giving the New York Civil Liberties Union the opportunity to provide written testimony on the disclosure of personally identifiable student information. The NYCLU is a non-partisan, not-for profit organization with approximately 50,000 supporters across the state. The NYCLU is dedicated to defending the civil rights and civil liberties of all New Yorkers.

The recent controversy over the New York State Education Department’s partnership with inBloom has prompted legislators and the public to ask important questions about how New York collects, uses, and shares personal information about students: What information does the state collect about students? Why does the state need to collect certain data elements? Who can access that information? What security protocols exist to ensure that personal information does not fall into the hands of marketing companies or bad actors?

The legislature can only begin answer these questions by examining data collection across the entire education system. The NYCLU asks the members of this committee not to limit the focus of this work to the state’s relationship with one organization. We urge lawmakers, and this committee in particular, instead to consider comprehensive reforms that promote privacy, security, and transparency for all student data collection systems.

Decentralized data collection and storage presents security issues

Evaluating student data collection should begin with local districts. Each of New York’s 728 school districts has rules and practices regarding the collection, sharing and storing of student information, and these practices are not consistent throughout the state. These practices can include things as complex as contracted cloud storage or as simple as teachers casually emailing student records without encryption or other basic security measures. Local districts may maintain their own data systems, or they may contract with vendors that store student data in off-site datacenters, using cloud services to process and provide access to the data. Data maintained this way can include everything from special education records, to cafeteria accounting, to students’ home addresses and social security numbers.

A recent study of public school cloud computing around the country found that “95% of districts rely on cloud services for a diverse range of functions including data mining related to student performance […] data hosting, as well as special services such as cafeteria payments and transportation planning.” The study also found that many of the districts surveyed inadequately controlled how cloud service providers used students’ information. For example, only 33% of districts’ agreements with cloud service providers “gave districts the right to audit and inspect the vendor’s practices with respect to the transferred data.” The study referenced here only included two districts from New York, so more information is needed to understand how districts in this state use cloud services. Nonetheless, the pervasiveness of the problems uncovered in the study indicates that state officials should act quickly to determine if New York’s schools are part of this troubling national pattern.

While inBloom has caused many New Yorkers to raise questions of security and necessity regarding student data collection, decentralized locally maintained data systems should raise these same questions.

Existing centralized student data systems raise many privacy questions

In addition to the multiplicity of decentralized local student data systems, the New York school system also has more than one centralized system that collect, analyze, and share information about students. The number of systems and their complexity makes it difficult for the public to even understand what information the state collects and how the state uses that information.

Schools collect and upload a wide variety of data about individual students to the Student Information Repository System (SIRS). This system, known as a P-12 database, tracks students throughout their entire career in the school system. It contains information that goes beyond students’ grades. For example, one element indicates whether a student is homeless; another, whether a student is an immigrant. There may be good reasons for including data elements such as these, but information about homelessness and immigrant status is also particularly sensitive information. Currently the Education Department is expanding this system to add the capacity to track students after they leave high school. The goal of the expanded database is to evaluate how well schools prepare students for success as college students and career professionals.

The SIRS is not the only statewide data collection system. The Education Department also collects data on incidents of school violence and bias-based harassment through the School Safety and the Educational Climate (“SSEC”) reporting process. This database was created recently to capture information from two previously separate datasets mandated under state law – the Violent and Disruptive Incident Reporting (“VADIR”) law and the Dignity for All Students Act (“DASA”). VADIR requires schools to submit data on twenty incident categories ranging on a scale from the most serious, homicide, to other subjective “disruptive incidents.” VADIR is an enormous, confusing and inconsistent dataset, and is currently used only to determine whether a school should be qualified as “dangerous” according to the No Child Left Behind Act. DASA requires schools to report some of the same incidents as well—those that are considered “material incidents of harassment”—using a separate but not dissimilar worksheet from VADIR. It is unclear how the DASA reports will be used. There is, however, serious concern that schools will fear complying with multiple reporting requirements because of the negative consequences associated with reporting too many incidents to VADIR. Quality control is a serious issue with both these databases.

The legislature has added and modified school reporting requirements many times. Now, it should step in to unify and clarify those requirements, narrow the universe of acceptable data maintenance systems, and set controls and standards to protect student information.

Collecting and aggregating data has real benefits

Student data collection systems do not have to be dangerous to students’ privacy or other interests. The data that schools collect can provide important, even critical, information. Teachers track academic and behavioral progress through grades and daily marks that help guide lesson planning and added assistance in the classroom. Schools track attendance and enrollment data to efficiently allocate their limited resources. When the Education Department collects and aggregates large data sets from districts around the state, parents can compare schools’ performance and administrators can plan new programs or reform policies.

Advocates and policymakers rely on aggregated data from the Education Department to uncover practices that harm New York’s students. For example, the New York City Department of Education reports the number of student suspensions that occur bi-annually. Since 2011, advocates have been able to use these data to show that too many New York City students experience school discipline that removes them from the classroom. Furthermore, black students and students with disabilities are the hardest hit by the suspension policies. Continued reporting on these data will allow advocates to track how changes in DOE policies affect these high suspension rates. As a state, we should consider carefully how to maximize transparency of aggregate data that presents no privacy threat in order to inform education policy debates.

The NYCLU supports oversight of student data systems and engagement between the state government and the public

As technology and the needs of public officials, parents, students, and the general public evolve, it will be critical for the government and the public to continually scrutinize how the state collects and uses student data.

Because of the high-stakes benefits and risks of student data systems, it is essential that decisions about data collection and storage are made deliberately and consistently. These systems have been built piecemeal for years, and the result is not only vulnerability for our students’ information but a maze of reporting and collection requirements that fail to inspire or reward compliance. We urge the committee to address these questions carefully, and to encourage the Education Department to do the same.

The NYCLU asks the members of this committee to support legislation or Education Department policy that promotes thorough and ongoing reviews of student data collection at every level of the state’s education system. Balancing the benefits of student data collection with adequate privacy and security will be an ongoing challenge, but the NYCLU believes that the adoption of the following recommendations will move the state in the right direction.

First, the Education Department should begin conducting regular audits of student data systems at state, district, and local levels. Any contracts with private organizations that involve cloud services should be reviewed for compliance with federal and state privacy laws as well as privacy best practices in the technology industry.

Second, the Education Department should engage the public in the question of student data collection. The Education Department should publish the results of any audits undertaken. The department should also develop a comprehensive data catalogue that identifies the data elements that the state collects about students and their family members, where each of those data elements goes, and what reasons justify the state collecting and sharing each element. And the Education Department and local districts should use these resources to seek public input into the management of student data systems.

Finally, the Education Department should appoint a single chief privacy officer to coordinate privacy audits and public engagement with student data systems. A chief privacy officer would develop best practice standards for student data systems at every level of the state’s education system. The officer would also provide the public with a single point of contact for questions and comments about data collection practices and serve as a liaison between the executive, the legislature, and the community. The chief privacy officer would develop extensive expertise about protecting the personal information that schools collect.

Conclusion

NYCLU welcomes the benefits that new developments in education technology offer to New York’s students, parents, and advocates. However as the state deploys new databases, new analytical tools, and new software applications, it is crucial that the state also protects the privacy and security of students’ information. It is equally important that the state involves the public in evaluating student data systems. In collecting, analyzing, and sharing so much information about students and their families, New York’s education system is asking for New Yorkers’ trust. Enhancing oversight and transparency, as we suggest, will help the state’s school system build that trust. We look forward to working with this committee on this issue in the future.