States Should Move Swiftly to Protect Student Data

Published March 25, 2013

States and schools are signing over private data from millions of students to companies and researchers who hope to glean secrets of the human mind.

Nine states have sent dossiers students — including names, Social Security numbers, hobbies, addresses, test scores, attendance, career goals, and attitudes about school —to a public-private database, according to Reuters. Standardized tests are beginning to incorporate psychological and behavioral assessment. Every state is also building databases to collect and share such information among agencies and companies, and the U.S. Department of Education has recently reinterpreted federal privacy laws so schools and governments don’t have to tell parents their kids’ information has been shared.

Promises of researchers’ and governments’ good intentions are not enough to justify this, especially when spending tax dollars, directing government energy, and invading privacy without parent or even school officials’ knowledge. Anything conducted in this manner should be immediately tabled and publicly examined. Stop. Collaborate. And listen to how parents and taxpayers react, after explaining what’s happening.

Very few U.S. citizens want to move even gradually toward a government like that of China, which keeps dossiers on all citizens’ performance and attitudes. These records influence work, political, and school opportunities. Because “everything they do will be recorded for the rest of their life … the dossier discourages any ‘errant’ behavior,” says Chinese professor Ouyang Huhua.

This is not to say big databases equal communist oppression, but here in the United States we do things differently because we believe in self-rule. When the government we are supposed to control has amassed a thicket of data about how we think and can thus manipulate our actions and opportunities, self-rule ends.

Any researcher or organization wanting to plumb data to potentially help kids learn more, faster, can do so without trampling individual rights. Here’s how.

First, historic practice with student records has been to keep them anonymous when shared outside schools. Researchers and even government accountability gurus don’t need to know Sally Smith failed Algebra 1. Her parents and teacher do. Researchers do not need personally identifiable information such as names, Social Security numbers, and addresses. They just need to know, for example, whether lots of students are failing Algebra 1, and in what context. Schools and states should check these privacy firewalls.

Second, students and their guardians should have full access to their records, with the ability to correct false information. They also should be informed of and able to opt out of all data-sharing involving their records. Schools need parent consent to give children an aspirin. They should get consent to share a student’s psychological evaluations or test performances.

Third, agencies should be required to explain exactly how they will keep the sensitive information in their hands from being hacked or exposed. The more people and organizations with access, and the bigger a treasure trove these databases become, the more likely security breaches will be. Hundreds of thousands of people were put at risk of identity theft in 2012 because of security breaches in government databases, including one affecting three-quarters of South Carolinians. And child identity theft is often not discovered until adulthood, which makes their records even more attractive to thieves.

Because the U.S. Department of Education has unilaterally knocked down federal privacy protections, lawmakers should rebuild that wall. Alabama, Georgia, Oklahoma, and Oregon are a few states considering such legislation. They should act swiftly, and so should others.