Facebook Twitter

Privacy concerns, federal involvement dominate data security discussion

Local control and privacy concerns came head to head during the State Board of Education’s discussion of student data collection and security Thursday.

Board members praised the Colorado Department of Education (CDE)’s data policies but also raised concerns over the level of oversight at the district-level.

“I’m confident about the state level,” said board president Paul Lundeen. But district breaches, he said, were worrying.

But officials said their ability to change district practice was limited by district autonomy.

“Despite what some people think, we’re still a very local control state,” said Commissioner of Education Robert Hammond. He raised the possibility of legislation that would mandate districts to abide by stricter data use and public reporting policies, like one recently adopted in Oklahoma.

That idea received a warm reception from other boardmembers.

“My sense is there’s so much slippage we would benefit from a law like Oklahoma,” said member Debora Scheffel.

Scheffel also sparked a more tense debate over data reporting to the federal government.

Scheffel said she had heard from parents concerned that a 2008 loosening of federal reporting restrictions and the coming PARCC tests would open the door for more access of student level data by the federal government.

“CDE provides no student-level data to the federal government,” asserted Dan Domagala, the department’s chief information officer.

When Scheffel pressed, member Elaine Gantz Berman jumped in.

“You are speaking like you know the facts,” Berman said. “We need the facts.”

But Scheffel continued to press department officials, raising concerns about the safety of data used to do internal analyses, which are often conducted by third part vendors.

“[Vendors] don’t have the right to use data for other purposes” once they have completed their research, clarified Kady Lanoha, who is a senior policy associate for CDE.

Besides, added officials, that data does not have student names attached.

“No one’s going to show up at your door looking for Suzy,” said member Angelika Schroeder, who expressed irritation at privacy concerns related to PARCC.

But student names and parental control over student data remained a concern for Scheffels.

“If a parent wanted to know what was stored in a database, how they go about that?” she asked. “If they wanted to expunge [the record], how would they go about that?”

Officials said much of that was in the hands of districts, as the state did not log parental data and would be unable to make the connection between parent and student.

But Domagala suggested they could clarify the process for parents, adding it to their district guidelines web page and to their parent resources page.

Lundeen also urged state officials to think “down the road and around the corner” about privacy issues. He and other board members raised concerns about teachers’ use of apps and personal devices to support instruction and assess students.

He said the problem would come from “entrepreneurial educators,” who he praised.

“When people are trying to do the right thing, how do we protect them?” said Lundeen.

Lundeen urged department officials to provide clearer guidance to districts and teachers.

“Downloading apps for the benefit of your students may have benefits,” he said. But the guidelines should “at least make them stop and think.”