Legislative Hearing on SB 210 and HB 616
Sheila Kaplan, Education New York
Thank you for this opportunity to testify before you today.
I am Sheila Kaplan, an education and information policy expert and
researcher and founder of Education New York.
As the 45 states that have adopted Common Core Standards begin
implementation serious concerns are being raised about the impact on the
privacy of students and their families.
The federal Family Educational Rights Privacy Act, or FERPA, was
enacted in 1974 to protect the privacy of education records.
Schools are a rich source of personal information about children that can
be legally and illegally accessed by third parties. With incidences of
identity theft, database hacking, and sale of personal information rampant,
there is an urgent need to protect students’ rights under FERPA and raise
awareness of aspects of the law that may compromise the privacy of
students and their families.
In 2008 and 2011, amendments to FERPA gave third parties, including
private companies, increased access to student data. It is significant that in
2008, the amendments to FERPA expanded the definitions of “school
officials” who have access to student data to include "contractors,
consultants, volunteers, and other parties to whom an educational agency
or institution has outsourced institutional services or functions it would
otherwise use employees to perform." This change has the effect of
increasing the market for student data.
For example, the amendments gives companies like Google access to
education records and other private student information. Students are
paying the cost to use Google's "free" servers by providing access to their
sensitive data and communications.
The 2011 amendments allow the release of student records for non-academic
purposes and undermine parental consent provisions. The changes also promote the
public use of student IDs that enable access to private educational records.
These amendments are critical to supporting initiatives like Common Core that
depend on collection of student data to monitor implementation and measure
success. Schools across the country will contract with third-party vendors to
provide products, programs, and services in order to meet the Common Core
requirements -- and government agencies and researchers will be mining student
information for studies and databases. The FERPA amendments are paving the
way toward greater accessibility to student data while providing no meaningful
sanctions or protections against breaches of student privacy. As amended, FERPA
will loosen privacy protections while helping to promote the business of education.
How can we stop this invasion of student and family privacy in the name of
The Electronic Privacy Information Center, or EPIC, is one national group that is
sounding the alarm on these changes to FERPA. EPIC filed suit against the U.S.
Department of Education claiming that the Department lacks the statutory
authority to amend FERPA to make student data more available and accessible to
third parties -- effectively changing the privacy law. EPIC vs. Department of
Education is pending in federal district court in Washington, D.C.
In bringing suit EPIC mentions the numerous education organizations as well as
private citizens who submitted comments against the changes during the
Department’s public comment period in 2011. They included the American
Council on Education. ACE stated that: “We believe the proposed regulations
unravel student privacy protections in significant ways that are inconsistent with
The comment by ACE was echoed by other influential groups, including the
American Civil Liberties Union, the Privacy Rights Clearinghouse, the Center on
Law and Information Policy at Fordham University Law School, and the World
Privacy Forum, which stated that “Student and parental records will be scattered to
the winds to remote and untraceable parties, used improperly, maintained with
insufficient security, and become fodder for marketers, hackers, and criminals. The
confidentiality that FERPA promised to students and their families will be lost.”
The American Association of Collegiate Registrars and Admissions Officers also
raised a number of concerns about the changes, charging that “The proposed
regulations have been overwhelmingly influenced by the single-issue lobbying of a
well-financed campaign to promote a data free-for-all in the name of educational
It is important to note the interests of those who submitted comments in favor of the
FERPA amendments. For example, the Software & Information Industry
Association, which represents more than 500 leading high-tech companies, argues
in favor of easier access for vendors to student data. The College Board supported
the amendments because they facilitate “the robust educational research and
evaluation needed to improve opportunities and outcomes for all students along the
P-16 continuum.” This means the College Board would have greater access to
student data to, in their words, “validate our tests, assessments, and educational
programs” -- their primary business.
The Education Information Management Advisory Consortium of the Council of
Chief State School Officers noted that the FERPA changes will “allow us to
facilitate better research and evaluation using our statewide longitudinal data
systems.” And the Western Interstate Commission for Higher Education supported
easier access to student data to develop a multi-state longitudinal data exchange
that incorporates secondary and post-secondary education data and workforce data.
This project is supported by the Gates Foundation.
Note that protecting the privacy of student information is not the primary concern
of those commenting in favor of the amendments.
What lies ahead for student privacy when private companies, government agencies,
and a wide range of researchers have greater access to student data and
information? I mentioned earlier the “business of education.” This phrase was used
by the Council of Chief State School Officers in their comment in support of
FERPA changes. Business is booming and groups like CCSSO are benefiting.
Technology startups aimed at K-12 schools attracted more than $425 million in
venture capital last year.
CCSSO initiated the creation of a $100 million database with funds from the Gates
Foundation to track public school students‘ information and academic records from
kindergarten through high school. This is called the Shared Learning Infrastructure
and it is now being run by an organization called inBloom, specifically created to
operate the system.
The SLI will collect and maintain a range of student data in two “buckets” --
the first will include names, demographic information, discipline history, grade,
test results, attendance, standards mastered--the list goes on. While schools may
already have much of this data, this information is not usually stored in one place.
The second “bucket” will store information about instructional content and
materials that will be linked to student test data in the SLI. Using Learning
Resource Metadata Initiative meta-tags and the Learning Registry indexing
(both aligned with the Common Core State Standards) this bucket will point to
So how will this work? First student data is shared with vendors. Then the vendors
will align their products to Common Core. Internet searches on standards and
instructional materials will point to Common Core-aligned resources developed by
these vendors. Soon, when you search for education on the Internet, the bulk of the
search will be Common Core related.
Clearly this narrows the education enterprise and raises issues of anti-trust and
control of the Internet. And what will be the impact on the privacy of students‘
records? inBloom has stated that it "cannot guarantee the security of the
information stored ... or that the information will not be intercepted when it is
being transmitted." The question is: Should we compromise and endanger student
privacy to support a centralized and profit-driven education reform initiative?
Given this new landscape of an information and data free-for-all, and the
proliferation of data-driven education reform initiatives like Common Core and
huge databases of student information, we’ve arrived at a time when once a child
enters a public school, their parents will never again know who knows what about
their children and about their families. It is now up to individual states to find ways
to grant students additional privacy protections.
I will conclude my remarks today with the words of privacy expert Daniel Solove
who said: “Privacy is rarely lost in one fell swoop. It is usually eroded over time,
little bits dissolving almost imperceptibly until we finally begin to notice how
much is gone.”
Sheila Kaplan is a longtime independent education researcher, publisher, consultant, program developer, and advocate for students' rights.
Ms. Kaplan has brought state and national attention to the issue of children's privacy rights under federal education law and has identified gaps in the system that leave students vulnerable to breaches of their personal privacy. She has consulted with federal officials on making the Federal Education Rights and Privacy Act of 1974 (FERPA) more responsive to the 21st century challenges of protecting students' education records in the electronic information age. Ms. Kaplan's comments submitted in May 2011 to the U.S. Department of Education on the proposed amendments to FERPA focused on the failure of the proposed rules to adhere to the highest standards of practice in protecting students' privacy and confidentiality.
Ms. Kaplan led efforts to introduce a student privacy bill (S.2357) in the New York State Legislature that would impose greater restrictions on access to student information than what is afforded under federal law. The bill passed 62-0 in the NY Senate in 2011 and was advanced by the Senate Education Committee in 2012 but was not taken up by the Assembly.
Given the growing state-level interest in protecting student privacy, Ms. Kaplan has developed a model STUDENT PRIVACY PROTECTION ACT. She also continues to reach out to parents to inform them of their rights under FERPA and what they can do to protect their children. In September 2011 she launched Education New York's National Opt-out Campaign to alert parents to their rights under FERPA to restrict third-party access to their children's information and encourage them to review their school's annual FERPA notification at the beginning of the school year.
To kick off the 2013 OPT-OUT Campaign Ms. Kaplan produced the video, "It's 3 PM: Who's Watching Your Children?"
Ms. Kaplan founded Information Policy Watch in 2008 to warehouse her in-depth research of FERPA and additional emerging information and privacy policies.
Ms. Kaplan founded Education New York Online in 2005 as a one-stop website for state and national education news, research on information policy and children's privacy rights, and issues in education. In 1997 Ms. Kaplan founded Education New York, at the time the only independent education publication in New York.
Ms. Kaplan is a graduate of George Washington University. She holds a master's in social work from Fordham University and a master's in Information Policy and Records Management from the University at Albany.