October 28, 2013

My Experience With Protecting My Children's Privacy in Cheshire

A few weeks ago a postcard showed up at our house. It was an advertisement for a private high school and was addressed directly to my 7th grader.­ It raised a red flag since I’ve worked hard to protect my children’s names from advertisers; the only place these advertisers could have gotten his name and address was from our town’s school system, a parks and rec thing he participates in, or the state of Connecticut, which has this information as a result of his taking the CMT last year.

Soon after, I became peripherally aware of Common Core, and when that 7th grader came home after school one day with a couple of his friends, and they were talking about “the triumph math test” they had taken that day, my ears perked up. A few questions later had me realizing that Triumph is the name of the company that my town is using to assess the kids throughout the year as they go along.

So in light of what I had read about the privacy issues surrounding Common Core, I found my way to the login page of Triumph Learning™  and found the link for “privacy”, where it says 
“You can request that your children’s personal information not be used by Triumph Learning or its affiliates and vendors acting on behalf of Triumph Learning, by making a request in writing. Please be aware that if you make such a request, your children can no longer continue to be enrolled in Triumph Online™ or utilize Triumph Online™. Therefore, a request by you for Triumph Learning, its affiliates, and vendors acting on behalf of Triumph Learning to no longer use your children’s personal information will terminate your children’s participation in and their use of Triumph Online.”
Not letting my kids use their online service at all? Sounded great to me; I shot off the email, and had planned to email his teachers and principal the next day. But what happened next was so surprising. Instead of an acknowledgement I got this:
We’ve received your email request to remove your children from the Triumph Online system. I’ve been in contact with the Cheshire Curriculum Office this request and they will be contacting you in the next 48 hours. 
To say that I was not happy that my personal request was forwarded to a third party, even though that third party was the school, would be an understatement.

After several emails back and forth with this woman at Triumph, eventually what happened is that I had a meeting with a Curriculum Coordinator of the Board of Ed in Cheshire. She was open and forthright and respectful.

I left her with the post cards as she said she would try to find out how they could have come to us.

Then we discussed my concerns with Triumph Learning; given the changes to the FERPA law I do not want personal information being entered into a for-profit corporation’s database. Especially since Triumph Learning’s privacy page makes it clear that they reserve the right to share all that personal information with their “affiliates, and vendors”. In the end she assured me that although there are spots where detailed information about each student can be shared, my town does not utilize that, but I was within my rights to request that my sons’ testing be done on paper. I agreed to let it stay with the online testing under her assurances that there was no identifiable information being shared there.

I also mentioned my concerns with the Smarter Balanced Consortium, which is the Common Core testing that will replace CMT and CAPT in Connecticut, rolling out this year. (During the last BOE meeting in my town it was mentioned that “Twenty percent of students in Connecticut will participate, but we don’t know if our students will or not”.) She mentioned that the tests are mandated and therefore required and I can’t opt out. I replied that the town is only required to report on 95% of the kids and my son could be one of the 5% not reported on.

Then she mentioned that my son would have to be pulled out of class for the nine weeks of testing, to which I replied that I have no problem keeping him home, since I had homeschooled him for six years and could certainly find more constructive ways to utilize that time than with testing.

Conversation then moved from trying to convince me that I didn’t have a choice, to addressing my issues with FERPA and data sharing. I had brought along a paper entitled “The Revised FERPA Regulations and Increased Access to Personally Identifiable Information” that had been written by Kent Talbert for the National Association of College And University Attorneys. I did not leave it with her, or read straight from it, but did bring up the points that disturbed me:

The new regulations allow authorities to more easily share and re-disclose data from student education records for purposes of audits, evaluations, and studies. In so doing, the amended rules also reduce certain privacy protections in the name of effective use of data and increased accountability and transparency.

 “Authorized representative” is a new, defined term and represents a departure from the Department’s prior interpretation of FERPA. Under the new definition, an authorized representative is any entity or individual designated by [the government] to conduct… any audit or evaluation, or any compliance or enforcement activity in connection with federal legal requirements that relate to such programs.

Under the revised regulations, the Department could designate a much wider range of individuals or entities to be its authorized representatives. For example, it could designate a trade union to receive personally identifiable information to evaluate the effectiveness of a university in preparing students for the workplace …

“Directory information” is redefined and includes a new limitation placed upon a parent or eligible student’s ability to opt-out of directory information... This new provision thus further limits a parent’s authority under the act “to inform the institution or agency that any or all of the information designated (as directory information) should not be released without the parent’s prior consent.

“Education program” is another new, defined term and encompasses any program that is principally engaged in the provision of education... the potential range of education programs from which data may be shared for purposes of audits, evaluations, or compliance activities is quite broad—ranging from early childhood programs to job training. [This would include Google, for example, since in letting schools use Google Docs (for “free”) Google is now considered an education program”.]

Further, in the preamble, the Department takes the position that “education programs” are broad enough to include not only traditional academic programs, but also cyber-security, substance abuse, and violence prevention programs and the like, when administered by an educational agency or institution.

The amended regulations permit [the government] to make further disclosures of personally identifiable information on behalf of the educational agency... from which it received the information even if the agency... objects. To illustrate, a [school] could disclose personally identifiable information without consent to a state educational agency for purposes of an evaluation of a federal education dropout prevention program. The state educational agency may then re-disclose the personally identifiable information “on behalf of” the [school] to a local educational agency for an unrelated evaluation, even if the [school] objects...

These are the things that I tried to discuss with my BOE rep, but it was too much for her to grasp. Once she understood that the FERPA laws are the basis for my concerns though, she shared that the Cheshire Board of Ed has asked our town lawyer to review the changes to the FERPA law so that our schools can stay compliant with it, and said that she would share a copy of that review with me.

Honestly I’m not convinced that it’s going to tell us much in terms of how kids’ data can be shared beyond the school once the school releases it, but it should explain how much more information can be shared now, and without parental consent. And it will hopefully present a stronger case when I then connect the dots to present to the BOE rep regarding where my child’s information can end up once the school system releases it, and help her understand why my child will not be participating in the Smarter Balanced testing.

The schools need to understand that the law has changed so that more information can be collected on our kids without parental consent, and that once the schools release that information to the state, they completely lose control over who else it can be shared with. And it can be shared with a lot of corporations! (Google, et al.)

Our meeting ended with me agreeing not to opt-out of the Smarter Balanced testing until I see the report from the lawyer.

No comments:

Post a Comment

Comments are very welcome, but are moderated. Please keep in mind that this blog is specifically for dissemination of information that is free from political affiliation bias and uneducated fear mongering. Comments containing either will not be approved.

Additionally, although you may know me from Facebook, and I am not shy about who I am, because I do share personal experiences here I ask that you respect the privacy of my children by refraining from using my real name. Comments that use my real name will unfortunately not be published.