Senate bill attempts to modify FERPA in era of big data
On the heels of the Education Department’s release of a set of transparency guidelines for student data, two senators introduced legislation Wednesday to protect student privacy and amend the Family Educational Rights and Privacy Act.
Introduced by Sens. Ed Markey, D-Mass., and Orrin Hatch, R-Utah, the Protecting Student Privacy Act of 2014 would amend the 40-year-old FERPA to ensure that student data handled by private companies is protected. In modifying FERPA, the bill would add paragraphs restricting schools spending federal money with any educational agency or institution that has not implemented information security policies and procedures. Khaliah Barnes, the director of the Electronic Privacy Information Center’s Student Privacy Project, said Markey’s bill provides some much-needed privacy protections as well as a respect for the context of how information gathered about student’s online behavior is used. “The bill, while it’s strong, it’s really focusing on education records, which is something narrow under FERPA,” Barnes told FedScoop. “Overall, it’s a very strong bill. Is it an entire FERPA reform? No. But I think this will help to fuel that.” According to a release from Markey’s office, the educational software market, not including college, is worth nearly $8 billion. In recent years, schools have adopted cloud services and technologies that collect data on students in an attempt to individualize instruction. The bill, the release said, tackles changes to FERPA that allowed student data to be shared more broadly in the private sector. These changes, made in 2011 by the Education Department, allowed organizations providing educational software to collect various forms of data and use it to improve their programs. “With the business of storing and sifting through records of students growing as fast as students are, Congress must act to ensure that safeguards are in place for data that is shared with outside companies,” Markey said in the release. “This legislation ensures the parents, not private companies, control personal information about their children and that it won’t be sold as a product on the open market.” In addition to calling for a more strict level of protection of student data, the bill also “requires that all personally identifiable information on an individual student held by any outside party be destroyed when the information is no longer needed for the specified purpose.” That concerns members of the International Educational Data Mining Society, headed by Ryan Baker, a professor at the Teacher’s College at Columbia University. “My concern with this bill is that requiring all personally identifiable information to be destroyed when it is no longer needed for the specific purpose will make it more difficult to assess the long-term educational effectiveness of new curricula,” Baker said in an email to FedScoop. “If a content provider is given a contract to provide a curriculum for one year, that specific purpose will be over at the end of the year and the provider will have to delete all the [personally identifiable information].” Baker’s colleague Taylor Martin is the society’s policy director and a professor at Utah State University. Like Baker, Martin said the risk of losing the value of the educational data may be too large if the portion about data destruction remains in the bill. “I hate the risk of losing all of the value that we can get from things like personalized learning software and other forms of ways of integrating data that we can really provide educational benefit,” Martin said. “[There is] amazing stuff we can do, but it’s going to require some data aggregation and we need to figure out a way to address that.” Martin also said the bill doesn’t necessarily add anything that isn’t already covered by FERPA and although the concern of student privacy is an important one, the bill in its current form may be unnecessary. “We don’t need it,” Martin said. “We have FERPA. It’s already governed.” Instead, Martin said, the need to protect student privacy is definitely an issue, but not one with an immediate, easy answer. “We totally want to protect the students, and there is a new kind of risk that has emerged in the last 10 years, and it does need to be addressed,” he said. “But now, it feels like everyone is doing a little bit of a knee-jerk. We need to slow down and actually bring in some stakeholders who would put due diligence on what policies are even feasible and what kind of policies are governable.”