Lawsuit Against the California Department of Education Raises Concerns About Student Privacy Rights

Summary of Statement from the CDE regarding the Morgan Hill Case:

In April 2012, two organizations, the Morgan Hill Concerned Parents Association and the Concerned Parent Association, filed a lawsuit against the California Department of Education alleging widespread, systemic non-compliance by local educational agencies with the Individuals with Disabilities Education Act (IDEA) and Section 504. The suit also alleges that the CDE fails to monitor, investigate, and correct such non-compliance in accordance with the law. The CDE is denying these allegations and is actively defending the litigation.

As part of the litigation discovery process, the plaintiffs have requested numerous documents as well as student data collected and stored by the CDE. Many of the requested documents and data stored in the CDE databases contain personally identifiable information (PII) of children, including children with disabilities, children who requested an assessment or who were assessed for special education eligibility, and children who are attending or who have attended a California school at any time since January 1, 2008. Although the CDE has contested the production of such information, the court at this juncture has ordered the CDE to produce to plaintiffs’ legal counsel documents and data that contain student PII. Included in the court’s order to produce documents and data is a Protective Order prohibiting the plaintiffs and their legal counsel from disclosing confidential information acquired in the course of the lawsuit, including PII, to anyone other than the parties, their attorneys and consultants, and the court. None of this information may be used outside the context of this lawsuit; no student’s identifying records will be disclosed to the public.

The Family Educational Rights and Privacy Act (FERPA) sets out the requirements for the protection of privacy of parents and students, including privacy of student records. Generally, parents and/or students must provide written consent before an educational agency may disclose PII. However, there are exceptions to this general rule. Specifically, an educational agency must provide PII when ordered by a court, which the CDE has been ordered to do in this litigation. The CDE is obligated to inform the parent or student that the court has ordered it to produce documents and/or data that includes those individuals’ PII and that such persons may object directly to the court regarding this disclosure. To that end, and to comply with FERPA, the CDE is requesting LEAs and SELPAs post the following link to CDE’s Web site,http://www.cde.ca.gov/morganhillcase, from February 1, 2016, through April 1, 2016. The link provides the Notice and Objection Form required by FERPA.

The Plaintiff’s are alleging that they have attempted to work with CDE to receive information with “pseudo” names. According to the organizations face book page, the firm is not seeking social security numbers, they are asking only for: “the data that school districts gave to the state.”

The Court Order:

Parents Opt Out Form

Student Privacy Concerns Have Grown Since The Adoption of Common Core.

Common Core Implementation- Shared Learning Infrastructure

In 2012, the Bill and Melinda Gates Foundation set up an $87 million dollar grant to fund the Shared Learning Infrastructure; which was intended to help School Districts and State Educational Agencies provide teachers, parents, and students with access to instructional and assessment tools that integrate information about the student with resources and programs to meet the individual students’ needs. However, to accomplish that end, Personally Identifiable Information from individual student educational records were to be collected and the Foundation tried to accomplish that without any parental notification or consent which caused an up-roar among parents with students in pilot test areas.

Student Personally Identifiable Information Is Suppose To Be Protected.

FERPA

The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a federal law passed in 1974 that bars the disclosure of personally identifiable data in student records to third parties without parental consent.

PPRA

The Protection of Pupil Rights Amendment (PPRA) (20 U.S.C. § 1232h; 34 CFR Part 98) was enacted in 1978, and applies to student surveys, instructional materials or evaluations funded by the federal government that deal with highly sensitive issues.

COPPA

The Children’s Online Privacy Protection Act (COPPA) was enacted by Congress in 1998, to allow parents to have control over what information is collected online from children under the age of 13. The law applies to any operators of websites, online services including web-based testing, programs or “apps” that collect, use, or disclose children’s personal information, whether at home or at school.

Parent Concerns Over State and Federal Data Mining - a Bit of History

Bill & Melinda Gates Shared Learning Infrastructure Pilot Program:

The original launch of the Shared Learning Infrastructure Pilot Program included SLI partnerships with nine states (LA CO NC MA IL KY DE GA and NY).

Concerned about student privacy rights; Leonie Haimson of Class Size Matters (a NY based non-profit education advocacy organization) requested a copy of the contract between the New York State Education Department and the Bill and Melinda Gates Foundation.

Release of the contract in 2012 confirmed that parental consent to share a students personally identifiable data with the Bill and Melinda Gates Foundation was not required. The contract also revealed that the Gates Foundation had written the contract to shield itself from all liability, if the project was found to violate FERPA laws in the event of a data breach.

According to the contract:

“In the course of accessing and using the SLI Service and participating in the SLI Pilot, participating School Districts and State Educational Agencies may disclose, consistent with 444(b)(1)(A) of FERPA, Personally Identifiable information from student education records for students enrolled in the participating School District to the SLI.”

Citing 444(b)(1)(A) of FERPA, the contract stated that parental consent under FERBA was not required for the SLI Pilot program.

”(A) other school officials, including teachers within the educational institution or local educational agency, who have been determined by such agency or institution to have legitimate educational interests, including the educational interests of the child for whom consent would otherwise be required.”

The Creation of inBloom:

According to Parent Coalition for Student Privacy:

On February 6, 2013 SLC launched in Bloom Inc, the corporate spin off of the SLC. inBloom Inc. was a $100 million dollar company created and funded by the Gates Foundation and Carnegie Foundation to build a massive cloud-based student data system for the purpose of collecting confidential and personally identifiable student and teacher data from school districts and states throughout the country. This information included student names, addresses, grades, test scores, economic, race, special education status, disciplinary status and more. The data was to be stored on a data cloud run by Amazon.com, with an operating system by Wireless/Amplify, a subsidiary of Rupert Murdoch’s News Corporation. InBloom Inc. planned to share this highly sensitive information with software companies and other for-profit vendors.

InBloom planned to commercialize the data, with the agreement of states and districts, by offering the data to for profit companies without parental notification or consent.

New York City Parents successfully shut down inBloom in April 2014. InBloom called it quits with the CEO citing New York “misunderstandings”.See: WSJ, Education Week, Newsday, Washington Post AnswerSheet, NYTimes blog, Schoolbook/WNYC,Times Union, and Chalkbeat.

The entire timeline can be viewed at the following link: http://www.studentprivacymatters.org/inbloom-timeline/

The inBloom controversy kicked off a national debate on student privacy rights that has not been settled. to date.

The US Department of Education intends to create a new student data base to house the personally identifiable information of 12,000 students, 500 teachers and 104 principals from 104 unidentified schools in 12 school districts across the country.

The Department of Education is accepting public comments about its data-collection plan until February 18, 2016.