A primary concern of Common Core opponents is the collection of private student information in a imagesstatewide longitudinal database and the sharing of the data between local, state, and federal governments as well as with hired contractors of these agencies.  To allay concerns expressed by many Ohioans over this unprecedented access to student performance and demographic data, Representative Andrew Brenner introduced and the Ohio House passed HB 181, the Student Data Accountability Act.  After a review of the bill, however, it is clear that the “Accountability” in the title has nothing to do with safeguarding student privacy.  In fact, the bill is more of an accounting of the various entities that now have access to personally identifiable student information.

HB 181 repeatedly demands compliance with the Federal Educational Rights and Privacy Act of 1974 (FERPA) as amended, but the amendments made to FERPA in 2011 by the Obama administration have rendered the Act meaningless.  As originally written, FERPA required parental consent prior to the release of private student information.  As amended,  FERPA allows local school districts to release private student data to third parties without parental consent in order to conduct evaluations and audits of education programs to measure the effectiveness of Common Core.

HB 181’s sponsors claim the bill guards student data by requiring school board approval before personally identifiable student information can be released to third parties, but school districts are coming under increasing pressure from the federal government to release private student data as a stipulation for receiving federal education grants and once data is in the hands of the federal government, inevitably it will be shared with contractors and other federal agencies.

If there is any doubt about the Obama administration’s commitment to student level data sharing, just take note of Education Secretary Arne Duncan’s June 8, 2009 speech to the Fourth Annual Institute of Education Sciences Research Conference in which he said,

“Hopefully, some day, we can track children from preschool to high school and from high school to college and college to career. We must track high growth children in classrooms to their great teachers and great teachers to their schools of education.”

Beyond the reliance on FERPA, HB 181 has other flaws.  It is riddled with caveats and exceptions which further allow for the release of data to third parties.  Three such instances relate to student data maintained by the state and are as follows:

(1) Unless otherwise approved by the state board of education, student data maintained by the department shall remain confidential.

(2) Unless otherwise approved by the state board, the department shall use only aggregate data when compiling public reports and in response to research, data, or records requests.

(3) Unless otherwise approved by the state board and to the extent it does not conflict with all relevant state and federal privacy laws and policies…the department shall not release personally identifiable information or student data to any federal, state, or local agency or other organization, except that release under any of the following circumstances is permitted…” (Emphasis added.)

Paragraph 3 goes on to list exceptions which include out-of-state contractors for purposes of state level reporting and federal agencies performing compliance reviews.

After the 2011 FERPA amendments, it is hard to believe that student privacy could be weakened any further, but HB 181 does just that in the paragraphs cited above.  The State Board of Education is given complete discretion over the release of student data in its care, entirely bypassing parental rights.  HB 181 places a great deal of power in the hands of a board most Ohioans know very little about and which has 8 of its 19 members appointed by the governor.

The extent of the student level data held by the state should not be underestimated.  Ohio tracks individual student performance results on the state achievement tests, and under the American Restoration and Reinvestment Act, all school districts in states that received stimulus funds must provide the state with comprehensive personally identifiable information on every student and teacher in the district.

HB 181 is also intended to alleviate concerns with private student data going to multi-state assessment consortia.  One such consortium, the Partnership for Assessment of Readiness for College and Careers (PARCC), has been chosen to administer the Common Core statewide achievement tests in Ohio.  HB 181 prohibits the transfer of student names and addresses to testing consortia without parental consent, but as the PARCC tests will take place on line and some sort of unique student identifier will have to be used to distinguish student tests, one wonders how student confidentiality will be maintained and test performance kept private on the PARCC system.

Keeping private student data off the PARCC system is of utmost importance to those serious about student privacy because in its agreement with the federal government, PARCC has committed to provide the U.S. Department of Education and its contractors “timely and complete access to any and all data collected at the state level.”

While the evaluation of education programs may appear on its face to be a worthy reason to share private student data, it raises many concerns.  Is student level data necessary to measure the effectiveness of an education program?  Can’t effectiveness be determined at the aggregate level?  And, once data is released to a third party, the school district loses all control of it.  Agreements can be signed requiring the safeguarding of the data by the third party, but in the end, it’s all scout’s honor.  Once a breach occurs, there is very little that can be done to limit the damage.

That a breach will occur at some point is anticipated in the bill.  HB 181 requires the state department of education to develop a detailed security plan that includes “breach planning, notification, and procedures.”  It also requires contracts with outside vendors which receive private student data to include “provisions that safeguard privacy and security and penalties for noncompliance.”

Data sharing with Common Core goes beyond performance measurement and compliance.  There is a profit making component as well.  Software firms are itching to get their hands on private student data in order to create products that can be marketed to school districts, education departments, and other educational entities to further analyze student performance and identify best teaching practices.

Transferring private student data to a third party to turn a profit is a source of much uneasiness.  As such, HB 181 does prohibit the transfer of private student data “for use in a profit-making plan or activity.”  But, once the data has left the school district or the state and its in the hands of the federal government or some other third party, how is the local school district and the state going to protect it from there?  The state of Ohio can forbid third parties such as the federal government from transferring data to a profit making entity, but in practice, such a requirement is impossible to enforce.

So the question is, “What does HB 181 accomplish in terms of guarding student privacy?”  Given the many caveats and exceptions in the bill and given that FERPA has been rendered inert, the answer is, “Nothing.”

HB 181 is simply meant to pacify the multitude of Ohioans who have contacted their State Reps about their concerns over the data collection and sharing with Common Core.  In fact, a reading of the bill reminds one of a famous line in Shakespeare’s Macbeth:images-1

“It is a tale…full of sound and fury, signifying nothing.” (Macbeth, Act 5, Scene 5) 

If HB 181’s sponsors were serious about safeguarding student data, the bill would demand that no private student information is released without a particularized authorization from the parent or guardian.  There is no party more motivated to look after the best interest of a child than the parent, and yet, parents have been entirely removed from the equation.

The truth is Ohio’s education bureaucracy ceded control of student privacy when it signed on to Common Core and accepted $400 million in federal Race to the Top grant money to implement it.  The only way to regain control of student privacy is to rid Ohio of Common Core through an act of the General Assembly.

That will take a General Assembly willing to do what’s right for the children of Ohio and one which refuses to abide by the poor decision-making of the Strickland and Kasich administrations which put Ohio down the path to federal control of education.

Full text of HB 181 can be found here.