Student data has the ability to transform education, experts say.
"We can't afford not to use data," says Aimee Guidera, founder and executive director of the Data Quality Campaign. Districts also cannot afford to let their students' data fall into the wrong hands, she says.
[Learn about tech requirements for the Common Core State Standards.]
Safeguarding student privacy and ensuring data security should be a top priority for school officials, experts say, especially when districts contract with outside vendors to store or manage student information.
Almost every school district in the country uses cloud computing – think Google Drive, but on a larger scale – to house information such as grades, attendance records, bus routes and health records. Most districts contract with a third-party vendor to house and manage the data.
Schools' contracts with vendors often do not clearly spell out how the information can and cannot be used, Reidenberg says, referring to the report's findings.
"Districts were by and large surrendering control of student information," he says, noting that few contracts restricted the sale and marketing of student information. "It was real evidence that districts were not maintaining control of their student information when they signed up for cloud services."
School officials often did not know exactly what information was being given to the vendors. Officials also failed to inform parents, in most cases, he says.
To get a handle on how schools are managing student data, parents should ask administrators these four questions.
1. What is being collected and how is it used?
The information collected on students often goes beyond grades and attendance. Many schools record disciplinary actions, such as suspension or expulsion, as well as student health records, including pregnancies and mental illness.
[Discover what teachers want parents to ask at conferences.]
Parents should understand the full spectrum of what is being collected on their teen, as well as how that information is used, Guidera says. If schools aren't using specific data points, parents should ask the school to stop collecting it and take it off their child's record.
2. How is the data stored?
Whether the school houses data on-site or with a third-party vendor can have serious implications for student privacy. Parents should ask where the information is stored, as well as what measures are taken to protect their teen's identity.
3. Who has access to the data?
Access to student data should be restricted to teachers and designated staff within the school or district, but lax vendor contracts might make data accessible to a wider audience. It is important for parents to ask school officials to specify who can view student information and under what circumstances.
"Most districts at this point can't answer those questions because it hasn't been, to be blunt, a priority," Guidera says.
4. When does it expire?
Students are in school for a fixed number of years, but their data can live on in the district's student information system long after they graduate and turn 18. Vendors could also retain student data even after their contract with the district ends, Reidenberg says.
"We found that cloud service agreements failed to provide data security or data deletion," he says, referring to contracts analyzed for the Fordham study. "Only 13 percent required at the end of the contract, data be deleted."
Have something of interest to share? Send your news to us at firstname.lastname@example.org.
Corrected on : Corrected 1/16/14: A previous version of this post mistakenly referenced an older report co-authored by Joel Reidenberg; the post has also been updated to clarify his remarks about third-party vendor contracts.