Bill protecting privacy rights of NY students passes Assembly committee

June 14, 2013 By Mary Frost Brooklyn Daily Eagle

b_PS8_crossing_gd2_MFrost_9-6-12.jpg

Share this:

Reacting to parents’ outrage that the state and city Departments of Education have already shared confidential data about their kids with private corporations, a bill was approved by the NYS Assembly Education Committee on Thursday allowing parents to “opt out” of sharing their child’s personal information.

Bill A7872, introduced by Queens Assembly Member Cathy Nolan allows parents of students and kids 15 years of age or older to request that personally identifiable student information not be disclosed by schools to “certain third parties,” unless required to do so by court order or for safety or certain other reasons. The bill would also allow families to protect their children’s “biometric” records, such as finger prints or retina patterns.

In April, at a tense town hall at Brooklyn Borough Hall organized by Leonie Haimson, executive director of educational nonprofit Class Size Matters, parents called the Department of Education’s move to share confidential data about their kids with private corporations “outrageous” and “contemptible.”

Parents were particularly upset when they learned that the city had already handed their children’s personal information over to inBloom Inc., a Gates-funded corporation, which will facilitate sharing students’ information with for-profit vendors to help them market “learning products.”

The student data being shared include names, addresses, emails, photos, grades, test scores, learning styles, disciplinary, health and attendance records, the results of academic and psychological tests, race and ethnicity, economic and disability status and more.

Students’ information is being stored on an Amazon cloud built by Wireless/Amplify, owned by Rupert Murdoch’s News Corporation, a company facing litigation for violating the privacy of individuals in Great Britain and in the United States.

“The bill is not perfect because we would like parents to have the right to consent before their children’s sensitive data is shared and this bill instead provides the right to opt out,” Haimson told the Brooklyn Eagle on Friday. “But it would be a huge step forward nonetheless to grant parents the right to opt their children’s data from being shared, as SED [State Education Department] completely refuses to do right now.”

With only one more week in the legislative session, she urged parents to contact their state Senators to ask them to introduce and co-sponsor the same bill in the Senate.

DOE spokesperson Marge Feinberg told the Brooklyn Eagle in April that the new system, called the Education Data Portal will abide by the Family Educational Rights and Privacy Act (FERPA). “Consistent with FERPA, the New York City Department of Education will continue to set the privacy and security policies that govern how that data are protected, including who has access to it and for what purposes.

“If commercial vendors are hired to develop applications that use the inBloom data system, in order to access student data their contracts will continue to require FERPA compliance,” Feinberg said.

On May 6, Schools Chancellor Dennis Walcott defended the plan, telling a town hall audience in Bensonhurst, “We will maintain student privacy. We are very strict around that. We will never, ever pierce student privacy.”

A spokesperson for inBloom Inc. told the Brooklyn Eagle on May 6 that the company would not be the entity sharing student data, but would simply be helping school districts manage student data and that the districts, not inBloom Inc., would decide if that information is to be shared with outsiders. “”Districts who use inBloom in conjunction with commercial applications and services may choose to disclose certain student information to those third-party providers to power the learning applications they implement in their classrooms,” said inBloom’s Alyse Aanestad.

Data experts say information stored on a “cloud” will likely – if not inevitably — be hacked. In April, LivingSocial, the deals site owned in part by Amazon, suffered a massive cyber attack on its computer systems affecting 50 million customers. Other companies like Twitter, Apple, Facebook and Dropbox have all recently been hacked, exposing users’ personal information.

Department of Education’s deputy chief academic officer Adina Lopatin said at the Borough Hall town hall that the state would bear responsibility when “the inevitable” data breach takes place.

The inBloom privacy statement says the project “cannot guarantee the security of the information stored.” The inBloom project also does not take responsibility for any damage that could occur if the child’s personal information is illegally viewed.