Children's Educational Records and Privacy

A Study of Elementary and Secondary School State Reporting Systems

Following the No Child Left Behind mandate to improve school quality, there has been a growing trend among state departments of education to establish statewide longitudinal databases of personally identifiable information for all K-12 children within a state in order to track progress and change over time. This trend is accompanied by a movement to create uniform data collection systems so that each state’s student data systems are interoperable. This study examines the privacy concerns implicated by these trends.

The study reports on the results of a survey of all fifty states and finds that state educational databases across the country ignore key privacy protections for the nation's K-12 children. The study finds that the state departments of education store large amounts of personally identifiable data and sensitive personal information about children in electronic warehouses or for the states by third party vendors. These data warehouses typically lack adequate privacy protections, such as clear access and use restrictions and data retention policies, are often not compliant with the Family Educational Rights and Privacy Act, and leave K-12 children unprotected from data misuse, improper data release, and data breaches. The study provides recommendations for best practices and legislative reform to address these privacy problems.

Executive Summary

Among state departments of education there has been a growing trend to establish statewide longitudinal databases of all K-12 children within a state in order to track students’ progress and change over time. This trend is accompanied by a movement to create uniform data collection systems so that each state’s student data systems are interoperable with one another. These two trends raised privacy concerns that we examine in this study. First, we were concerned with the way states were ensuring the privacy of their K-12 students. Specifically, our goal was to investigate what type of data was being collected and whether children were protected legally and technically from data misuse, improper data release, and data breaches. Second, we were concerned with the ease with which individual interoperable state data systems could potentially be combined to create a national database of all K-12 children.

We reviewed publicly available information from all 50 states and found that privacy protections for the longitudinal databases were lacking in the majority of states. We found that most states collected information in excess of what is needed for the reporting requirements of the No Child Left Behind Act and what appeared needed to evaluate overall school progress. The majority of longitudinal databases that we examined held detailed information about each child in what appeared to be non-anonymous student records. Typically, the information collected included directory, demographic, disciplinary, academic, health, and family information. Some striking examples are that at least 32% of the states warehouse children’s social security numbers, at least 22% of the states record children’s pregnancies, at least 46% of the states track mental health, illness, and jail sentences as part of the children’s educational records, and almost all states with known programs collect family wealth indicators.

We found that, given the detailed and sensitive nature of the information collected, the databases generally had weak privacy protections. Often the flow of information from the local educational agency to the state department of education was not in compliance with the privacy requirements of the Family Educational Rights and Privacy Act. One state, New Jersey, even diverts special education medicaid funding to pay for an out-of-state contractor to warehouse data, including medical test results. Many states do not have clear access and use rules regarding the longitudinal database and over 80% of the states apparently fail to have data retention policies and are thus likely to hold student information indefinitely. Several states, like Montana, outsource the data warehouse without any protections for privacy in the vendor contract.

From our review, we were able to formulate several critical recommendations that we believe will increase the privacy, transparency, and accountability of these longitudinal databases:

1. Data at the state level should be anonymized through the use of dual database architectures;
2. Third party processors of educational records should have comprehensive agreements that explicitly address privacy obligations;
3. The collection of information by the state should be minimized and specifically tied to an articulated audit or evaluation purpose;
4. Clear data retention policies should be instituted and made mandatory;
5. Access and permissible use policies should be well articulated and specific in nature;
6. Audit logs of access to and use of the state databases should be maintained as a guard against unauthorized data processing;
7. Information about the database, its security, and its use should be readily available and verifiable.
8. States should have a Chief Privacy Officer in the department of education who assures that privacy protections are implemented for any educational record database and who publicly reports privacy impact assessments for database programs, proposals, and vendor contracts.

Other Coverage

• Read the Press Release
• Washington Post coverage
• Download a memo from the Washington State Attorney General.
• Education Week coverage
• Inventory of State Statutes Incorporating CLIP Recommendations (as of September 29, 2014)

Our research team included:

• Joel R. Reidenberg, Professor of Law and Founding Academic Director of CLIP
• Jamela Debelak, Esq., Executive Director of CLIP

Student Project Fellows (Research and Drafting):

• Adam Gross
• Lee Mayberry
• Judith Simms
• Elizabeth Woodard

Student Project Fellows (Research):

• Camilla Abder
• Luke Bagley
• Lisa Cooms
• Ezra Kover

CLIP Files Comments with the Department of Education

On May 23, 2011, CLIP filed public comments on the Department of Education’s proposal to amend the Family Educational Rights and Privacy Act (“FERPA”) regulations. The Department’s rule-making proceeding sought to relax restrictions on the sharing of educational records in state-held databases of student information. CLIP’s comments were highly critical of the Department’s approach, showing that many of the proposals contradicted FERPA and explicit statutory protections for student privacy. CLIP’s comments drew on the results of the study “Children’s Educational Records and Privacy: A Study of Elementary and Secondary School State Reporting Systems” that CLIP released in October 2009 and that found privacy protections for existing state databases of children’s educational records was lacking.