Update 3/10/16: Utah’s legislative session has passed, but HB 358, the student privacy bill, has not been funded. And so we are stuck, at least for another year, without proper protections for our children. (If you don’t know why that’s bad, begin by reading a recent article in the Atlanta Journal Constitution, by Jane Robbins, on why Georgia is considering a student privacy bill):
Robbins explains, “…parents have heard glowing claims that ‘digital’ or ‘personalized’ learning will transform education, but they may not understand exactly what this means…[I]nteractive programs, marketed by private ventors, frequently use sophisticated software that collects massive amounts of highly personal information about the student’s behaviors, mindsets and attitudes”. She mentions the fact that the U.S. Department of Education is gung-ho on slurping up that personal, psychological information about beliefs and attitudes, as evidenced in its own published draft reports. (Must-reads!) Robbins makes the real point when she writes, “The issue here goes far beyond data security. It is whether the government and private companies have any right to collect this highly sensitive data in the first place.”
Not passing/funding the Utah HB 358 privacy bill, while passing and funding HB 277, the digital education bill, was crazy. It was the worst mistake of this entire legislative year.
Does the legislature not know that data is the new gold rush, and that education vendors are behaving as if this is the old wild west, without solid laws to govern student data sharing and partnering and selling? Does the legislature not know that to the federal government, also, data is the new gold rush as well, and that our own Congressman Jason Chaffetz held recent hearings against the Department of Education for its data insecure practices– and gave the Dept. an “F”?
Think of it this way: legislators just barely bought the children and teachers of Utah the trendiest, shiniest $15 million vehicle (HB 277) while saying, “We are unable –or unwilling — to pay for seat belts and air bags” –though the safety features would have cost a tiny, tiny fraction (one-sixteenth) of what the vehicle cost.
Where are their brains?
That digital vehicle, HB277 is worthless, at least to this mom, without the seat belts for the kids. I, for one, will not allow my own children to get into that wild, glittering ride.
HB 358 is here. It is no small miracle.
If it does not pass (and get funded) tomorrow, the Utah legislature is silently informing us that privacy protections for children’s data do not really matter, and that citizens should not have rights to personal ownership over their personal data.
Even though HB 358 is scheduled for a hearing today at the Capitol: Tuesday, March 8th, at 5:00 p.m., the bill is in trouble because the executive appropriations committee did not fund it. That’s almost the same thing as killing the bill. (The appropriations committee needs to hear from MANY of us, as fast as possible. See below for contact information.)
I have been head-bangingly furious about the lack of proper privacy protections for my children since 2012, when I found out that there was such a thing as a State Longitudinal Database System (SLDS)– here and in every other state–and when I then asked to opt out of SLDS tracking, I just received the State School Board’s official “no” letter.
In America, land of the free! In Utah, land of family-friendly liberty. Here, I was told that I was not allowed to opt my child out of SLDS, so that being tagged, tracked, and longitudinally stalked, from day one in school until my child was a working adult and beyond, was a mandate.
I also found out that:
1- Although it starts with the word “State,” the SLDS is federally paid-for and is aligned to federal data standards and is federally interoperable;
2. Those who house Utah’s SLDS have zero legislative oversight. Incredibly, when SLDS began in 2009, there was zero vote-taking; SLDS came because of a grant application filled out by a clerk at the state office of education simply asking for a federal SLDS grant, and then it was implemented without voter approval. Yet SLDS is 100% applied to all school children, non-consensually.
4. FERPA (federal privacy law) was altered in 2009 by the Department of Education to become almost meaningless. Despite a huge law suit, FERPA stayed in its altered, privacy-harming state. So: in-state or beyond, proper privacy protections do not exist. (For more on that, see the recent hearings of Rep. Jason Chaffetz against the U.S. Dept. of Education)
5. SLDS interfaces with many other state agencies in the Utah Data Alliance, so there is no guarantee that a student’s private data, collected by a school, won’t end up in the data silo of another agency totally unrelated to education. SLDS has the ability, if state policy allows, to also interface with federal agencies’ data, other states’ and even other nations’ data collections.
This situation has literally kept me up at night, many nights, including tonight.
Along with countless other moms and dads, lawyers, think tanks, and legislators, I’ve done a lot of research and writing and speaking and pleading on this subject. See some of what I learned and shared in the past four years, here or here or here or here or here or here or here or here.
I tell you all this in case you are new to this issue so that you’ll understand how INCREDIBLY important passing HB 358 is.
House Bill 358 ought to be treated as one of the very most, if not the most, important bill at the Capitol this year. But the legislature is saying that there isn’t enough money to pass the privacy bill, which has an implementation price tag of $800,000. Oddly, the legislature has agreed to fund the FIFTEEN MILLION DOLLAR technology grant program, HB 277, but that technology bill is meaningless without privacy protections for students’ data.
Is the “no funding for HB 358” decision truly a budgeting pinch decision, or is it a matter of the legislators not caring enough about the rights of students to have privacy?
Here are a few of the lines in the bill that I really appreciate:
Line 463 says: “A student owns the student’s personally identifiable student data”.
Lines 494-503 say that schools have to give disclosure statements to parents, promising not to share certain types of data with out a data authorization.
Lines 775-792 prohibit psychiatric or psychological tests or analysis without prior written consent of parents, and specifically protect data collection about sexual orientation and behavior, mental problems, religious beliefs, self-incriminating behavior, appraisals of individuals with whom the student has a close family relationship; income, etc, and that written consent is required in all grades, kindergarten through 12th.
The bill designates three different types of data that schools may collect: necessary, optional, and prohibited.
Even though the “necessary” list seems too long, at least it limits data collection. It will collect data “required by state statute or federal law to conduct the regular activities of an education entity” such as name, date of birth, sex, parent contact information, student i.d., test results or exceptions from taking tests, transcript information, immunization record or exception from an immunization record, drop out data, race, etc.
Line 346-351 The “optional” list includes IEP information, biometric information, and information that is required for a student to participate in federal data gathering programs.
Lines 356 – 376 The bill also defines “personally identifiable student data” as data that cannot be legally disaggregated (identified by a particular student) (See lines 224-227 for disaggregation language):
356 (i) a student’s first and last name;
357 (ii) the name of a student’s family member;
358 (iii) a student’s or a student’s family’s home or physical address;
359 (iv) a student’s email address or online contact information;
360 (v) a student’s telephone number;
361 (vi) a student’s social security number;
362 (vii) a student’s biometric identifier;
363 (viii) a student’s health or disability data;
364 (ix) a student’s education entity student identification number;
365 (x) a student’s social media login or alias;
366 (xi) a student’s persistent identifier, if the identifier is associated with personally
367 identifiable student data, including:
368 (A) a customer number held in a cookie; or
369 (B) a processor serial number;
370 (xii) a combination of a student’s last name or photograph with other information that
371 together permits a person to contact the student online;
372 (xiii) information about a student or a student’s family that a person collects online and
373 combines with other personally identifiable student data to identify the student; and
374 (xiv) other information that, alone or in combination, is linked or linkable to a specific
375 student that would allow a reasonable person in the school community, who does not have
376 first-hand knowledge of the student, to identify the student with reasonable certainty.
We need to protect our kids! This bill NEEDS to pass!
If you’ve ever read 1984 and remember Big Brother; if good old-fashioned history books have taught you that tyranny has been far more dominant than liberty throughout world history (with the exception of a freedom experienced in the U.S. under the Constitution for a few 200+ years) –or if you’ve been paying attention to the recent struggle between big-data and individual rights– then you know: allowing any person or government –unfettered– to track individuals without their consent, for virtually the duration of their entire lives, is a very bad idea.
We need as many emails and phone calls or texts as we can muster before 5:00 p.m. tomorrow, Tuesday, March 8, to the following representatives, and especially to Speaker of the House Greg Hughes and President Niederhauser:
Representative (Speaker) Hughes firstname.lastname@example.org
Senator (President) Niederhauser email@example.com
Senator Sanpei firstname.lastname@example.org
Senator Hillyard email@example.com
Senator Dunnigan firstname.lastname@example.org
Senator Adams email@example.com
Representative Gibson firstname.lastname@example.org
Senator Okerlund email@example.com
Here they are, ready to cut and paste into your email: firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com