State Data Systems: Privacy and Security Issues Should Trump the Need for Data

Introduction

Colleges and universities may soon be providing student data for an extensive interconnected system of state databases (i.e. a national student database).

This may come as a surprise to institutions, especially after there was some thought that a national student database system was prohibited in the Higher Education Opportunity Act of 2008 (HEA reauthorization bill).

The Higher Education Opportunity Act had a provision that on the surface may have appeared to take care of the problems with student data systems.  Specifically, the bill generally prohibited a federal student database where personally identifiable student data could be tracked over long periods of time.

Unfortunately, this prohibition was a charade.  The bill still expressly allowed states to maintain state databases and, even worse, for states to coordinate data systems between the states, thereby creating a national (not federal) system.

Some states already have been tracking students and matching their education data with other in-state data such as unemployment insurance data.  This type of extensive data matching system will now occur across state lines.

Higher Education Opportunity Act Language

SEC. 113. DATABASE OF STUDENT INFORMATION PROHIBITED.

Part C of title I (20 U.S.C. 1015) is further amended by adding after section 133 (as added by section 112 of this Act) the following:

`SEC. 134. DATABASE OF STUDENT INFORMATION PROHIBITED.

`(a) Prohibition- Except as described in subsection (b), nothing in this Act shall be construed to authorize the development, implementation, or maintenance of a Federal database of personally identifiable information on individuals receiving assistance under this Act, attending institutions receiving assistance under this Act, or otherwise involved in any studies or other collections of data under this Act, including a student unit record system, an education bar code system, or any other system that tracks individual students over time.

`(b) Exception- The provisions of subsection (a) shall not apply to a system (or a successor system) that–

`(1) is necessary for the operation of programs authorized by title II, IV, or VII; and
`(2) was in use by the Secretary, directly or through a contractor, as of the day before the date of enactment of the Higher Education Opportunity Act.

`(c) State Databases- Nothing in this Act shall prohibit a State or a consortium of States from developing, implementing, or maintaining State-developed databases that track individuals over time, including student unit record systems that contain information related to enrollment, attendance, graduation and retention rates, student financial assistance, and graduate employment outcomes.’.

This article explores the policy and legal implications of these databases.  It argues that the privacy and security problems with state database systems and a national database outweigh any benefit derived from additional data.

Congress and State Data Systems

As discussed in this National Journal dialogue and Inside Higher Ed article on state data systems, Congress is considering a new plan to reform student financial aid that would, in part, encourage the development of state data systems.  According to the National Journal:

Under the Senate’s proposal, states seeking to compete for funds through the program would have to create data systems that include all public postsecondary institutions within their borders. These systems would collect information on all students, including their secondary school record, financial status, entry and exit from colleges, job placement, and postsecondary earnings, among other information.

This push for state data systems, including interconnected systems, has significant momentum.

Some Context: Comparing the Real ID Act with State Data Systems

The public is far more familiar with the federal requirements imposed on states under the Real ID Act than with state education data systems.  The Real ID Act requires states to develop more sophisticated ID cards (including driver’s licenses).  The purpose of these requirements is to help improve national security.

Despite this important goal, there rightfully has been intense opposition to these requirements.  Many states have decided they will not comply with this law because it is a costly, unfunded mandate.
There’s little doubt that the primary reason the Real ID Act is facing such strong resistance is due to these costly, unfunded mandates imposed on states.  While a state education data system could be very costly, it probably wouldn’t be as costly as the requirements of the Real ID Act.  Congress also is probably going to fund these systems.  The costs imposed on states likely would meet little opposition from states because most of them want to build these data systems anyway.
The Real ID Act system, like state education data systems, also interconnects state databases.  States would be able to access data from other state databases and create a national ID system.

The privacy problems with the high profile Real ID Act likely would not be enough to block its implementation.   As a result, it is unlikely the privacy problems for the lesser known state education data systems will be enough to block their development.

However, there is one distinction that never seems to get mentioned.  The Real ID Act at least has the compelling goal of national security to balance against the privacy concerns.  State education data systems have the goal of enabling researchers to have more education data.  As much as researchers believe this is a compelling goal, it pales in comparison to national security.

It is difficult to see how anyone could oppose the Real ID Act on privacy grounds while supporting state data systems.  The privacy argument is much stronger when it comes to state data systems than with the Real ID Act, but unless the privacy concerns are raised by a wider range of interests, it won’t be enough to stop the momentum that exists for these databases.

Doesn’t FERPA Make These Databases Illegal?

No.  The Family Educational Rights and Privacy Act (FERPA) certainly places some limitations on the disclosure of student personally identifiable information, but it is unlikely that it prohibits the development of a national education data system.

In fact, Congress has been making it clear that it wants a national database that track students over time.  New statutory language supporting these data systems generally would take precedent over any limitations that FERPA may have placed on these systems. (new language trumps the old).

Don’t We Need Better Data?

To make informed decisions, having more data, on its face, should be beneficial.  Although, more data doesn’t necessarily mean better data.  There’s no question though that some of the data can help provide better assessments of the success or failure of certain programs.

Good Data v. Better Data

The question isn’t whether there should be good data or nothing.  The question is whether “better” data is worth the privacy problems when good data already exists.  There are already plenty of good data resources available for researchers and this data will only improve, even without tracking individuals from school to work (and beyond).  For example, excellent research is already derived through the use of sample populations, as opposed to using personal data on each individual.

There’s No Magical Policy Machine: Don’t Overstate the Data

Data may help to make policy decisions, but there are many factors that go into making good decisions.  If this wasn’t true, we could input data into a computer and let it make policy decisions for us.

Assume that a program isn’t helping to achieve its goal of higher graduation rates.  The policy solution may be to scrap the program.  The solution also could be to reform the program because the failure may have been caused through the implementation of the program.  It is possible the graduation rates would have been worse if not for the program.  The point: The data systems will provide helpful raw data, but there’s significant analysis that still must be conducted.

There also something called politics.  Policy analysts can have great data and often that will make no difference in the legislative arena.  Sometimes there are political considerations.  Sometimes there are legitimate ideological and philosophical considerations.

Even the statistics that would be derived from these state data systems could tell different stories depending on the researcher.  Some of these different “stories” are legitimate.  Often, the differences are a result of cherry-picking   As Mark Twain wrote, “There are three kinds of lies: lies, damned lies and statistics.”

Where’s the Data to Support State Data Systems?

The United States is about to create massive databases that will have major privacy implications.  Before we do this, where’s the objective evidence, the data, that suggests state data systems and a national system are so beneficial for education policy.

There’s a lot of conjecture, but there’s nothing to establish that states with large data systems have better education systems than other states.  Is there any evidence that having individual level data has led to beneficial results that never would have been possible without the individual data?

Privacy Issues

There’s an attempt to create a cradle to the grave system where all states can access your data.  States will track all of your movement and everything you do.  The data matching won’t be limited to how you did on the SAT but also on things such as whether you are unemployed.  There’s no logical stopping point as to what data would be compiled into one central database.

To believe the federal or state governments wouldn’t try and access the data for other purposes is not being realistic.  This treasure trove of personal information would be a goldmine for law enforcement, tax collectors, and plenty of other interests.

When it comes to personal information, sound practices to protect privacy have been carefully crafted and implemented for nearly three decades.  Institutions should know them well because FERPA captures these sound principles.

The Federal Trade Commission (FTC) lists the five core principles of privacy protection:

1) Notice/Awareness

“Consumers should be given notice of an entity’s information practices before any personal information is collected from them.”  With state data systems, notice is unlikely to exist.  Students won’t even know how the data will be used or who will be able to use the data.

(2) Choice/Consent

“At its simplest, choice means giving consumers options as to how any personal information collected from them may be used.”  Students likely won’t have any control over whether the information is disclosed, such as through opting-out or opting-in.  If students could opt-out, this would address some privacy concerns, but such a system is unlikely.

(3) Access/Participation

“It refers to an individual’s ability both to access data about him or herself — i.e., to view the data in an entity’s files — and to contest that data’s accuracy and completeness.”  Students are unlikely to be able to access their own records or challenge the accuracy of such data.  Imagine the government possessing a massive personal profile of you and the information being wrong.

(4) Integrity/Security

“The fourth widely accepted principle is that data be accurate and secure.”  The government hopefully would already take steps to secure data, but as will be discussed below, there still is significant risk of major security problems.

(5) Enforcement/Redress.

“It is generally agreed that the core principles of privacy protection can only be effective if there is a mechanism in place to enforce them.”  Will there be a private cause of action for students or some way for students to be able to seek redress?  It is unlikely with these state data systems.

Security Issues

Sometimes security issues are combined with the privacy issues.  However, privacy generally refers to the control of information by students or consumers, including when that information may be disclosed.  Security, on the other hand, deals with the protections in place to ensure that unauthorized parties do not gain access to student information.

The very idea of massive databases with sensitive personally identifiable information in one central location is chilling.  The issue is not if there will be a security breach but when there will be a security breach.

As diligent as governments may be to protect data, there always are lapses.  Once the information is stolen, it may be too late to put the genie back in the bottle.

A 2006 House Committee on Oversight and Government Reform report found that all the federal agencies it studied over a three year period had breaches.  “The report finds that every agency has experienced at least one such breach ["loss or compromise of personal information"] and that the agencies do not always know what information has been lost or how many individuals could be affected.”

Just a few weeks ago, the U.S. government suffered the largest release of personally identifiable information ever.  The breach was related to not properly erasing data on a hard drive that had sensitive health and discharge information on veterans.  The National Archives and Records Administration (NARA) is investigating the matter.

“This is the single largest release of personally identifiable information by the government ever,” Bellomy [NARA IT Manager] told Wired.com. “When the USDA did the same thing, they provided credit monitoring for all their employees. We leaked 70 million records, and no one has heard a word of it.”

These are just some examples of the many regular breaches of data that occur every year.  Now imagine breaches that include a compilation of personal data that would be unrivaled by any known government database.  The problems with identity theft could be astronomical in scope.

Conclusion

There’s a rush to move forward with a national data system without properly considering the privacy and security issues.  Before even considering these databases, those that seek to create these systems should bear the burden of showing why they are so necessary that the privacy of citizens is worth sacrificing.

_______

Daren Bakst, J.D., LL.M. is the President of the Council on Law in Higher Education